Android accounts for most mobile malware, says F-Secure

With Android accounting for 96 percent of all mobile malware in Q4 2012, F-Secure warns that the Google-developed mobile platform is increasingly being targeted by malware writers and hackers.
Written by Zack Whittaker, Contributor

Android's popularity and success is also its security downfall, according to a leading security firm.

Android's share of mobile malware has increased by almost double in the last quarter, and now pegs in at 96 percent of the mobile malware market, according to a recent report by F-Secure [PDF]. 

By comparison, Symbian stands at 4 percent while Windows Mobile, BlackBerry and Apple's iPhone all come in with an even lower share of new mobile threats and variants over the quarter. However, much of Android's gain in the mobile threat scene can be contributed to PremiumSMS, a popular family of malware that generates profit through premium SMS sending practices, which saw 21 new variants in the past year.

"Every quarter, malware authors bring forth new threat families and variants to lure more victims and to update on the existing ones," the report noted said.

The rise in Android malware, the firm said, can be largely attributed to its increasing foothold in the consumer market. Other security firms have also noted this, but also attributed that Android's open platform and application store leaves it more vulnerable than rival mobile platforms.

"As for the other platforms," such as BlackBerry, iOS, and Windows Mobile, "they may see some threats popping up once in a while. But most likely, the threats are intended for multiple platforms similar to the case of FinSpy."

FinSpy and other FinFisher intrusion tools are a range of controversial malware tools, created by the private industry and first documented by Wikileaks, which are often installed on devices and machines at the behest of governments and intelligence agencies. It can be used to monitor all communications in and out of a device and can capture video, audio, and other personal information on the device.

From the report:

Screen Shot 2013-03-07 at 07.25.05
New mobile threat families and variants received per quarter (Credit: F-Secure)

Looking the figures, Android's leap in mobile threat variants received per quarter has risen between the two final quarters of 2012. In this case, the increase can be mostly attributed to an uptick in premium SMS-based mobile variants as well as Android's large market share in the mobile space, though not particularly due to any recent spike in Android uptake.

Conversely, for Symbian, the sudden drop from 21 percent to 4 percent can be attributed to the decline in Symbian market share. Over the past two years, Symbian's share has declined rapidly — in line with Nokia's wishes — in favor of Windows Phone, which has yet to make a splash in in the mobile market share pool.

"As old Symbian handsets continue to be replaced by those with other operating systems, especially Android, Symbian malware dies off and will probably go extinct in 2013," said F-Secure security advisor Sean Sullivan. "The numbers are starkly reversed from 2010, when Symbian malware accounted for 62 percent of threats and Android just 11 percent."

Screen Shot 2013-03-07 at 07.26.02
Threat families and variants by platform between 2011-2012 (Credit: F-Secure)

Between 2011 and 2012, the number of attacks targeting Android have increased in line with the increasing focus by malware writers and hackers to target the mobile space. While in 2011 there were 195 mobile malware families and variants, in 2012 that increased by one third to 301 familes and variants.

While side-by-side, these figures may not be representative of market share figures, it does reflect which kind of devices seem to be on the market today. While iPhones are increasingly popular in the enterprise, many consumer devices are Android-based.

It's worth mentioning that while F-Secure's underlying message is "buy our mobile software," the report makes some interesting points, particularly for the enterprise, which may be weighing the cheaper Android options in favor of other, more expensive devices, for instance. 

Android is becoming increasingly popular in the enterprise, thanks to mobile device management (MDM) software and business-focused features, such as VPN security and integration with outsourced cloud services, such as Google Apps. 

The iPhone may be the device of choice, according to recent Gartner figures, though bring-your-own-device (BYOD) policies at work are seeing more Android-based phones enter the workplace. This ultimately means that CIOs and IT managers have to accommodate such devices at work by offering security-based policies and restrictions.

But there's only so much these policies can do. Mitigation is one thing, but actively exploiting even the most basic functionality in these phones, such as SMS text messaging, can still rack up the bills while generating a small fortune for the malware writers. 

Editorial standards