ie8 fix
madison

Hardware 2.0

Adrian Kingsley-Hughes
Home / News & Blogs / Hardware 2.0

Report: Android malware up 3,325% in 2011

By | February 23, 2012, 8:36am PST

Summary: Android malware samples had increased from 400 to 13,302 in six months.

Popularity comes at a price.

During 2011 there was an ‘unprecedented growth’ of mobile malware attacks, with Android up a stratospheric 3.325 percent, according to a report by the Juniper Networks Mobile Threat Center.

The report makes depressing reading. Across all platforms, mobile malware attacks are up 155 percent, with mobile malware samples increasing from 11,138 in 2010 to 28,472 in 2011. BlackBerry malware grew by 8 percent, and Java ME saw a 49 percent increase. But the platform hit hardest was Android, with malware increasing by an incredible 3,325 percent in a year. During the last six months of 2011, Android malware samples had increased from 400 to 13,302.

Spyware was the most popular Android malware, accounting for 63 percent, while 36 percent were premium rate SMS Trojans. Another 30 percent could obtain location information without user consent and 14.7 percent had the ability to make calls behind the user’s back.

The report also notes that malware is becoming more sophisticated, with malware like Droid KungFu using encrypted payloads to avoid detection and Droid Dream disguising itself as a legitimate app.

Security guru Bruce Schneier isn’t surprised. ‘I don’t think this is surprising at all,’ wrote Schneier in a blog post. ‘Mobile is the new platform. Mobile is a very intimate platform. It’s where the attackers are going to go.’

Full report here.

Kick off your day with ZDNet's daily e-mail newsletter. It's the freshest tech news and opinion, served hot. Get it.

More from “Hardware 2.0”

Topics

Mobile, Malware, Mobile Malware, Spyware, Adware & Malware, Cyberthreats, Viruses And Worms, Security, Adrian Kingsley-Hughes

Adrian Kingsley-Hughes is an internationally published technology author who has devoted over a decade to helping users get the most from technology.

Disclosure

Adrian Kingsley-Hughes

All opinions expressed on Hardware 2.0 are those of Adrian Kingsley-Hughes. Every effort is made to ensure that the information posted is accurate. If you have any comments, queries or corrections, please contact Adrian via the email link here. Any possible conflicts of interest will be posted below. [Updated: February 23, 2010] - Adrian Kingsley-Hughes has no business relationships, affiliations, investments, or other actual/potential conflicts of interest relating to the content posted so far on this blog.

Biography

Adrian Kingsley-Hughes

Adrian Kingsley-Hughes is an internationally published technology author who has devoted over a decade to helping users get the most from technology -- whether that be by learning to program, building a PC from a pile of parts, or helping them get the most from their new MP3 player or digital camera.

Adrian has authored/co-authored technical books on a variety of topics, ranging from programming to building and maintaining PCs. His most recent books include "Build the Ultimate Custom PC", "Beginning Programming" and "The PC Doctor's Fix It Yourself Guide". He has also written training manuals that have been used by a number of Fortune 500 companies.

Adrian also runs a popular blog under the name The PC Doctor, where he covers a range of computer-related topics -- from security to repairing and upgrading.

Related Discussions on TechRepublic

Did you know you can take part in these discussions with your ZDNet membership?
Ask a Question Start a Discussion
40
Comments
Add Your Opinion

Join the conversation!

Top Rated

Up from 400 6 months earlier.
Bruizer 23rd Feb
@Return_of_the_jedi

Well explained if you read the blog instead of hoping The Force would impart the information directly.
View in thread

Just In

No.
PolymorphicNinja 27th Feb
That has nothing to do with how easy it is to write malicious apps on modern mobile platforms. Apple's included.

I won't go into detail on how application level security works on Android and iOS platforms. But I will tell you with absolute certainty that exposing the internals of the Android operating system has nothing to do with making it vulnerable to rogue applications. Apple would be just as safe if they decided to release their OS into open source as well. Mostly because they follow a similar pattern around how your applications run on their operating system..

