Mobile malware exploding, but only for Android
Malware targeting mobile devices is rapidly growing in both the number of variants found in the wild and in their complexity and sophistication, but the only platform being actively targeted is Google's Android, which researchers now say is resembling Windows on the desktop PC.
Source: F-Secure Labs
That was enough to rouse a tweet from the rarely used account of Apple's head of worldwide marketing Phil Schiller, who linked to the report with the brief admonition "be safe out there."
However, F-Secure's new report for the latest quarter shows Android now accounts for 136 out of 149 known threats, or 91.3 percent of all malware activity (up from 79 percent in 2012).
The other threats remained related to Symbian, with zero discovered for Blackberry, Microsoft's Windows Mobile/Phone or Apple's iOS. The research noted that mobile threats are overwhelmingly motivated by profits, with 76.5 percent designed specifically to con users out of money, rather than seeking to just cause damage.
Scammers single out Android users with cons that prompt them to update components like Adobe Flash, or direct them to services or job offers that request installation permissions from the user. Once granted, the malware installs code to either make a series of paid calls when the user is sleeping, or install SMS spyware designed to intercept the user's banking details over what appears to be a secure connection.
Those types of attacks are not possible on iOS, where Apple doesn't give third party developers the ability to ask users for obscure permissions or install the their own backdoors to read users' SMS messages. This foils the "commodity malware" business of creating exploit packages that can be sold, a market that is thriving on Android.
One example cited by F-Secure is "SmSilence,? malware discovered in Samsung's home country of South Korea that uses "the guise of 'coupons' for a popular coffeehouse chain," the firm explained. "If the so-called coupon app is installed, the malware will check if the phone number has a South Korean country code (+82). If the condition is met, SmSilence will harvest information from the device and forward the details to a server located in Hong Kong."
Unlike Apple, Samsung relies on Google and the open community to handle its software integration, leaving "open" the potential for such sophisticated attacks that take advantage of users using mechanisms often identical to those that have targeted Microsoft's desktop Windows platform.
Google stopped counting these users in its installed base statistics for developers (this enhanced version, below) in order to improve the appearance of Android fragmentation, but the majority still use very old versions of Android.
Source: Google
As Sean Sullivan, Security Advisor at F-Secure Labs stated in the report, ?I?ll put it this way: Until now, I haven?t worried about my mother with her Android because she?s not into apps. Now I have reason to worry because with cases like Stels, Android malware is also being distributed via spam, and my mother checks her email from her phone.?
Stels, an Android trojan delivered via fake U.S. Internal Revenue Service-themed emails, uses "an Android crimeware kit to steal sensitive information from the device," and also makes calls to premium numbers. Sullivan said the new threat ?could be a game changer.?
Users on any mobile platform, including iOS, can be targeted with spam that directs them to malware websites. However, while previous exploits have been demonstrated to allow a visited website to crack the security on iOS to "jailbreak" the device, Apple has been vigilant about patching these flaws and distributing iOS updates that scuttle the profitability of discovered threats, effectively frustrating the malware business on iOS.
The majority of Android phones are never updated, so even if Google or its partners were made aware of an exploit and chose to address it with a patch, most Android users would never get the updates, leaving lots of fertile ground for scammers to harvest.
This has opened up a booming business for Android malware that shares much in common with the desktop PC platform, a problem Microsoft worked desperately to fix over the past decade with increasingly sophisticated layers of malware filtering and blocking tools. Those tools, however, incur a performance hit and introduce new complications and inconveniences for users.
In contrast, Apple developed iOS with controls that specifically limit what installed apps can do and tightly regulate what personal information they can access.
These measures were initially greeted with contempt from many pundits who demanded a wide open platform that reintroduced all of the well known problems and vulnerabilities of the desktop computer into the new generation of mobile devices, but it has offered differentiated protection from malware for iOS users.
Source: F-Secure Labs
Android's monopoly on malware
According to malware researchers at F-Secure Labs, the number of active mobile threat families and variants initially spiked in the winter quarter, with Android's share jumping from 49 out of 74 known threats to 96 out of 100, with the balance being related to Nokia's essentially mothballed Symbian platform.That was enough to rouse a tweet from the rarely used account of Apple's head of worldwide marketing Phil Schiller, who linked to the report with the brief admonition "be safe out there."
However, F-Secure's new report for the latest quarter shows Android now accounts for 136 out of 149 known threats, or 91.3 percent of all malware activity (up from 79 percent in 2012).
The other threats remained related to Symbian, with zero discovered for Blackberry, Microsoft's Windows Mobile/Phone or Apple's iOS. The research noted that mobile threats are overwhelmingly motivated by profits, with 76.5 percent designed specifically to con users out of money, rather than seeking to just cause damage.
