Mobile Malware Mostly Infecting Android Devices Rises Steadily

Data gathered from cellular networks show that 0.68 percent of mobile devices are infected with malware, with 99 percent of the infected devices running Android.

Download the authoritative guide: The Ultimate Guide to IT Security Vendors

Mobile Malware 2

Attackers continue to target mobile devices with a variety of adware and malware, which led to a 25 percent increase in infections in 2014, according to a report published on Feb. 12 by mobile security firm Alcatel-Lucent.

The company, which monitors malicious activity on Internet service provider (ISP) and cellular networks, found that 0.68 percent of mobile devices were infected with malware in 2014, up from 0.55 percent the previous year. While that is a small fraction of the total users, it extrapolates to an estimated 16 million devices infected worldwide, the company said.

More than 99 percent of the infections were on Android devices. Because the Android ecosystem is open, adware and malware makers are more likely to target the operating system, said Kevin McNamee, director of Motive Security Labs at Alcatel-Lucent.

"Most importantly is the fact that there is less control—you can download the apps from third-party app stores and there is very little checking of the digital signature that you sign the app with," he said.

The top three infectors are Adware.Uapush, Trojan.Ackposts and SMSTracker, which is a mobile spyware application. All three affect Android devices, and are typically downloaded and installed by hiding them in innocuous-seeming applications.

Uapush sends text messages and steals user information from infected devices. Ackposts steals contact details from the victim's phone, and SMSTracker allows an attacker to remotely monitor communications, peruse a victim's browser history and track the location of the phone.

The steady increase in mobile adware and malware is a sign of the future, but the present dangers still belong to the old standbys: desktops and laptops. Alcatel-Lucent found that 13.6 percent of residential broadband customers had a detectable malware infection, with severe threats, such as bots and banking Trojans, accounting for 5 percent.

"The Windows devices are still the main focus of the attackers," McNamee said. "They have the lion's share of the malware infections."

While the number of systems with serious malware infections remained about the same, the proportion of adware-infected systems nearly doubled. Many of the infections are due to applications, such as iBryte and Wysotot, which attempt to install other software and earn the developer an affiliate fee. Six of the top seven malicious programs infecting residential broadband users are adware, while the other unwanted program hijacks the victim's start page.

While such programs are mainly a nuisance, they could open the gateway to worse digital plagues, McNamee said.

"They [the authors] are making money off of getting stuff installed on that machine, so I don't think they really care what they are installing," he said.

BlackBerry and iOS devices accounted for less than 1 percent of infections, but the operating systems are not immune to attack and could be targeted if the payoff is attractive, the company said.

While the jumps in infection rates for both mobile and PC systems are significant, some of the rise could be due to changes in Alcatel-Lucent's market. The company has entered more global markets in the past year, and malware tends to gravitate more to regions of the world where the ecosystems are weaker—especially Eastern Europe, China and Russia—than in North America, where users are less likely to download apps from third-party sites and monetizing compromised devices is more difficult.

Robert Lemos

Robert Lemos

Robert Lemos is an award-winning freelance journalist who has covered information security, cybercrime and technology's impact on society for almost two decades. A former research engineer, he's...