Report: Android malware up 614% as smartphone scams go industrial

iOS users look smug, but with reason this time

Beginner's guide to SSL certificates

While the mobile industry is still deciding if there's a market for two, three, or four smartphone operating systems, mobile malware writers have picked their target and are flocking to Android, according to the latest annual security report data from Juniper Networks.

The company's Mobile Threat Center has analyzed nearly two million mobile applications over the last year and seen the number of dodgy Android apps rise from 38,689 in Q1 2011 to 276,259 a year later.

Part of this 614 per cent rise comes from the cratering state of Symbian, BlackBerry, and Windows Phone sales, but the shift to Android comes mainly from the operating system's prevalence and Apple's tight control of iOS apps.

"Apple does a really good job with checking apps," Michael Callahan, vice president of global security at Juniper told The Register. "Google does a good job with the Play store as well, but there are hundreds of third-party Android apps stores. They're enticing because you think 'I can get this app for free' and they don’t realize it's malware."

Apple users will typically only go to the official store for apps, he said, although there is an increased risk for iPhone users who have decided to jailbreak their handsets. But the further geographically you get from the US, the more Android users are going to look to local stores for their applications.

Unfortunately, some of these stores are hosting malware. China leads the pack with 173 storefronts allowing dodgy code; Russia is a close second at 132 hosts, and the US third with 76 dangerous sites. But there's a strong language bias towards English – if you're after apps in German or Dutch, the number of infected app stores drops to 16 and 13 respectively on world markets.

Easy money

The most typical form of malware seeks to send SMS messages to premium rate lines, yielding an average of $10 per infection, the report states. But that can add up to a pretty chunk of change, and because the laws governing premium-line repayments are so outdated it's easy money, Callahan said – the culprit is long gone with the cash before the carrier realizes it has been scammed.

There's also a focus on mobile banking as a lucrative target. Mobile malware like ZeuS-in-the-Mobile is proving ever-more popular and third-party mobile wallet systems aren't immune to cracking, with near-field communications opening up a new attack window, Juniper warns.

The report also spotted increasingly successful botnet software for smartphones. In December 2012, the Tascudap Trojan began spreading on handsets, setting up regular pings to command and control servers at a domain registered as gzqtmtsnidcdwxoborizslk.com. Once a device is infected, the C&C system can upload attack code as needed and investigate any enterprise network the handset is connected to.

"It's the very early stages of starting to do reconnaissance from a mobile device to understand the vulnerabilities of a network," Callahan said. "This is the same movie that played on the desktop. With an open-access Trojan they get to see what the privileges are, they escalate through, and ultimately can steal whatever they want to steal."

Annual trends in mobile malware

Deck the phones with sprigs of malware

The report's data also shows a surprising sophistication in the mobile malware market release schedule. Malware activity plateaus in the summer months, but then rises sharply over the Christmas period to coincide with the busiest season for smartphone purchases.

"During those months people are getting new devices and they're all excited – they're on the hunt for apps," Callahan explained. "We see that malware developers know they have a customer that's going to be looking, so they put a lot of product out there. Between November and February there's a lot of malware out there for people who are going to be looking for new applications."

Firm data on the malware writers themselves is difficult to come by, but Callahan said it was "not that big a jump" to assume that the traditional players in the PC malware industry were simply applying their methods to the mobile market. There are some new players in the mobile field, however, that hadn't been seen before.

The update problem

Android's pivotal problem is the fractured nature of its market, Callahan said. The Gingerbread 2.3 Android build is still the most used mobile OS and it lacks crucial protections.

Over three quarters of the current malware out there could be blocked if handsets were running the latest Android build, the survey found. Even if hardware restrictions make running the higher levels of the OS impossible, then some sort of basic security patch should be possible for older operating systems, he suggested.

Android's fragmentation was a point Tim Cook was keen to make earlier this month at WWDC. Cook claimed iOS 6 was the world's most popular mobile OS, since 93 per net of Apple users were updated, and he twisted the knife with some pointed stats on Apple developer's revenue per app as well.

El Reg hasn't heard from Google on the report's findings, but Callahan said the Chocolate Factory is better than some at fixing problems on the latest builds as they come up. Distributing those fixes to older systems looks to be an issue that Google will have to address. ®

Choosing a cloud hosting partner with confidence

More from The Register

next story
SMASH the Bash bug! Apple and Red Hat scramble for patch batches
'Applying multiple security updates is extremely difficult'
Apple's new iPhone 6 vulnerable to last year's TouchID fingerprint hack
But unsophisticated thieves need not attempt this trick
Hackers thrash Bash Shellshock bug: World races to cover hole
Update your gear now to avoid early attacks hitting the web
Oracle SHELLSHOCKER - data titan lists unpatchables
Database kingpin lists 32 products that can't be patched (yet) as GNU fixes second vuln
Who.is does the Harlem Shake
Blame it on LOLing XSS terroristas
Researchers tell black hats: 'YOU'RE SOOO PREDICTABLE'
Want to register that domain? We're way ahead of you.
Stunned by Shellshock Bash bug? Patch all you can – or be punished
UK data watchdog rolls up its sleeves, polishes truncheon
Ello? ello? ello?: Facebook challenger in DDoS KNOCKOUT
Gets back up again after half an hour though
prev story


Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
Intelligent flash storage arrays
Tegile Intelligent Storage Arrays with IntelliFlash helps IT boost storage utilization and effciency while delivering unmatched storage savings and performance.
Beginner's guide to SSL certificates
De-mystify the technology involved and give you the information you need to make the best decision when considering your online security options.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.