Android Malware Takes off, Mostly Outside the U.S.

Attacks on mobile devices using malicious code continue to focus on Android, with 175,000 programs found in the last quarter, according to a Trend Micro report.

Attackers are continuing to focus more heavily on mobile devices, and in particular those running Google’s Android operating system, posting 175,000 malicious or suspicious programs to app stores, according a report published by security firm Trend Micro on Oct. 22.

The activity in the third quarter is a steep increase from the previous quarter when the firm only found 30,000 apps that appeared to take malicious actions or aggressively gather information on a user. While mobile operating systems typically have more security controls than their desktop counterparts, much of the popular Android operating system's security relies on a knowledgeable user and regular policing by Google, said Raimund Genes, chief technology officer for Trend Micro.

"The foundation of Android is very solid, with its permission-based security," said Genes. "But, it's a more open ecosystem, which is not very secure."

Users need to understand the implications of the permissions that an application requests before granting permission, or run the risk of leaking sensitive data. About 20 percent of Android device owners use a security application, according to Trend Micro.

In addition, the app stores—including Google Play—need to improve their automated analysis of programs posted to the marketplaces, said Genes. While Google tends to quickly pull down overtly malicious applications, aggressive adware that takes more information than outlined in its user agreement is common. The company has scanned some 1.1 million applications and found 12 percent to leak some sort of personal information.

Many of these issues are less of a problem in the United States and more worrisome in other countries, such as China and Russia. In those countries, users commonly use third-party app stores, which have much more lax standards of security. A previous review of mobile threats by security firm Lookout estimated that more than 40 percent of the devices in Russia are infected by malicious software.

It's a point that Trend Micro highlights as well.

"The biggest problem is that of the independent app stores," Trend's Genes said. "The worst market is China. There are a lot of independent app stores, because in China, no one wants to pay for applications."

The quarter--from July 1 to September 30--also saw the first report of a targeted threat using an Android application. Researchers with Trend found evidence that a series of attacks linked to Chinese hackers that focused on Indian and Japanese military agencies, as well as Tibetan human-rights groups, may include component for infecting Android devices in the future. The Android apps were under development and could steal information as well as install additional components on the phone.

In its analysis of attacks encountered by its own customers, more than three-quarters of targeted attacks focused on government and companies, while about 20 percent targeted non-governmental and non-business organizations.

Other trends found in Trend Micro's research: Saudi Arabia has become a leading spammer and the ZeroAccess botnet has become the top infector of computer systems. ZeroAccess rose from third place in the second quarter to first place in the latest quarter, with almost a million infected systems detected.

Robert Lemos

Robert Lemos

Robert Lemos is an award-winning freelance journalist who has covered information security, cybercrime and technology's impact on society for almost two decades. A former research engineer, he's...