Every fifth Google Android-based device protected by Kaspersky Lab security solutions was attacked by malware at least once during the reporting period, with the most popular malicious programs being SMS Trojans that send messages to premium rate numbers without the owner’s awareness, according to a report from Kaspersky and Interpol.
A total of 1 million Android device users around the world encountered dangerous software between August 2013 and July 2014—about one-fifth of all Kaspersky Lab mobile product users—representing the peak of cyber-attacks registered in recent years.
From August 2013 through March 2014, the number of attacks per month was up nearly tenfold, from 69,000 in August to 644,000 in March, and the number of users attacked also increased rapidly, from 35,000 in August 2013 to 242,000 in March 2014.
Trojan-SMS family programs accounted for 57.08 percent of all detections made by Kaspersky Lab security solutions for Android-based devices.
Second came RiskTool (21.52 percent positives), conditionally legitimate programs that can, however, be used for malicious purposes, such as sending SMS notifications of paid messages or transmitting geo-data.
Applications with aggressive advertising (pop-ups or ads with notifications in the status bar) came in third place (7.37 percent).
“Unfortunately, I think that most Android users did not think about their security. Not too many of them see the need for mobile antivirus, which as the report shows, is an issue,” Roman Unuchek, senior virus analyst at Kaspersky Lab, told eWEEK. “As we see in our analysis, the threats are there and will continue to be a risk for Android users, so it is important that they learn about these dangers and the security best practices they can implement to keep their mobile devices protected.”
However, the report also noted that it cannot be concluded that the threat landscape for Android-based devices was entirely pessimistic during the reporting period.
In April, Kaspersky experts noted a serious decline in the total number of attacks, mostly due to a large drop in the number of Trojan-SMS attacks.
This may have been the result of new rules for the services paid via SMS introduced by Russia’s telecoms regulator. Now all Russian operators must be sent a confirmation message from any subscriber who is trying to pay for services via SMS.
Since July 2014, the number of attacks has started increasing once more, and so it is possible that the new legislation contributed to the fall in April, indirectly confirming the effectiveness of legislation against cyber-fraud.
Users in Russia, India, Kazakhstan, Vietnam, Ukraine and Germany are among the main targets for cyber-attacks targeting Android OS. This is mostly because people in these countries often pay for content and online services through SMS, and so it is an attractive way for cyber-criminals to monetize malicious attacks because they can use these services to quickly and anonymously transfer money from prepaid mobile accounts to third-party bank accounts, the report noted.
Unuchek said he thinks it’s likely that users will continue to see a lot of new threats and vulnerabilities on the Android platform, as the security of Android is an area that many people have started digging into, and some of those people are cyber-criminals.
“These criminals see it as an opportunity to access data that will provide them with monetary gains, he said. “As mentioned in the report, it has to do with the fact that it won’t necessarily be an individual criminal working alone, but rather organized criminal groups with a large collection of actors. It will also be cyber-criminals involved in distributing malware, committing crimes outside the borders of the country where they live.”