The only way the operating system would be a relevant danger is if some how you got your phone's firmware updated without your knowledge, and if that happened, the malware to cause that would be either on your PC (if you had it hooked up to your phone), or on the servers of the entity responsible for upgrading your phone operating system (typically your cell phone carrier, or in the case of Apple and Microsoft, you get the updates directly from the company).
View in thread
-6 Votes
+ -
RE: Report: Android malware up 3,325% in 2011
Return_of_the_jedi Updated - 23rd Feb Below threshold | Show anyway
up from what? negative one?

Another rubbish post by AKH.
1 Vote
+ -
RE: Report: Android malware up 3,325% in 2011
Englishmole 23rd Feb
@Return_of_the_jedi
No, up from 400 just six months earlier. Did you read the post?

It looks like Infestation is the new fragmentation.
-6 Votes
+ -
RE: Report: Android malware up 3,325% in 2011
Return_of_the_jedi Updated - 23rd Feb Below threshold | Show anyway
@Englishmole

"...up from 400 just six months earlier."
The ones they created in their lab?

Did I read the post? No.
why? 3,3235% ?, seriously?

PS. It doesn't compute. I heard of inflating numbers.
You can over do it. Case in point
4 Votes
+ -
Top Rated
Up from 400 6 months earlier.
Bruizer 23rd Feb Top Rated
@Return_of_the_jedi

Well explained if you read the blog instead of hoping The Force would impart the information directly.
-3 Votes
+ -
RE: Report: Android malware up 3,325% in 2011
Return_of_the_jedi Updated - 23rd Feb
@Bruizer

FYI: Bogus information don't compute directly.
1 Vote
+ -
And hurt feelings compute even less
John Zern Updated - 23rd Feb
@Return_of_the_jedi
0 Votes
+ -
RE: Report: Android malware up 3,325% in 2011
dheady@... 23rd Feb
@Return_of_the_jedi I certainly wouldn't paint Adrian with such a broad brush, but I am a tad confused by the lack of numbers in this article. I was similarly befuddled when Androidboys would use the same sort of 'growth by percent' to 'prove' that Android was the iOS killer.
While I'll grant there's room for concern with Android and malware (quite the broad brush that word as well) I'm also fascinated that iOS wasn't even mentioned. Are there no Trojan Horses on iOS? Don't be confused I'm a died in the wool Apple stockholder and fanboy of the deepest type, but that doesn't mean I'm not rational.
Adrian, how about some real numbers, as in a count of malware in the wild? How about a comparison between the OSs you mention and iOS as well? Charts that only do percentages don't provide much information.
1 Vote
+ -
I agree. Even SJVN says it can't happen
John Zern 23rd Feb
@Return_of_the_jedi

And we know how balanced and accurate he is.
wink
2 Votes
+ -
Is it rubbish because it's critical of Android?
Pete "athynz" Athens 23rd Feb
Up from 400. I see others asked if you've read the article so I'll resist asking that but at the same time I have to ask if you actually comprehended what you read because it does not look like you really understand how bad the malware issues with Android have gotten. This rise in malware attacks on Android are more thank likely due to the popularity of the the platform.
1 Vote
+ -
RE: Report: Android malware up 3,325% in 2011
owllnet 23rd Feb
The android OS itself is a malware...
-1 Votes
+ -
RE: Report: Android malware up 3,325% in 2011
HypnoToad72 23rd Feb
@owllnet -

Like others' aren't?

PWN2OWN...

Jailbreaking iphones by simply loading iOS' browser and going to a website (and who knows what gets seeded during that process...)

None of them incorporates a firewall, either - so how are ANY of them anything remotely trustworthy?

