Juniper Networks today released its third annual Mobile Threats Report showing the rapid growth and evolution of mobile malware into a profitable business for attackers. From March 2012 through March 2013, the Juniper Networks Mobile Threat Center (MTC) — a global research facility dedicated to around-the-clock mobile security and privacy research — found mobile malware threats growing at a rapid rate of 614 percent to 276,259 total malicious apps, demonstrating an exponentially higher cyber criminal interest in exploiting mobile devices.
Additionally, it is clear from developments in the threat landscape that malware writers are increasingly behaving like profit-motivated businesses when designing new attacks and malware distribution strategies. Attackers are maximizing their return on investment by focusing 92 percent of all MTC detected threats on Android. Attackers are also leveraging loosely regulated third-party app marketplaces to distribute malware and more quickly get threats on the market.
This year’s MTC report uncovered several mobile malware trends that demonstrate increased business savvy by attackers including:
Preying on High-Growth Market Opportunities: Mobile malware developers are recognizing huge opportunity in attacking Android. Malware for the Android operating system has increased at a staggering rate since 2010, growing from 24 percent of all mobile malware that year to 92 percent by March 2013.
More Effective Distribution: Attackers made strides to shorten the supply chain and find more agile methods to distribute their wares into the wild around the globe. The MTC identified more than 500 third-party Android application stores worldwide, most with very low levels of accountability or oversight, that are known to be hosting mobile malware. Of the malicious third-party stores identified by the MTC, three out of five originate from either China or Russia.
Multiple Paths to Big Profits: Almost three-fourths (73 percent) of all known malware are FakeInstallers or SMS Trojans, which exploit holes in mobile payments to make a quick and easy profit. These threats trick people into sending SMS messages to premium-rate numbers set up by attackers. Based on research by the MTC, each successful attack instance can yield approximately $10 USD in immediate profit. The MTC also found that more sophisticated attackers are developing intricate botnets and targeted attacks capable of disrupting and accessing high-value data on corporate networks.
Exploiting Android Fragmentation: The fragmented Android ecosystem keeps the vast majority of devices from receiving new security measures provided by Google, which could leave users exposed to even known threats. According to Google, as of June 3, 2013, only four percent of Android phone users were running the latest version of the operating system, which provides mitigation against the most popular class of malware measured by the MTC that makes up 77 percent of Android threats.
Increasing Privacy Violations: In addition to malicious apps, Juniper Networks found several legitimate free applications that could pose a risk of leaking corporate data on devices. Juniper Networks found free mobile applications sampled by the MTC are three times more likely to track location and 2.5 times more likely to access user address books than their paid counterparts. Free applications requesting/gaining access to account information nearly doubled from 5.9 percent in October 2012 to 10.5 percent in May 2013.
The Mobile Threats Report, conducted by the Juniper Networks Mobile Threat Center, is one of the largest first-hand quantitative research studies of its kind. The report is based on analysis of more than 1.85 million mobile applications and vulnerabilities, up more than 133 percent from the last report released in February 2012.
Source: Juniper Networks, Inc.
MacDailyNews Take: “Open.”
Related articles:
Latest self-replicating Android Trojan looks and acts just like Windows malware – June 7, 2013
99.9% of new mobile malware targets Android phones – May 30, 2013
Mobile malware exploding, but only for Android – May 14, 2013
Mobile malware: Android is a bad apple – April 15, 2013
F-Secure: Android accounted for 96% of all mobile malware in Q4 2012 – March 7, 2013
New malware attacks Android phones, Windows PCs to eavesdrop, steal data; iPhone, Mac users unaffected – February 4, 2013
FBI issues warning over Android malware attacks – October 15, 2012
Researchers discover serious flaw in Android app security, say HTC and Samsung ignore issue – September 28, 2012
Apple’s iPhone has passed a key security threshold – August 13, 2012
Android permissions flaw allows eavesdropping, data theft, location tracking – December 2, 2011
Massive HTC Android security flaw leaves security expert speechless – October 2, 2011
Apple’s iOS unaffected by malware as Android exploits surge 76% – August 24, 2011
Android malware records phone calls; iPhone users unaffected – August 2, 2011
Symantec: Apple iOS offers ‘full protection,’ Google Android ‘little protection’ vs. malware attacks – June 29, 2011
Malware apps spoof Android Market to infect Android phones – June 21, 2011
Google forced to pull several malware-infested apps from Android market – June 8, 2011
Android malware sees explosive growth; even faster than with PCs – April 27, 2011
Virus-laden apps infest Google’s ‘open’ Android platform; iPhone unaffected – March 3, 2011
Security firm warns of new Android trojan that can steal personal information; iPhone unaffected – December 30, 2010
Trojan infects Android smartphones; iPhone unaffected – August 10, 2010
Millions of Android phone users slammed by malicious data theft app – July 29, 2010
Unlike proactive Apple, reactive Google doesn’t block malware from Android app store – June 4, 2010
Malware designed to steal bank information pops up in Google’s Android app store – January 11, 2010
It’s “open” alright… for the wrong reason…
Makes me wonder why even get an Android phone in the first place
Friends with Android phones routinely can’t find the apps they just downloaded.
New Android app – “TAG! You’re It!”
So now, what do Android fans think of their choice?
I asked a few last week on the release of the report and all the Android users just stared at me blindly as if they hdd never heard the word “malware” & “security breaches” before.
These were people who I thought were reasonably informed.
Well, there goes my theory on informed Android users.
“So now, what do Android fans think of their choice?”
They don’t think anything of their choice… that’s why they chose Android in the first place. They delightfully keep tapping on their malware-ridden devices in total obliviousness.
They bought a device that has an operating system made by Google… a web search company. Inherently, Google’s motivation for Android is to collect information about you. Google then sells any information about the device owner to Google’s customers. Google’s customers are advertisers. The owners of Google Android devices aren’t customers. These device owners are better described as exploited lemmings that just keep on tapping in their downward spiral of ignorance… malware creators couldn’t have found a better home.
If only Apple directly responded to antagonism from the competition, these facts would make for a decent marketing campaign against Samsung. I’d use the Android malware threat to cleverly paint the Galaxy series as unsafe for consumers in comparison to the iPhone. Make sure that when Droidsters rant about walled gardens and awful closedededness, the average person hears “security.”
Only 92%? Who has the rest?
Good MDN take!
Yup, open to everything, all the garbage and crap from everyone. Just what I DON”T WANT!
Apple knows this and that’s why they developed the App store the way it is. Not to hinder, but to protect from what has happened to that lovely open market of Android. Apple knew if they did it that way that’s exactly what would have happened to there own App store. Open is great if there was a way to protect it from all the crap. But I’m afraid that it can’t be when it is open.
You can show this report and many more to the IT/CIO & Apple Haters, yes including Gov officials, and they will continue to buy into Android. How STUPID can these people be. Companies, Military, Security entities are just asking to get it up their butts by buying Android OS devices.
They’ve continued to buy Windows PCs for decades. I’d say you have your answer how stupid these people can be.
iOS doesn’t have any malware because it’s so obscure. (LOL)
——RM
Hi…. i’M iOs …. & I’m Android…. Media campaign. My android has been replaced 7 times now. It is still 3 generations behind and my bank accounts have been drained 3 times. But I stick with Android because they keep giving me a free phone with no questions. Hi I’m iOS I don’t have those kind of problems.
I am skeptical of that 92% figure. It sounds far too low to me.
Where are all the trolls? Their absence is loud.
Thank you Google!