The number of mobile malware apps has jumped 614% in the last year, according to studies conducted by McAfee and Juniper Networks.
The Juniper study -- its third annual Mobile Threats Report -- showed that the majority of attacks are directed at Android devices, as the Android market continues to grow. Malware aimed specifically at Android devices has increased at a staggering rate since 2010, growing from 24% of all mobile malware that year to 92% by March 2013.
According to data from Juniper's Mobile Threat Center (MTC) research facility, the number of malicious mobile apps jumped 614% in the last year to 276,259, which demonstrates "an exponentially higher cyber criminal interest in exploiting mobile devices."
"Malware writers are increasingly behaving like profit-motivated businesses when designing new attacks and malware distribution strategies," Juniper said in a statement. "Attackers are maximizing their return on investment by focusing 92% of all MTC detected threats at Android, which has a commanding share of the global smartphone market.
In addition to malicious apps, Juniper Networks found several legitimate free applications that could allow corporate data to leak out. The study found that free mobile apps sampled by the MTC are three times more likely to track location and 2.5 times more likely to access user address books than their paid counterparts. Free applications requesting/gaining access to account information nearly doubled from 5.9% in October 2012 to 10.5% in May 2013.
"Whether the device is corporate or employee owned, the end user is often using it for both work and personal activities. Because of that, companies need a holistic approach to managing and securing the physical devices as well as the applications that are downloaded onto them," said Adam Stein, a senior director of mobile product marketing at SAP.
McAfee's study found that a type of SMS malware known as a Fake Installer can be used to charge a typical premium rate of $4 per message once installed on a mobile device. A "free" Fake Installer app can cost up to $28 since each one can tell a consumer's device to send or receive up to seven messages from a premium rate SMS number.
Seventy-three percent of all known malware involves Fake Installers, according to the report.
"These threats trick people into sending SMS messages to premium-rate numbers set up by attackers," the report states. "Based on research by the MTC, each successful attack instance can yield approximately $10 in immediate profit. The MTC also found that more sophisticated attackers are developing intricate botnets and targeted attacks capable of disrupting and accessing high-value data on corporate networks."
Juniper's report identified more than 500 third-party Android application stores worldwide, most with very low levels of accountability or oversight, that are known to host mobile malware -- preying on unsuspecting mobile users as well as those with jail-broken iOS mobile devices. Of the malicious third-party stores identified by the MTC, 60% originate from either China or Russia.
According to market research firm ComScore, Android now has a 52.4% market share worldwide, up 0.7% from February. As Samsung has been taking market share from Apple, Android use is expected to continue to grow, according to ComScore.
According to market analyst firm Canalys, Android representedalmost 60% of the mobile devices shipped in 2012. Apple accounted for 19.3% of devices shipped last year, while Microsoft had 18.1%.
This article, Mobile malware, mainly aimed at Android devices, jumps 614% in a year, was originally published at Computerworld.com.
Lucas Mearian covers storage, disaster recovery and business continuity, financial services infrastructure and health care IT for Computerworld. Follow Lucas on Twitter at @lucasmearian or subscribe to Lucas's RSS feed . His e-mail address is firstname.lastname@example.org.