Feeds

Report: Android malware up 614% as smartphone scams go industrial

iOS users look smug, but with reason this time

3 Big data security analytics techniques

While the mobile industry is still deciding if there's a market for two, three, or four smartphone operating systems, mobile malware writers have picked their target and are flocking to Android, according to the latest annual security report data from Juniper Networks.

The company's Mobile Threat Center has analyzed nearly two million mobile applications over the last year and seen the number of dodgy Android apps rise from 38,689 in Q1 2011 to 276,259 a year later.

Part of this 614 per cent rise comes from the cratering state of Symbian, BlackBerry, and Windows Phone sales, but the shift to Android comes mainly from the operating system's prevalence and Apple's tight control of iOS apps.

"Apple does a really good job with checking apps," Michael Callahan, vice president of global security at Juniper told The Register. "Google does a good job with the Play store as well, but there are hundreds of third-party Android apps stores. They're enticing because you think 'I can get this app for free' and they don’t realize it's malware."

Apple users will typically only go to the official store for apps, he said, although there is an increased risk for iPhone users who have decided to jailbreak their handsets. But the further geographically you get from the US, the more Android users are going to look to local stores for their applications.

Unfortunately, some of these stores are hosting malware. China leads the pack with 173 storefronts allowing dodgy code; Russia is a close second at 132 hosts, and the US third with 76 dangerous sites. But there's a strong language bias towards English – if you're after apps in German or Dutch, the number of infected app stores drops to 16 and 13 respectively on world markets.

Easy money

The most typical form of malware seeks to send SMS messages to premium rate lines, yielding an average of $10 per infection, the report states. But that can add up to a pretty chunk of change, and because the laws governing premium-line repayments are so outdated it's easy money, Callahan said – the culprit is long gone with the cash before the carrier realizes it has been scammed.

There's also a focus on mobile banking as a lucrative target. Mobile malware like ZeuS-in-the-Mobile is proving ever-more popular and third-party mobile wallet systems aren't immune to cracking, with near-field communications opening up a new attack window, Juniper warns.

The report also spotted increasingly successful botnet software for smartphones. In December 2012, the Tascudap Trojan began spreading on handsets, setting up regular pings to command and control servers at a domain registered as gzqtmtsnidcdwxoborizslk.com. Once a device is infected, the C&C system can upload attack code as needed and investigate any enterprise network the handset is connected to.

"It's the very early stages of starting to do reconnaissance from a mobile device to understand the vulnerabilities of a network," Callahan said. "This is the same movie that played on the desktop. With an open-access Trojan they get to see what the privileges are, they escalate through, and ultimately can steal whatever they want to steal."

Annual trends in mobile malware

Deck the phones with sprigs of malware

The report's data also shows a surprising sophistication in the mobile malware market release schedule. Malware activity plateaus in the summer months, but then rises sharply over the Christmas period to coincide with the busiest season for smartphone purchases.

"During those months people are getting new devices and they're all excited – they're on the hunt for apps," Callahan explained. "We see that malware developers know they have a customer that's going to be looking, so they put a lot of product out there. Between November and February there's a lot of malware out there for people who are going to be looking for new applications."

Firm data on the malware writers themselves is difficult to come by, but Callahan said it was "not that big a jump" to assume that the traditional players in the PC malware industry were simply applying their methods to the mobile market. There are some new players in the mobile field, however, that hadn't been seen before.

The update problem

Android's pivotal problem is the fractured nature of its market, Callahan said. The Gingerbread 2.3 Android build is still the most used mobile OS and it lacks crucial protections.

Over three quarters of the current malware out there could be blocked if handsets were running the latest Android build, the survey found. Even if hardware restrictions make running the higher levels of the OS impossible, then some sort of basic security patch should be possible for older operating systems, he suggested.

Android's fragmentation was a point Tim Cook was keen to make earlier this month at WWDC. Cook claimed iOS 6 was the world's most popular mobile OS, since 93 per net of Apple users were updated, and he twisted the knife with some pointed stats on Apple developer's revenue per app as well.

El Reg hasn't heard from Google on the report's findings, but Callahan said the Chocolate Factory is better than some at fixing problems on the latest builds as they come up. Distributing those fixes to older systems looks to be an issue that Google will have to address. ®

3 Big data security analytics techniques

More from The Register

next story
Obama allows NSA to exploit 0-days: report
If the spooks say they need it, they get it
Samsung Galaxy S5 fingerprint scanner hacked in just 4 DAYS
Sammy's newbie cooked slower than iPhone, also costs more to build
Putin tells Snowden: Russia conducts no US-style mass surveillance
Gov't is too broke for that, Russian prez says
Snowden-inspired crypto-email service Lavaboom launches
German service pays tribute to Lavabit
Mounties always get their man: Heartbleed 'hacker', 19, CUFFED
Canadian teen accused of raiding tax computers using OpenSSL bug
One year on: diplomatic fail as Chinese APT gangs get back to work
Mandiant says past 12 months shows Beijing won't call off its hackers
Call of Duty 'fragged using OpenSSL's Heartbleed exploit'
So it begins ... or maybe not, says one analyst
Arts and crafts store Michaels says 3 million credit cards exposed in breach
Meanwhile, Target investigators prepare for long process in nabbing hackers
prev story

Whitepapers

Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Top three mobile application threats
Learn about three of the top mobile application security threats facing businesses today and recommendations on how to mitigate the risk.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.