Report: Android malware up 614% as smartphone scams go industrial

iOS users look smug, but with reason this time

Protecting against web application threats using SSL

While the mobile industry is still deciding if there's a market for two, three, or four smartphone operating systems, mobile malware writers have picked their target and are flocking to Android, according to the latest annual security report data from Juniper Networks.

The company's Mobile Threat Center has analyzed nearly two million mobile applications over the last year and seen the number of dodgy Android apps rise from 38,689 in Q1 2011 to 276,259 a year later.

Part of this 614 per cent rise comes from the cratering state of Symbian, BlackBerry, and Windows Phone sales, but the shift to Android comes mainly from the operating system's prevalence and Apple's tight control of iOS apps.

"Apple does a really good job with checking apps," Michael Callahan, vice president of global security at Juniper told The Register. "Google does a good job with the Play store as well, but there are hundreds of third-party Android apps stores. They're enticing because you think 'I can get this app for free' and they don’t realize it's malware."

Apple users will typically only go to the official store for apps, he said, although there is an increased risk for iPhone users who have decided to jailbreak their handsets. But the further geographically you get from the US, the more Android users are going to look to local stores for their applications.

Unfortunately, some of these stores are hosting malware. China leads the pack with 173 storefronts allowing dodgy code; Russia is a close second at 132 hosts, and the US third with 76 dangerous sites. But there's a strong language bias towards English – if you're after apps in German or Dutch, the number of infected app stores drops to 16 and 13 respectively on world markets.

Easy money

The most typical form of malware seeks to send SMS messages to premium rate lines, yielding an average of $10 per infection, the report states. But that can add up to a pretty chunk of change, and because the laws governing premium-line repayments are so outdated it's easy money, Callahan said – the culprit is long gone with the cash before the carrier realizes it has been scammed.

There's also a focus on mobile banking as a lucrative target. Mobile malware like ZeuS-in-the-Mobile is proving ever-more popular and third-party mobile wallet systems aren't immune to cracking, with near-field communications opening up a new attack window, Juniper warns.

The report also spotted increasingly successful botnet software for smartphones. In December 2012, the Tascudap Trojan began spreading on handsets, setting up regular pings to command and control servers at a domain registered as gzqtmtsnidcdwxoborizslk.com. Once a device is infected, the C&C system can upload attack code as needed and investigate any enterprise network the handset is connected to.

"It's the very early stages of starting to do reconnaissance from a mobile device to understand the vulnerabilities of a network," Callahan said. "This is the same movie that played on the desktop. With an open-access Trojan they get to see what the privileges are, they escalate through, and ultimately can steal whatever they want to steal."

Annual trends in mobile malware

Deck the phones with sprigs of malware

The report's data also shows a surprising sophistication in the mobile malware market release schedule. Malware activity plateaus in the summer months, but then rises sharply over the Christmas period to coincide with the busiest season for smartphone purchases.

"During those months people are getting new devices and they're all excited – they're on the hunt for apps," Callahan explained. "We see that malware developers know they have a customer that's going to be looking, so they put a lot of product out there. Between November and February there's a lot of malware out there for people who are going to be looking for new applications."

Firm data on the malware writers themselves is difficult to come by, but Callahan said it was "not that big a jump" to assume that the traditional players in the PC malware industry were simply applying their methods to the mobile market. There are some new players in the mobile field, however, that hadn't been seen before.

The update problem

Android's pivotal problem is the fractured nature of its market, Callahan said. The Gingerbread 2.3 Android build is still the most used mobile OS and it lacks crucial protections.

Over three quarters of the current malware out there could be blocked if handsets were running the latest Android build, the survey found. Even if hardware restrictions make running the higher levels of the OS impossible, then some sort of basic security patch should be possible for older operating systems, he suggested.

Android's fragmentation was a point Tim Cook was keen to make earlier this month at WWDC. Cook claimed iOS 6 was the world's most popular mobile OS, since 93 per net of Apple users were updated, and he twisted the knife with some pointed stats on Apple developer's revenue per app as well.

El Reg hasn't heard from Google on the report's findings, but Callahan said the Chocolate Factory is better than some at fixing problems on the latest builds as they come up. Distributing those fixes to older systems looks to be an issue that Google will have to address. ®

Reducing the cost and complexity of web vulnerability management

More from The Register

next story
Spies would need SUPER POWERS to tap undersea cables
Why mess with armoured 10kV cables when land-based, and legal, snoop tools are easier?
Early result from Scots indyref vote? NAW, Jimmy - it's a SCAM
Anyone claiming to know before tomorrow is telling porkies
TOR users become FBI's No.1 hacking target after legal power grab
Be afeared, me hearties, these scoundrels be spying our signals
Jihadi terrorists DIDN'T encrypt their comms 'cos of Snowden leaks
Intel bods' analysis concludes 'no significant change' after whistle was blown
Home Depot: 56 million bank cards pwned by malware in our tills
That's about 50 per cent bigger than the Target tills mega-hack
Hackers pop Brazil newspaper to root home routers
Step One: try default passwords. Step Two: Repeat Step One until success
NORKS ban Wi-Fi and satellite internet at embassies
Crackdown on tardy diplomatic sysadmins providing accidental unfiltered internet access
UK.gov lobs another fistful of change at SME infosec nightmares
Senior Lib Dem in 'trying to be relevant' shocker. It's only taxpayers' money, after all
Critical Adobe Reader and Acrobat patches FINALLY make it out
Eight vulns healed, including XSS and DoS paths
prev story


Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.
WIN a very cool portable ZX Spectrum
Win a one-off portable Spectrum built by legendary hardware hacker Ben Heck
Intelligent flash storage arrays
Tegile Intelligent Storage Arrays with IntelliFlash helps IT boost storage utilization and effciency while delivering unmatched storage savings and performance.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Beginner's guide to SSL certificates
De-mystify the technology involved and give you the information you need to make the best decision when considering your online security options.