Android Under Siege With Malware and Adware Quarterly Spike Of 400 Percent


Written by  Sudheer Raju | 29 October 2012
E-mail PDF

mobile securityTrendMicro has released a mobile security threat report that suggests while Apple’s relatively rigorous approach to vetting apps before allowing them on the App Store has minimised security risk, Google’s open platform has become a hotbed of malicious activity. Dangerous malware and information harvesting adware targeting Google Android users jumped 483% from nearly 30,000 in June to almost 175,000 in September, according to the latest security report for the third quarter of 2012.


Security Report Summary:

  • Apps are accessing users call history without informing them via an end-user license agreement (EULA) or their user interface (UI) constitute malicious behavior from a security perspective and are detected.
  • Even worse, the report states evidence of mobile apps being developed as targeted attack tools has come to light.
  • Record of more than 900,000 ZeroAccess malware detections to date, which have the ability to patch system files
  • Dangerous zero-day exploits targeting Java and Internet Explorer (IE) were found. The IE vulnerability was used in an advanced persistent threat (APT) campaign.
  • ZeroAccess malware, sometimes found on peer-to-peer (P2P) sharing sites, was the most prevalent this quarter. The old DOWNAD/ Conficker worm came a close second.
  • PayPal attracted the most phishermen while LinkedIn topped the list of chosen Blackhole Exploit Kit targets.
  • Saudi Arabia is new entrant and top of the list of countries from where the spam arrives. However the spammers might not be residing in the very location from where it comes from.

While Apple has been able to validate the authenticity of apps via its rigorous processes minimizing security threats, Google's Android platform seems to be struggling to restrict the growth of malicious android apps. Below diagram provides a view into android based malicious app volume growth across the year.

mobile

The report emphasizes more responsibility on app developers to verify extent of data gathering that goes on via the in-app libraries provided by ad networks.
Below diagram shows the number of product vulnerabilities declared by various vendors in the market. While Apple stands upfront with maximum declared vulnerabilities as opposed to Microsoft which has least reported in numbers. The data though does not include how severe the vulnerabilities reported were.

mobile

Rik Ferguson, Director of Security Research and Communications at Trend Micro added: "This level of criminal interest does not bode well for the future and for the Internet of Things, where Android is still the most likely Operating System to power the multitude of connected devices appearing over the horizon. Active and sustained criminal interest in the Android platform is a reality and looks set to continue for the foreseeable future until some fundamental and necessary changes are made to the infrastructure and some important security lessons are relearned at Operating System level.”

[Report Source: TrendMicro]

Sudheer Raju

Sudheer Raju

Founder of ToolsJournal, a technology journal on software tools and services. Sudheer has overall accountability for the webiste product development and is responsible for Sales and Marketing. With a flair to write, Sudheer himself writes for toolsjournal across all journal categories.


blog comments powered by Disqus