Android malware continued to gain in share in 2012 and was responsible for 79 percent of all threats for the year, up from 66 percent in 2011, according to security specialist F-Secure’s latest Mobile Threat report.
In the fourth quarter alone, 96 new families and variants of Android threats were discovered, which almost doubles the number recorded in the previous quarter. A large share of the Android threats found in the fourth quarter was malware that generates profit through fraudulent short message service (SMS) practices, with 21 of the 96 Android threat variants found contributed by Premium SMS, a malware family that sends out messages to premium rate numbers.
With fraudulent SMS, messages or notifications from these premium rate numbers and services are deleted, keeping the user unaware until charges appear on their bills. The report noted many Android-based threats employ similar tactics, with some signing up the victim to an SMS-based subscription service.
F-Secure also warned that in addition to SMS-sending malware, some malware authors or distributors may choose to make a profit through banking Trojans, which steal the mobile Transaction Authentication Number (mTAN) that banks send via SMS to customers to validate an online banking transaction. Using this number, these Trojans can transfer money from the victims’ account and the banks will proceed with the transaction because it appears to be coming from the rightful account owner.
The report noted extra security prompts when downloading in Android version 4.2 Jelly Bean should help deflect Trojans (66 percent of mobile malware detections in 2012 were Trojans), and as spying and monitoring tools increasingly become part of the mix, surveillance-related threats will account for a greater portion of the overall threats.
Malware targeting the Symbian platform accounted for 19 percent of all mobile malware in 2012, down from 29 percent in 2011. The report wryly noted that may be the only good news for the platform, once the most popular smartphone operating system (OS) on a worldwide average but is now generally regarded to be a technological relic.
In 2010 Symbian malware accounted for 62 percent of threats and Android represented just 11 percent. The success of Android, which overtook Symbian as the world’s most used mobile platform at the end of 2010, contributed greatly to the system’s decline.
"Malware in general has a parasitic relationship with its host," F-Secure Labs security adviser Sean Sullivan said in a statement. "As old Symbian handsets continue to be replaced by those with other operating systems, especially Android, Symbian malware dies off and will probably go extinct in 2013. May it rest in peace."