Android Malware Rises, but Security Risks Remain Low in U.S.
Android malware has taken off, but infection rates are still relatively low, according to a new report from F-Secure. The study also found that nearly abandoned Symbian OS is still a target.Cyber-criminals are looking for the right model to make money on compromised mobile devices, especially those based on Google’s Android operating systems, and have started flooding mobile-app marketplaces with malware, but with limited success. The number of malicious Android programs detected by Helsinki, Finland-based security firm F-Secure, for example, has soared past 50,000 in the third quarter, a tenfold increase from the second quarter of 2012, the firm stated in a report released Nov. 5. For North American and western European users, however, cyber-criminals interested in infecting Android systems should not be overly concerning: The increased adoption of Android in less security-conscious markets, such as in China and Russia, is mainly to blame for the jump in malware, the company stated in its report. "These expanding markets have also been notable for the proliferation of less-secure third-party apps markets, which are popular with users for various reasons," the company stated. "This factor may also account for the increasing number of malicious samples seen this quarter." While quarterly reports on the malware landscape have noted a steep increase in the number of malicious applications discovered in software marketplaces, such as Google Play, the rate of infection remains low outside of China, Russia and other eastern European nations. About 40 percent of Android smartphone users are infected in those nations, according to security firm Lookout; in North America, less than 0.3 percent of users have had a malicious program installed on their phones, according to a recent report by network security firm Kindsight.
Google has noted that cyber-criminals have focused on the Android platform. In 2011, the company started scanning apps submitted to Google Play using its homegrown automated system known as Bouncer. By the time the company announced the existence of the system in February 2012, the number of users who had downloaded a malicious application from the marketplace had dropped by 40 percent.