Android Devices at Risk From Privacy-Stealing Malware

Secondary to privacy-stealing malware, adware was found to be installed on 13 percent of the devices in the U.S. that were infected.

android and security

More than half of compromised devices running Google’s Android operating system (62 percent) were infected by privacy-stealing malware, and one of every 100 devices in the U.S. market were infected in the second quarter 2015, according to a report from 360 Mobile Security Limited.

From an analysis of more than 200 million Android devices, including smartphones and tablets, the report uncovered major threats among the leading Android mobile devices, ranging from pre-installed vulnerability concerns of devices themselves, to fully infected Android systems.

"While Google is committed to improving the Android OS and claims the system is becoming more and more secure, chances are there are still loopholes," Yan Huang, COO of 360 Mobile Security, told eWEEK. "The recent Hacking Team issue speaks well enough to this problem. Users with Android 4.4 or earlier will largely remain exposed in the near future as updating is up to the carriers and is therefore generally slow."

Huang noted that according to Nielsen, the average number of apps U.S. mobile users access each month has remained about the same at 27 apps over the past two years. The average time they spend on those apps each month is more than 37 hours.

"Given this trend, we predict that malware targeting social apps will increase in the near future and that the ratio of privacy-stealing malware will increase as the success rate of gaining financial or data benefits from those apps just becomes higher and higher," he said.

Secondary to privacy-stealing malware, adware was found to be installed on 13 percent of the infected devices in the U.S. Adware is defined as any software package that automatically renders advertisements in order to generate revenue for its author.

It may collect user data for business purposes, and its frequent presence is frustrating to consumers.

Trojan.Privacy.Android.InfoStealer accounts for nearly half (44.5 percent) of Trojans, the report found.

The above security risk is a notorious Trojan that secretly collects and uploads sensitive information such as Web browser history and location data.

The report noted a 44.5 percent proportion is significant considering that it leads to serious privacy leaks and compromised information.

Rooted devices, which are completely exposed to any possible attacks, are in the highest level of danger, and the report found the proportion of rooted devices is 0.2 percent.

360 Mobile Security also analyzed the vulnerability status for global devices, reviewing information from its customer base of 200 million users around the world. According to the report, nearly one-third (32.6 percent) of devices (running Android 4.2 and earlier) are exposed to Installer Hijacking Vulnerability, also known as Time-of-Check to Time-of-Use (TOCTTOU) vulnerability. In Android OS, this permits an attacker to hijack the ordinary Android APK installation process.

This hijacking technique can be used to bypass the user view and distribute malware with arbitrary permissions.

It can substitute one application with another. For instance, if a user tries to install a legitimate version of “Angry Birds,” they can end up with a Flashlight app that’s running malware.

Greater than 97 percent of mobile malware targets Android devices, whereas iOS malware takes less than 1 percent of the share.