Android malware explodes, jumps five-fold since July
'Exponential growth' driven by Google's policy of not vetting apps, veteran hackers moving to Android
Computerworld - Malware targeting Google's Android mobile operating system exploded in the last several months, its volume quintupling since July, Juniper Networks said today.
The rash of infected apps aimed at Android owners shows no sign of abating, said Dan Hoffman, Juniper's chief mobile security analyst and a member of the company's global threat center.
"We're seeing a mix of the traditional hacking community [working] on malware very similar to organized efforts on the PC side, as well as people who are just a little smart, the '15-year-old kid crowd,' who are able to hide some malicious content in an app," said Hoffman in an interview today.
According to Juniper's research, the number of Android malware samples -- each defining a different piece of attack code, or a variant of one discovered earlier -- increased by 472% since July 2011. The bulk of that growth occurred in September and October.
"We've seen an exponential growth in Android malware over the last several months," Juniper said in a blog post that accompanied Juniper's recently-published mobile threat report.
The prime threat remains purposefully-malicious Android apps that are crafted by criminals, often pirated versions of legitimate applications, then planted in either Google's official Android Market or in one of the scores of alternate download sites, which are especially popular in Asia -- China in particular.
"That is very clearly the threat now," said Hoffman, who added that the hackers' strategy would likely continue indefinitely.
That's because Google doesn't control what apps can be installed on an Android mobile device, as Apple does with code-signing technologies for iOS apps, and so makes third-party app download centers possible. Nor does Google vet apps submitted to the Android Market.
Other security researchers have noted the same when they have found malicious apps in the Android Market or in unsanctioned e-stores.
At least three different waves of malware -- in March, June and finally July -- infiltrated the Android Market this year. The malicious apps were removed by Google only after they had been downloaded by an unknown number of users.
Far more attack apps have appeared in Chinese app stores that distribute Android software.
Juniper speculated that the hackers now crafting Android malware are those who used to specialize in Symbian and Windows Mobile attack code. But as those operating systems' share plummeted -- Web metrics company Net Applications put their shares during October at 3.5% and 0.07%, respectively, down from 8% and 0.2% a year ago -- the criminals have abandoned those platforms and jumped on Android.
And those hackers know their stuff.
Google's Android OS
- Review: 5 video editing apps for Android
- Malware-infected Android apps spike in the Google Play store
- Nokia plans forked Android smartphone for Barcelona unveiling
- LG G Flex deep-dive review: The curious case of the curved phone
- Xperia Z1S deep-dive review: A stylish phone with power and panache
- Low-end smartphone battle forces Nokia to Android
- Moto G real-world review: The best budget phone money can buy
- Google escalates offensive against Office with Android 'KitKat'
- Galaxy Note 3 deep-dive review: A plus-sized phone with perks and quirks
- LG G2 deep-dive review: Extraordinary hardware in an ordinary phone
- Best iPhone, iPad Business Apps for 2014
- 14 Tech Conventions You Should Attend in 2014
- 10 Desktop Apps to Power Your Windows PC
- How to Add New Job Skills Without Going Back to School
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- OpenStack Hype vs. Reality: CIO Quick Pulse Open-source architecture can enable IT departments to build infrastructure-as-a-service (IaaS) clouds running on standard hardware.
- The Critical Role of Support in Your Enterprise Mobility Management Strategy Most business leaders underestimate the importance of tech support when they choose an EMM solution. Here's what to put on your checklist.
- Separating Work and Personal at the Platform Level: How BlackBerry Balance Works BlackBerry® Balance™ separates work from personal on the same mobile device, right at a platform level. Find out how it can work for...
- Protection for Every Enterprise: How BlackBerry Security Works Get an IT-level review of BlackBerry® Security, addressing data leakage protection, certified encryption, containerization and much more.
- Live Webcast On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy...
- Live Webcast Unmasking the Differences between Consumer and Enterprise File Sync & Share The consumerization of IT combined with the rapid pace of the modern mobile workplace is forcing enterprise IT teams to evaluate file sync...
- Live Webcast Workforce Mobilization for Improved Productivity A mobility research director from Aberdeen discusses reasons for extending legacy applications to mobile devices, and an integration strategist from Attachmate shows how...
- Getting Ready for BlackBerry Enterprise Service 10.2 Find out how BlackBerry® Enterprise Service 10 helps organizations address the full spectrum of EMM challenges, while balancing the needs of both the...
- Containerization Options: How to Choose the Best DLP Solution for Your Organization This webcast outlines a framework for making the right choice when it comes to containerization approaches, along with the pros and cons of... All Mobile/Wireless White Papers | Webcasts
As emerging technologies evolve they often find an initial niche in highly specialized scenarios, or in specific industry verticals, before expanding to wider areas of applicability. Within these initial niches, the early adopters can be anything from digital enthusiasts to fashionistas, or they can be folks simply using the technology because it serves a specific need extremely well. (free registration required) more