Mobile malware growing, led by Android

New tactics lure consumers into paying for free apps as malware on Google platform spikes 3,325 percent in second-half 2011, new research shows.

Mobile malware hit a record number last year increasing 155 percent across all platforms. Google Android, in particular, attracted much attention as cybercriminals found new ways to exploit consumer behavior.

According to new findings released Thursday by Juniper Networks Mobile Threat center, mobile malware had grown more sophisticated as cybercriminals continued to hone their craft and identify new ways to exploit vulnerabilities across all platforms and devices.

Hackers tended to target systems with low barriers of entry, evolving from complex and deep technical tools to tactics that were "lightweight, social, and able to deliver fast profits".

Applications had emerged to become a "killer app" and the most popular way for hackers to compromise devices, the center noted, adding that appstores are fast becoming the primary delivery mechanism for infected applications.

Juniper Networks Mobile Threat Center focuses on mobile security research and had studied 793,631 apps and vulnerabilities on all major mobile operating systems to generate the latest report. These included third-party appstores, known Web site repositories of malicious apps, known hacker sites and app samples submitted by consumers and business partners.

It noted that, in 2011, spyware and SMS Trojans accounted for the majority of malware targeting mobile devices, at 63 percent and 36 percent, respectively.

More eyes on Android
Malware targeting Android, in particular, went up 3,325 percent in the last seven months of 2011.

"The combination of Android's dominant market share, and lack of control over the apps appearing in the various Android appstores, created a perfect storm, giving malware developers the means and incentive to focus on the platform," said Juniper Networks. It added that since its release in 2007 to November 2011, Android had expanded its market share to 46.9 percent, compared to 28.7 percent for the Apple iOS.

It noted that a developer currently can post and immediately make avail an app to the official Android Market, without vetting to block pirated or malicious apps. This makes it easier for hackers to reach potential victims. The center also noted that while Google has been diligent in swiftly removing malicious apps from its appstore when found, "the process of detection and deletion can take days", giving cybercriminals more than enough time to complete their deed.

Earlier this month, Google said it added an automated scanning process on the Android Market to guard against malicious apps. Dubbed Bouncer, it scans apps for known malware, spyware and Trojans, as well as identifies suspicious behaviors for comparison against previously analyzed apps.

According to Juniper Networks, 46.7 percent of mobile malware detected had targeted Android devices, while 41 percent were on Java ME. Another 11.5 percent were on Symbian, 0.7 percent on Windows Mobile and 0.2 percent on RIM BlackBerry devices.

Research on iOS security was limited due to the closed nature of the platform, but the center noted that its researchers succeeded in getting an unapproved app onto the Apple App Store.

Juniper Networks also pointed to last year's fastest growing malware, coined Fake Installers, which tricked victims into paying for pirated versions of popular apps that were typically free.

It noted that another key security concern came in the form of lost or stolen devices, especially when these confidential corporate or personal data.

Citing findings from customers of its Junos Pulse Mobile Security Suite, Juniper Networks said almost 1 in 5, or 16.9 percent, submitted the "locate" command to find missing devices. In addition, over 6 percent had to remotely lock these lost devices to prevent inappropriate use.

"The rapid growth in mobile malware, combined with ongoing concerns about lost and stolen devices, illustrate just how important of an issue mobile security is--and that it is an issue that affects everyone, not just corporations," Dan Hoffman, chief mobile security evangelist at Juniper Networks.


You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
See All
See All