Cyber-criminals are looking for the right model to make money on compromised mobile devices, especially those based on Google’s Android operating systems, and have started flooding mobile-app marketplaces with malware, but with limited success.
The number of malicious Android programs detected by Helsinki, Finland-based security firm F-Secure, for example, has soared past 50,000 in the third quarter, a tenfold increase from the second quarter of 2012, the firm stated in a report released Nov. 5. For North American and western European users, however, cyber-criminals interested in infecting Android systems should not be overly concerning: The increased adoption of Android in less security-conscious markets, such as in China and Russia, is mainly to blame for the jump in malware, the company stated in its report.
“These expanding markets have also been notable for the proliferation of less-secure third-party apps markets, which are popular with users for various reasons,” the company stated. “This factor may also account for the increasing number of malicious samples seen this quarter.”
While quarterly reports on the malware landscape have noted a steep increase in the number of malicious applications discovered in software marketplaces, such as Google Play, the rate of infection remains low outside of China, Russia and other eastern European nations. About 40 percent of Android smartphone users are infected in those nations, according to security firm Lookout; in North America, less than 0.3 percent of users have had a malicious program installed on their phones, according to a recent report by network security firm Kindsight.
Google has noted that cyber-criminals have focused on the Android platform. In 2011, the company started scanning apps submitted to Google Play using its homegrown automated system known as Bouncer. By the time the company announced the existence of the system in February 2012, the number of users who had downloaded a malicious application from the marketplace had dropped by 40 percent.
“While it’s not possible to prevent bad people from building malware, the most important measurement is whether those bad applications are being installed from Android Market (now, known as Google Play) and we know the rate is declining significantly,” the company stated in a February blog post.
The F-Secure report noted that Google has claimed that the number of malicious applications downloaded from its marketplace has dropped, but that Android users in other countries may be less likely to download applications from trusted app stores.
“The surge may better be attributed as a natural consequence of the continued high growth in Android smartphone adoption this quarter, particularly in regions such as China and Russia,” F-Secure stated.
In Europe, Symbian continues to attract malware developers as well. F-Secure detected about half the amount of activity aimed at Symbian as Android, which is still a significant portion compared with the North American market, where Symbian is far less popular.
Toll fraud, where attackers cause an infected phone to send a text to a premium Short Message Service (SMS) number, continues to be the most successful scam in the less security-conscious markets, F-Secure stated in its report.
“Malware authors and distributers can easily turn an infection into profit by taking advantage of a ‘built-in’ billing mechanism for these SMS services; the malware simply sends out SMS messages that silently sign up the device owner for a premium subscription service, incurring charges in the user’s account,” according to the report.