Android's malware reaches XP proportions
While researchers say the number of malware types is rising significantly, of greater concern is the rise of "highly specialized suppliers" who "provide commoditized malware services" that specifically target weaknesses in the Android platform, resulting in a situation where the "Android malware ecosystem is beginning to resemble to that which surrounds Windows.""The Android malware ecosystem is beginning to resemble to that which surrounds Windows."
Scammers single out Android users with cons that prompt them to update components like Adobe Flash, or direct them to services or job offers that request installation permissions from the user. Once granted, the malware installs code to either make a series of paid calls when the user is sleeping, or install SMS spyware designed to intercept the user's banking details over what appears to be a secure connection.
Those types of attacks are not possible on iOS, where Apple doesn't give third party developers the ability to ask users for obscure permissions or install the their own backdoors to read users' SMS messages. This foils the "commodity malware" business of creating exploit packages that can be sold, a market that is thriving on Android.
One example cited by F-Secure is "SmSilence,? malware discovered in Samsung's home country of South Korea that uses "the guise of 'coupons' for a popular coffeehouse chain," the firm explained. "If the so-called coupon app is installed, the malware will check if the phone number has a South Korean country code (+82). If the condition is met, SmSilence will harvest information from the device and forward the details to a server located in Hong Kong."
Unlike Apple, Samsung relies on Google and the open community to handle its software integration, leaving "open" the potential for such sophisticated attacks that take advantage of users using mechanisms often identical to those that have targeted Microsoft's desktop Windows platform.
Android's malware not limited to bad apps
Malware authors are also now increasingly targeting the many Android users who treat their device like a simple featurephone, the significant proportion of the Android installed base who never install apps.Google stopped counting these users in its installed base statistics for developers (this enhanced version, below) in order to improve the appearance of Android fragmentation, but the majority still use very old versions of Android.
Source: Google
As Sean Sullivan, Security Advisor at F-Secure Labs stated in the report, ?I?ll put it this way: Until now, I haven?t worried about my mother with her Android because she?s not into apps. Now I have reason to worry because with cases like Stels, Android malware is also being distributed via spam, and my mother checks her email from her phone.?
Stels, an Android trojan delivered via fake U.S. Internal Revenue Service-themed emails, uses "an Android crimeware kit to steal sensitive information from the device," and also makes calls to premium numbers. Sullivan said the new threat ?could be a game changer.?
Users on any mobile platform, including iOS, can be targeted with spam that directs them to malware websites. However, while previous exploits have been demonstrated to allow a visited website to crack the security on iOS to "jailbreak" the device, Apple has been vigilant about patching these flaws and distributing iOS updates that scuttle the profitability of discovered threats, effectively frustrating the malware business on iOS.
The majority of Android phones are never updated, so even if Google or its partners were made aware of an exploit and chose to address it with a patch, most Android users would never get the updates, leaving lots of fertile ground for scammers to harvest.
Apple developed iOS with controls that specifically limit what installed apps can do and tightly regulate what personal information they can access.
This has opened up a booming business for Android malware that shares much in common with the desktop PC platform, a problem Microsoft worked desperately to fix over the past decade with increasingly sophisticated layers of malware filtering and blocking tools. Those tools, however, incur a performance hit and introduce new complications and inconveniences for users.
In contrast, Apple developed iOS with controls that specifically limit what installed apps can do and tightly regulate what personal information they can access.
These measures were initially greeted with contempt from many pundits who demanded a wide open platform that reintroduced all of the well known problems and vulnerabilities of the desktop computer into the new generation of mobile devices, but it has offered differentiated protection from malware for iOS users.
Comments
I'm not a fan of Android, but I hope nobody got hurt by this malware explosion!
But don't worry. If you listen to the know-it-all fandroids, they will just tell you that you should always research the app you want to install and verify that it's from a site you trust. No problem right??
Thanks, but no thanks. I'll let Apple do all that up-front work for me. I have better things to do with my time that to spend it in some fandroid-like basement researching the background of every app I want to install.
Kind of like why Android is the dominant mobile OS, yet iOS garners all the web traffic.
Android apps are a joke.
But Android is OPEN¡/s
/s
Don't forget that Android is "open" but you should only install from Google Play?!?!?
Quote:
Originally Posted by sflocal
News flash: Android is a malware, virus infested theme park. What a surprise.
But don't worry. If you listen to the know-it-all fandroids, they will just tell you that you should always research the app you want to install and verify that it's from a site you trust. No problem right??
Thanks, but no thanks. I'll let Apple do all that up-front work for me. I have better things to do with my time that to spend it in some fandroid-like basement researching the background of every app I want to install.
Android apps are a joke.
I'm with you on the second paragraph. You know when they say that Apple fans are elitist? To me the real elitists are those who call people stupid for getting malware or having problems with their Windows PC or Android phone (or whatever platform). They feel so superior when they get to fix their friends and family computing devices while making them feel ignorant.
The reality is that the majority of people have better things to do in life than to learn all the intricacies of computing and what is defined as a "trusted site".
