Android Malware Grew 3,000 Percent in 2011: Report

Mobile malware developers targeted Google's Android more than any other mobile operating system in 2011. However, cyber-crooks also abused Apple's iOS, RIM's BlackBerry and Symbian.

Malware that specifically targeted mobile operating systems increased in 2011 as smartphones became more popular with enterprise users, as well as consumers. These cyber-criminals also developed affection for the Google Android OS, which saw the biggest jump in malware during the past 12 months, according to a new report from Juniper Networks.

Malware targeting the Android mobile operating system grew by a whopping 3,325 percent in the last seven months of 2011, according to the 2011 Mobile Threat Report, which Juniper released Feb. 15. Android malware accounted for about 46.7 percent of unique malware samples that targeted mobile platforms, followed by 41 percent for Java Mobile Edition.

Overall, mobile malware more than doubled in 2011, growing by 155 percent across all platforms, which included Apple's iOS, Research In Motion's BlackBerry and Symbian. New malware samples targeting Java Mobile Edition increased by a little less than 50 percent in 2011. Java ME is popularly used on Symbian and Windows Mobile devices.

Juniper saw a "significant increase in the amount of mobile malware, its sophistication, as well as new nimble social-engineering-based attacks," said Daniel Hoffman, chief mobile security evangelist at Juniper Networks.

The Mobile Threat Center at Juniper Networks examined more than 793,631 applications and 28,472 unique malware samples to compile the report. Despite the eye-popping growth numbers, the total number for mobile malware remains minuscule, compared with malware targeting traditional computers.

The explosion in Android malware is a direct result of the platform's diverse and open marketplace where developers are free to post their apps as well as growing market share, according to Juniper. Google's market share in the mobile space, at 46.9 percent, is statistically the same as the proportion of Android malware detected by Juniper.

"Hackers are incented to target Android, because there are simply more Android devices as compared to the competition," said Hoffman.

Google's "Bouncer" service has been scanning apps in the Android Malware and removing offenders toward the second half of the year to make it harder for scammers to upload malicious apps. Bouncer will "certainly help" reduce infection rates from downloads on the official market of known threats, said Hoffman.

Apple is slightly more secure due to its screening policies and closed marketplace, but iOS users have their own set of mobile security challenges, according to the report. Jailbreaking remains common and users with iOS devices are vulnerable to malicious jailbreaking services that infect the device during the rooting process.

Mobile devices are just as vulnerable to browser-based attacks triggered when a user navigates to a malicious Website as computers. There are fewer choices available for iOS users when it comes to security products to protect them from these kinds of threats.

"This lack of software protection and a competitive security market leave users with little protection if malware were ever to make it through Apple's application-vetting process," the report found.

In fact, there are several examples of developers slipping apps past Apple's screeners last year. The most prominent example was when Apple researcher Charlie Miller got a seemingly innocuous app approved for the App Store, and then was able to use the app to remotely execute code on devices.

Malicious apps and scams targeting mobile users have become more sophisticated and many rely on social engineering tactics to trick users into downloading and installing, Juniper found.

"Industrious hackers" moved from proof-of-concept samples to developing profitable malware, according to the report.

Mobile malware can be classified into two different groups, Short Message Service (SMS) Trojans and spyware. Spyware was the most common form, accounting for about 63 percent of malware. Spyware on mobile devices generally goes after GPS data, text messages, contacts and browser activity and transmits it to a third-party.

SMS Trojans, accounting for 46 percent of malware, trick users into agreeing to send premium SMS messages to attackers. As they generally run in the background, users are usually unaware these messages are being sent until they see the charges on their bills.

Scammers often piggyback SMS Trojans onto "fake installers," which are apps that trick users into paying for them even though they may be legitimately available for free.

These fake installers create a "low barrier to entry" for cyber-criminals interested in mobile scams but lacking the technical skills, according to the report. Application stores are the prime delivery mechanism for infected apps, and it's far easier to turn around these types of apps rather than those targeting actual vulnerabilities.