While heading to Heathrow Airport last month, our Security Advisor…
5 reasons 97% of all new mobile malware is targeting Android
“To no one’s surprise at this point, Android continues to be the most targeted mobile operating system, as threats against this platform accounted for 804 new families or variants, or 97% of the new threats we saw by the close of 2013,” F-Secure Labs notes in its latest Threat Report.
And because of the “hugely disproportionate attention being directed at the Android platform,” the only mobile threats the report investigates are those targeting devices operating on the Android platform.
So why are malware authors so fixated on one mobile ecosystem while ignoring millions of other devices?
Here are five reasons:
1. Android is the world’s most popular mobile platform.
Right now there are more mobile devices running the Android operating system that all other platforms combined. And while it will likely lose a bit of its market share in the near future, Android’s dominance is assured for the near future, making it the platform criminals are most likely to target.
2. Security is not uniform across the devices.
The Labs points out that Google has been making consistent security improvements to the Android platform. There are a shockingly tiny number of vulnerabilities that afflict the OS compared to PC platforms. However, the customizable nature of the OS, which has helped make it so popular, also prevents consistent security measures.
“While the various enhancements released in each update incrementally improve the security of the platform itself, actual per-user security is highly variable, since the fragmented nature of the Android ecosystem between various device vendors makes it basically impossible to ensure a uniform security level across all users,” the report states. “For most users, this means their device security ends up being largely in their own hands – both figuratively and practically.”
3. Users are exposing themselves to bad apps in unofficial stores.
Of all Android Marketplaces, the Google Play store has the best record of both preventing malware from being offered and promptly removing it when it does appear. Users are mostly likely to find malware in official stores, even though the vast majority of apps offered are not malware.
“As it turns out, for the top four stores, less than 10% of the samples we traced to them were identified as malicious,” the report notes. “Of all the markets, the one with the highest percentage of malware turns out to be Android159, with 33.3% of samples from it being classed as malware.”
If you stick to Google Play, where far less than 1% of the samples the Labs processed were malware, you’ll likely never come across a bad app.
4. Criminals are repackaging and trojanizing popular apps.
F-Secure Labs recently conducted a little experiment to get a sense of how users are being tricked into installing bad apps.
“In mid-December 2013, we looked at the top 20 most popular apps listed in the Google Play Store and investigated the rate of trojanization for these apps. In this case, we considered a trojanized version of an application to be one which uses the original package and application name, but also requests more permissions than the original. Out of the 20 most popular Play Store apps, we found that 8 have multiple trojanized versions available in third-party markets.”
How can you tell if you have a bad version of a good app? Permissions. “99% requested multiple permissions,” the report notes. You can check your app’s permissions with our free Permissions app.
5. Ads for mobile malware.
Scareware has been an effective tactic for infecting and extorting PC users for years. Now criminals have figured out a way to use a similar method on PC devices.
While the most common way to infect users remains third-party marketplaces, the Labs reports “there have been a number of incidents of malware being pushed by ads in mobile browsers that can be summarized as: ‘Warning! You’re infected. Get this app now to disinfect your device’.”
Now that you know why your Android is being targeted, here’s how to protect yourself and your device.
[Image by Uncalno Tekno | Flickr ]