There are many other issues, with iOS, Android, and other platforms... anyone thinking one is really more secure than the other is in dreamland...
0 Votes
+ -
RE: Report: Android malware up 3,325% in 2011
smashandgrab 23rd Feb
@HypnoToad72 - I could not agree more....
0 Votes
+ -
RE: Report: Android malware up 3,325% in 2011
deasys 24th Feb
I'm hypnotized by your toad-like ruminations, hypnotoad72. You may *wish* that they're all the same but they clearly are not. If you're a malware writer, Android is your funnest playground...
1 Vote
+ -
RE: Report: Android malware up 3,325% in 2011
Loverock Davidson- 23rd Feb
And they said linux couldn't get malware.
1 Vote
+ -
RE: Report: Android malware up 3,325% in 2011
Tony Burzio 23rd Feb
@Loverock Davidson- No, they said that UNIX is immune to viruses. Malware is all about software control. Apple has it right, comb through Apps before your users get them...
0 Votes
+ -
RE: Report: Android malware up 3,325% in 2011
smashandgrab 23rd Feb
@Tony Burzio - You both have it wrong. Only the fanbois say it is immune. In fact, any OS that is out there is vulnerable in one way or another. Today's bad programming is tomorrows exploit.
0 Votes
+ -
RE: Report: Android malware up 3,325% in 2011
ScorpioBlack Updated - 23rd Feb
Been using desktop Linux four years now. Haven't run into malware yet.

Where is it, Lovie? wink
0 Votes
+ -
RE: Report: Android malware up 3,325% in 2011
mrlinux 23rd Feb
It sounds like from the article (not much real detail) these are apps users install, it is tough to secure against the user.
1 Vote
+ -
RE: Report: Android malware up 3,325% in 2011
jatbains 23rd Feb
No one ever bothered writing Linux malware. What was the point when it had less than 1% of the market.
-1 Votes
+ -
RE: Report: Android malware up 3,325% in 2011
Return_of_the_jedi Updated - 23rd Feb
@jatbains
No one ever bothered writing WP7 malware. What is the point when it has less than 1% of the market

touche
2 Votes
+ -
I'm shocked, shocked I tell you, to find that that an os built for spyware
Johnny Vegas 23rd Feb
and designed to allow malware to be downloaded and run and with an app store that hosts malware and allows malware to be installed, from a company that is completely aware and doesnt lift a finger to prevent it, indeed has 10s of 1000s of malware apps. Completely shocked! Get android, get pwnd, join a botnet, get your personal data stolen, get charged for txts you didnt send. Thank you google.
-1 Votes
+ -
Gee...the perfect description of Microsoft Windows!
linux for me 23rd Feb
@Johnny Vegas

If the user downloads an untrusted app, then is that really a security issue with any device? I don't think so.

Thanks for playing though......
2 Votes
+ -
RE: Report: Android malware up 3,325% in 2011
MSFTWorshipper 23rd Feb
@linux for me There is no such thing as being allowed to download an untrusted app on iOS or Windows Phone. The walled garden *works*.
0 Votes
+ -
RE: Report: Android malware up 3,325% in 2011
ironnmetal 23rd Feb
@linux for me

So to push your claims into a different analogy... if the government has never bothered to inspect a certain restaurant (and they don't try very hard to tell you this), and you unknowingly walk in and buy some moldy food and get sick it's your fault?

Your argument makes no sense. You mention "untrusted" apps as if Google has a running list of "trusted" apps that is 100% readily available to users. There is a major difference between a well-informed user that makes a stupid decision versus an uninformed user who doesn't know better.

Not everyone needs to have their hand held to successfully walk across the street, but if you're going to allow traffic to run freely and unregulated it might help to install a bridge.
0 Votes
+ -
Trojans Are Not an Operating System Security Issue
CFWhitman Updated - 23rd Feb
Trojans are a user security issue, not an operating system security issue. Every system that allows users to install their own software (every system worth using) is susceptible to Trojans as long as there are users who make mistakes about what to install.

