Android malware problem should not be ignored, researchers say
The security industry has a credibility problem when it comes to mobile malware, but the threat is real, according to one expert
IDG News Service - Recent reports from antivirus companies seem to suggest that the number of Android malware threats is growing. However, there are still many skeptics who say the extent of the problem is exaggerated.
The security industry has an embarrassing credibility issue when it comes to mobile threats, Rik Ferguson, global vice president of security research at antivirus vendor Trend Micro, said Friday in a blog post.
Big industry vendors warned for many years that "next year" mobile malware will truly take off, but the threat never materialized, he said. "Now that the problem is well and truly here -- the last two years have both been called 'the year of mobile malware' at several points -- we have a problem persuading the world at large that we are not crying 'Wolf!' yet again."
One of the arguments commonly brought forward by skeptics is that Android malware mostly exists in third-party app stores that are popular in countries like China or Russia. That's not true, Ferguson said.
Trend Micro's mobile app reputation service has analyzed more than 2 million mobile app samples collected from around the world and 293,091 of them have been classified as outright malicious, Ferguson said.
Almost 69,000 of those were sourced directly from Google Play, which offers around 700,000 apps in total, he said. "It's not just Chinese and Russian app stores."
A further 150,203 apps of the 2 million analyzed by Trend Micro were flagged as high risk and 22% of the 2 million were found to leak device and SIM card identification numbers, as well as users' contact data and telephone numbers.
In addition to apps that pose security and privacy risks, there are many apps that are undesirable for other reasons. For example, 32% of the analyzed apps had poor battery usage, 24% had poor network usage and 28% had poor memory usage.
The statistics shared by Ferguson come one day after security firm F-Secure released a report saying that Android malware accounted for 96% of new mobile threats discovered during the fourth quarter of 2012 and 79% of all mobile threats discovered during 2012.
Bogdan Botezatu, a senior e-threat analyst at antivirus vendor Bitdefender, believes that the Android malware threats are not only increasing in number, but are also becoming more diversified. "Mobile malware has developed in a way that is extremely similar to the malware for Windows operating systems," he said Friday via email. "In the past years, we saw notable developments in the Android e-threat landscape: adware becoming more aggressive, increased number of premium-rate SMS senders and the emergence of SMS interceptor Trojans aimed at mobile banking fraud."
- Fight Malware, Malfeasance and Malingering Every year brings more extreme sets of threats than the last. The good news is that there are a range of mitigation options....
- Comprehensive Advanced Threat Defense The hot topic in the information security industry these days is "Advanced Threat Defense" (ATD). This paper describes a comprehensive, network-based approach to...
- Advanced Threat Defense: A Comprehensive Approach In this interview, Peter George, president, General Dynamics Fidelis Cybersecurity Solutions, explains why we need more than anti-malware, and what constitutes a comprehensive...
- Who's Spying on You? You're aware of the threats of malware to your business but what about the ever-changing ground rules? Cybercriminals today are launching attacks against...
- NSS Labs & Cisco Present: Evaluating Leading Breach Detection Systems Today's constantly evolving advanced malware and APTs can evade point-in-time defenses to penetrate networks. Security professionals must evolve their strategy in lockstep to...
- Will the Real Endpoint Threat Detection and Response Please Stand Up? This webinar explores new technologies & process for protecting endpoints from advanced attackers as well as the innovations that are pushing the envelope... All Malware and Vulnerabilities White Papers | Webcasts