Android Malware Targeting User Data Continues to Proliferate in Market
As Android market share continues to grow, malware developers are increasingly targeting the platform, according to security researchers.
While the total volume of mobile malware and malware specifically targeting Android remains very small in comparison to malware targeting the Windows platform, recent reports found the numbers are growing, and will likely continue in 2012.
Malware targeting Android devices jumped nearly 37 percent since last quarter, McAfee Labs reported in its third-quarter Threats Report released Nov. 21. The findings concur with an earlier report by Juniper Networks' Global Threat Center, which reported in its Malicious Mobile Threats Report released Nov. 15 that there was a 472 percent increase in Android malware samples detected by Nov. 10, compared with what had been detected in July.
October and November have seen the "fastest growth in Android malware discovery," according to the Juniper Global Threat Center report. Malware samples identified in September increased 28 percent over known samples, and there was another 110 percent increase in October over what was detected in the previous month. The biggest surge was between October and November, contributing to the overall 400 percent growth, a Juniper spokesperson told eWEEK.
It's not just the volume of malware that worries Juniper researchers, but the fact that the examples are becoming more sophisticated. Only some of the malware detected in the spring had the capability to exploit vulnerabilities in the platform to gain root access on the device. "Today, just about every piece of malware that is released contains this capability," the researchers concluded on the Global Threat Center blog.
Malware developers just need a developer account, pay $25 and post malicious applications on the Android Market, Juniper researchers wrote. Since the first group of apps infected with the DroidDream malware family was removed from the Android Market, there has been a surge of other malicious apps, Juniper said.
Juniper also said a little over half, or 55 percent, of Android malware is disguised as spyware, while 44 percent use an SMS Trojan to send text messages to prime-rate numbers to rack up expensive charges on a user's cell phone bill.
Security firm Mocana released the Device Confidence Index last week, which found that 47 percent feel their mobile devices are not secure when it comes to storing sensitive information. The distrust extends to both iOS and Android, with only 26 percent and 19 percent saying they feel positive about their respective platform's ability to protect personal data.
"The majority of those expressing an opinion didn't trust Apple's iOS to be secure, and Google's Android platform and RIM's BlackBerry fared still worse," Mocana wrote in the report.
These studies don't appear to have convinced Chris DiBona, an open-source program manager at Google. In a Nov. 16 post on Google+, DiBona accused security companies of "playing" on fears to sell security software for mobile platforms. He dismissed existing Android threats as "little things" that didn't cause much damage thanks to the protections built into the platform.
"They are charlatans and scammers. If you work for a company selling virus protection for Android, RIM or IOS, you should be ashamed of yourself," DiBona wrote.