This doesn't tell us one way or another how secure Android is because there is no reason to break security when you can just get a user to install malware instead. There is no reason to pick a lock if somebody is willing to hand you the key.

Mind you that I am not saying that Android has great operating system security. I am just saying that this doesn't tell us how it's security compares with the other systems.

Con-men are the new crackers.
2 Votes
+ -
RE: Report: Android malware up 3,325% in 2011
Snooki_smoosh_smoosh 23rd Feb
@CFWhitman "Every system that allows users to install their own software (every system worth using) is susceptible to Trojans as long as there are users who make mistakes about what to install."

How is a user to tell if an app in their app store is garbage? It isn't as if they are installing apps from some obscure website, they are getting them where the phone provider says to get them. If I was an Android user who got an infected handset, I would be suing, naming the carrier, the handset maker, and ultimately Google as the defendants, as they are the enablers.
0 Votes
+ -
RE: Report: Android malware up 3,325% in 2011
pupkin_z 23rd Feb
@Snooki_smoosh_smoosh they can see that only 100 people installed this software and all complained. How do you know that you can trust MS or Apple etc software? You do not. In fact, the more we learn about their practices of collecting person info, the closer they are to get "malware" stamp.
0 Votes
+ -
Well.. aside from the EULA
PolymorphicNinja 27th Feb
EULA.. You know.. that blob of legalese you typically just click through or don't read when you download an app, sign up for a data plan, use external services such as Apple's App Store and Google's Marketplace, etc, etc, etc.

As unfortunate as it may be to get an infected handset, that EULA puts the onus of blame largely on the end-user that allowed the malware to be downloaded and installed to begin with.
0 Votes
+ -
RE: Report: Android malware up 3,325% in 2011
piousmonk 23rd Feb
Did anybody actually read the report, and not just the blog?

One takeaway, iOS was not included in the study, which was attributed as "The inability to quantify iOS threats is largely due to Apple not releasing data or opening its platform for analysis."

I don't want to get bogged down in whether or not Apple is trying to hide something or not, but as an iPhone user, I'd find value in Apple having some willingness to participate.
0 Votes
+ -
Could be the fact that...
Snooki_smoosh_smoosh 23rd Feb
@piousmonk... Apple curates its store, the process necessary to write applications and submit them to the app store requires devs to register with Apple and agree that they won't be bad programmers that set out to compromise the system.

Look I am not going to blow sunshine and say that it is impossible to hack the iPhone, I am not that naive, but the fact that there are some layers there to discourage such practice offer some barriers to preventing this sort of problem. If the preferred Vector of Attack is the App Store that should tell people something, and tell the app store providers something.
1 Vote
+ -
RE: Report: Android malware up 3,325% in 2011
pupkin_z 23rd Feb
@Snooki_smoosh_smoosh the question is, where to stop? North Korean leaders are there to help their people with all the other choices in life. Would you consider moving there?
0 Votes
+ -
RE: Report: Android malware up 3,325% in 2011
piousmonk 23rd Feb
@Snooki_smoosh_smoosh

I don't disagree, but I also don't blindly trust that Apple's approach is 100% successful either. I also don't think that registration is going to be much of a deterent to malware writers given Apple's marketshare.

Whether there have been few or many malware apps that have gotten through Apple's process, users have a vested interest in knowing the facts.
0 Votes
+ -
layers?
Tea.Rollins Updated - 27th Feb
Yeah, someday apple fans will realize contracts-as-protection doesn't make the operating system secure. When WP8 comes into the mix, you're going to see a lot of competition and a lot of apple consumers going off the app store for things they can't get there.

