Malware attacks are increasing, getting smarter and targeting Google’s Android mobile operating system, according to a new report from NQ Mobile, a mobile security solutions provider that based the report on the findings of its Security Lab.
Mobile malware threats increased by 163 percent in 2012, and 95 percent of all threats were targeted at Android, said the report. The firm estimates that 32.8 million Android devices were infected in 2012, an increase of 200 percent from the 10.8 million infected in 2011.
The top three ways that malware was delivered in 2012, said the report, were through app repackaging, malicious URLs and “smishing.”
Smishing—affecting both a user’s device and his or her wallet—infects a device to increase the user’s phone bill.
“Using social engineering (phishing) along with SMS, consumers are contacted by cyber-criminals and asked to click on a malicious link,” the report explains. “Clicking the link will trigger a malicious app download or direct the consumer to a rogue Website.”
One of the most effective, and lucrative, methods of smishing, it added, can generate as much as $4 per Short Message Service (SMS) text for a criminal.
The second method, malicious URLs, is intended to collect personal information from a user, particularly mobile banking or other financial information.
App repackaging consists of a criminal adding lines of malicious code to a real app and repackaging and reloading it to a third-party marketplace where unsuspecting mobile users can download it. Once installed, the manipulated app works in the background, collecting user data, changing user settings or remotely controlling the device to do things like send SMS texts, said the report.
The top five infected markets globally, says NQ Mobile, were China, with a 26 percent share; India, with a 19 percent share; Russia, with an 18 percent share; and the United States and Saudi Arabia, with respective 10 percent shares of the infected pie.
Other not-so-fun facts from the report include that 7 percent of the malware in 2012 was designed to “brick” a user’s phone—make it simply stop working—while 28 percent focused on profiting from user data.
While malware in the United States didn’t rise significantly between 2011 and 2012, NQ Mobile says it expects that to change, for several reasons.
One reason is Android fragmentation.
“Two years after is introduction, more than 39 percent of Android users are still using Gingerbread,” said the report. “As a result, these mobile consumers are lacking many of the major security updates provided by Ice Cream Sandwich and Jelly Bean.”
A second cited reason is app side-loading. Users can increasingly download and install apps outside the Google Play store, said the report, which means that “more users than ever are able to visit and download apps from the third-party marketplaces, where the majority of malicious apps are being hosted.”
Finally, young people are increasingly smartphone owners, and the 13- to 17-year old demographic—58 percent of whom own smartphones, according to Nielsen—download more apps, on average, than other demographics. They’re also more—46 percent more—open to downloading outside the Play store.
As far as solutions go, NQ Mobile would be happy to sell you one—but also offers the advice of using a passcode or other authentication method.
And there’s no time like the present. In the first quarter of 2013, NQ Mobile says it has already identified 25,140 new malware threats—which is more than all of 2011 and 38 percent of 2012’s annual total.