Follow Us

We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message

Google Android malware grows five-fold since July

'Exponential growth' driven by Google's policy of not vetting apps and veteran hackers deserting Symbian and Windows Mobile

Article comments

Malware targeting the Google Android mobile operating system exploded in the last several months, its volume quintupling since July according to Juniper Networks.

The rash of infected apps aimed at Android owners shows no sign of abating, said Dan Hoffman, Juniper's chief mobile security analyst and a member of the company's global threat centre.

"We're seeing a mix of the traditional hacking community working on malware very similar to organised efforts on the PC side, as well as people who are just a little smart, the '15-year-old kid crowd', who are able to hide some malicious content in an app," Hoffman said.

According to Juniper's research, the number of Android malware samples - each defining a different piece of attack code, or a variant of one discovered earlier - increased by 472% since July 2011. The bulk of that growth occurred in September and October.

Exponential growth

"We've seen an exponential growth in Android malware over the last several months," Juniper said in a blog post that accompanied Juniper's recently-published mobile threat report.

The prime threat remains purposefully-malicious Android apps that are crafted by criminals, often pirated versions of legitimate applications, then planted in either Google's official Android Market or in one of the scores of alternate download sites, which are especially popular in Asia - China in particular.

"That is very clearly the threat now," said Hoffman, who added that the hackers' strategy would likely continue indefinitely.

That's because Google doesn't control what apps can be installed on an Android mobile device, as Apple does with code-signing technologies for iOS apps, and so makes third-party app download centres possible. Nor does Google vet apps submitted to the Android Market.

Other security researchers have noted the same when they have found malicious apps in the Android Market or in unsanctioned e-stores.

Symbian and Windows abandoned

At least three different waves of malware - in March, June and finally July - infiltrated the Android Market this year. The malicious apps were removed by Google only after they had been downloaded by an unknown number of users.

Far more attack apps have appeared in Chinese app stores that distribute Android software.

Juniper speculated that the hackers now crafting Android malware are those who used to specialise in Symbian and Windows Mobile attack code. But as those operating systems' share plummeted - web metrics company Net Applications put their shares during October at 3.5% and 0.07%, respectively, down from 8% and 0.2% a year ago - the criminals have abandoned those platforms and jumped on Android.

And those hackers know their stuff.

"Together, the Symbian and Microsoft Windows Mobile platforms are the oldest and most researched mobile platforms, and devices running those mobile operating systems have been the targets of the most prolific and effective malware known to affect mobile devices," said Juniper.

App vetting process

While Google's practice of not policing the Android Market, and its inability to restrict all apps to its own distribution channel, has been pegged as the primary reason for the OS's vulnerability, Hoffman argued that the policy also gave users the means to protect themselves.

"There may be a better vetting process on iOS, but a really critical point is that Android users have the benefit of a security marketplace," said Hoffman, referring to the large number of anti-malware programs available for Google-powered smartphones and tablets.

"In iOS, consumers and even enterprise don't have a choice," Hoffman said. "There's no benefit of competition because users are completely reliant on Apple for security."

Hoffman has a point: When Lookout Security, a leader in Android-based antivirus software, recently introduced a version for iOS it was unable to provide any malware scanning capabilities in the app.

Not surprisingly for someone who works for a security firm, Hoffman also argued that it wasn't up to the OS provider to guarantee a secure device; users have responsibilities, too.

"No matter what policies an app store may have, the real way is to protect a device is to protect it with security software," Hoffman said. "You have to protect your mobile devices just like you protect your PCs."



Share:

More from Techworld

More relevant IT news

Comments



Send to a friend

Email this article to a friend or colleague:

PLEASE NOTE: Your name is used only to let the recipient know who sent the story, and in case of transmission error. Both your name and the recipient's name and address will not be used for any other purpose.

Techworld White Papers

Choose – and Choose Wisely – the Right MSP for Your SMB

End users need a technology partner that provides transparency, enables productivity, delivers...

Download Whitepaper

10 Effective Habits of Indispensable IT Departments

It’s no secret that responsibilities are growing while budgets continue to shrink. Download this...

Download Whitepaper

Gartner Magic Quadrant for Enterprise Information Archiving

Enterprise information archiving is contributing to organisational needs for e-discovery and...

Download Whitepaper

Advancing the state of virtualised backups

Dell Software’s vRanger is a veteran of the virtualisation specific backup market. It was the...

Download Whitepaper

Techworld UK - Technology - Business

Innovation, productivity, agility and profit

Watch this on demand webinar which explores IT innovation, managed print services and business agility.

Techworld Mobile Site

Access Techworld's content on the move

Get the latest news, product reviews and downloads on your mobile device with Techworld's mobile site.

Find out more...

From Wow to How : Making mobile and cloud work for you

On demand Biztech Briefing - Learn how to effectively deliver mobile work styles and cloud services together.

Watch now...

Site Map

* *