And what about users like Charlie Miller, who exposed and produced fixes for obvious, gaping holes in the system, only to be rewarded having his license to develop pulled because he was a threat to Apple's system of misinformation?
0 Votes
+ -
But that's the same practice of all the ecosystems.
PolymorphicNinja 27th Feb
https://www.google.com/enterprise/marketplace/devtos?pli=1

Do a Ctrl-F search on "mal". You will see that Google has recourse for both sides of the coin: If you are being unfairly downrated, as well as take down/punishement procedures if you're found to be publishing malware under your publishing ID.

And just like with Apple, you're just out the set-up fee if you get caught (and they can go after you for refunds if you charged for your app).

Is that fee worth scraping the valuable data of whoever downloads your app? It could be. The $99 (Apple) or $25 (Google) could be a small investment compared to what could be stolen.

The walled garden works only as well as the approval process. Nothing says malware has to do it's business during the evaluation period. And oddly enough, the application distribution method chosen by Apple (native machine code vs. VM-based byte code) actually makes their vetting process far more difficult to find apps that are leaking your private data somewhere. There are many instances where Apple has taken an app down after it has entered the app store when the malware was discovered later. Google is the same. There are several examples where they have taken down apps and killed developer IDs because of malware.

In either case, most of the time, these take downs are prompted by user reports.

There is no immunity to malware once your platform is popular enough to target for it. The only way to deal with it is similar to a neighborhood watch. It doesn't matter if you're an Apple user, Google user or Microsoft user... If you see suspicious activity, report it. It may keep another user out of trouble.
-3 Votes
+ -
No reports of WP7 malware?
SamWilkinson 23rd Feb
I guess those 5 users haven't responded yet.
0 Votes
+ -
Nice try troll
hopp64 Updated - 23rd Feb
But the article is about Android and I have an Android phone (not for long) so it is relevant.
0 Votes
+ -
But it's open!
Garion DK 24th Feb
And now we see what's it open to. Malware!
0 Votes
+ -
android being opensource is more vulnerable
raj.tripathi 25th Feb
The problem lies with android being the opensource,hacker can understand the underline code and architecture and do his job easliy,in case of iphone if hackers cant see the code then how can they hack it.
That really makes a difference ,so android devices are more vulnerable to security threats.I hope google looks into this,and probably find out some way to prevent it as it has long way to go.

r.tripathi
www.mobitily.com
0 Votes
+ -
No.
PolymorphicNinja 27th Feb
That has nothing to do with how easy it is to write malicious apps on modern mobile platforms. Apple's included.

I won't go into detail on how application level security works on Android and iOS platforms. But I will tell you with absolute certainty that exposing the internals of the Android operating system has nothing to do with making it vulnerable to rogue applications. Apple would be just as safe if they decided to release their OS into open source as well. Mostly because they follow a similar pattern around how your applications run on their operating system..

The only way the operating system would be a relevant danger is if some how you got your phone's firmware updated without your knowledge, and if that happened, the malware to cause that would be either on your PC (if you had it hooked up to your phone), or on the servers of the entity responsible for upgrading your phone operating system (typically your cell phone carrier, or in the case of Apple and Microsoft, you get the updates directly from the company).
0 Votes
+ -
this field is stupidly required
Tea.Rollins Updated - 27th Feb
What's that you say? There's no truth to the 'as your marketshare grows people will target you myth?' Yeah, eat crow.

Join the conversation!

Formatting +
BB Codes - Note: HTML is not supported in forums
  • [b] Bold [/b]
  • [i] Italic [/i]
  • [u] Underline [/u]
  • [s] Strikethrough [/s]
  • [q] "Quote" [/q]
  • [ol][*] 1. Ordered List [/ol]
  • [ul][*] · Unordered List [/ul]
  • [pre] Preformat [/pre]
  • [quote] "Blockquote" [/quote]
ie8 fix
Click Here
ie8 fix

The best of ZDNet, delivered

ZDNet Newsletters

Get the best of ZDNet delivered straight to your inbox

Facebook Activity

Blog Roll

Blog Archive

White Papers, Webcasts, & Resources
ie8 fix
ie8 fix