Quote:
Originally Posted by sflocal
But don't worry. If you listen to the know-it-all fandroids, they will just tell you that you should always research the app you want to install and verify that it's from a site you trust. No problem right??
While I agree... I am torn between laughing about these people's arguments, and being concerned about the amount of them running around with my contact details on their devices.
Quote:
Originally Posted by winstein2010
I remember XP was so bad when there were "drive-bys" that seemed to infect your PC by visiting top websites with malware infected ads. I'd like to see how Google would block apps that serves malware infected ads.
It was even worse than that. If you installed pre-SP1 XP on a computer with an unprotected Internet connection, you already could end up with an infected machine once the installation completed.
Quote:
Originally Posted by VL-Tone
I'm with you on the second paragraph. You know when they say that Apple fans are elitist? To me the real elitists are those who call people stupid for getting malware or having problems with their Windows PC or Android phone (or whatever platform). They feel so superior when they get to fix their friends and family computing devices while making them feel ignorant.
The reality is that the majority of people have better things to do in life than to learn all the intricacies of computing and what is defined as a "trusted site".
Yes... I make a good side-living removing all the infestations on people's PC's, yet I have no ego to deal with. In fact, I tell those people that if they want to stop paying me, buy a mac. Guess which ones stopped calling me, and I don't mind.
Windows and (now) Android has built-in job security for those folks that have the need to feel superior to lesser mortals.
The ones that crack me up are the guys that do nothing but live in their parent's basement and tell everyone else how their rigs never get viruses or malware. If I had nothing better to do than sit in front of a computer, my PC's would run pretty nice too. Back in the late-90's, early 2000's when time was a little more abundant, I would occasionally have one PC on a standalone network exposed to the Internet and time how infected it would get. I did that just for kicks and to practice removing the malware. The machines I come across now that are so infected, people just acknowledge and accept it. In an "appliance" like an Android phone, I shudder at the thought of some rogue app grabbing control or confidential info. Lots of people don't associate the problems prevalent in a PC as being the same on an Android phone and that is what I find dangerous.
I think the iPhone gave non-iPhone users the false impression that all phones are safe.
Quote:
Originally Posted by dreyfus2
While I agree... I am torn between laughing about these people's arguments, and being concerned about the amount of them running around with my contact details on their devices.
You know, I didn't really think about it until just now. Occasionally, I get some funky spam from an account I know I use only for personal use that I pass to friends. I don't use it for anything else. It makes me wonder if their handsets with my contact info got compromised in some way...
Annoying Apple iSheep behind their walled garden......</standing in my Mad Max Android wasteland>
Quote:
Originally Posted by sflocal
You know, I didn't really think about it until just now. Occasionally, I get some funky spam from an account I know I use only for personal use that I pass to friends. I don't use it for anything else. It makes me wonder if their handsets with my contact info got compromised in some way...
Obligatory "Friends don't let friends use Android" message.
On a more serious note, you're exactly right. Using a malware-less (light?) system for yourself is no guarantee that your own information will stay safe with any of your friends or relatives devices.
You act like one has to write a thesis on a app before installing it. No research needs to be done. Think of it like ebay, you search a item you want to buy and 2 sellers pop up, one with a high rating and another with few or none. Who are you going to buy from? You probably do the same exact thing in the app store. This data is really worthless without data on how many devices have gotten infected. More malware does not mean more infected devices.
Quote:
Originally Posted by dasanman69
You act like one has to write a thesis on a app before installing it. No research needs to be done. Think of it like ebay, you search a item you want to buy and 2 sellers pop up, one with a high rating and another with few or none. Who are you going to buy from? You probably do the same exact thing in the app store. This data is really worthless without data on how many devices have gotten infected. More malware does not mean more infected devices.
Not thesis-level. While apps on Google's Marketplace are (laughably) better, Android's ability to side-load apps not associated with any kind of verifiable rating system opens up a can of worms.
At least on iOS, I don't necessarily even have to look at the reviews, # of stars etc. If I want to do an impulse download of a free app, there's little (if any) worry I will have that it's rogue. I have Apple to delegate that authority to.
I just remembered the countless Android responses here and on other forums stating "Stupid users should know better than to download an app from an unknown site." and they honestly thought it was still the best way to do it because they hated Apple's walled-garden approach. What's even funnier are the fandroids that proudly say "That's why I have anti-virus running on my phone!"... A/V??!! Really??!! On a phone??!!
Now Google is seriously considering a more curated approach too. That still won't stop sideloaded rogue apps.
Quote:
Originally Posted by dreyfus2
It was even worse than that. If you installed pre-SP1 XP on a computer with an unprotected Internet connection, you already could end up with an infected machine once the installation completed.
Let's also not forget about the infamous Windows Messenger service, a spam magnet that MS inexplicably switched on by default for all versions of XP through SP2. Several years ago, I was configuring a work computer with XP SP1, and less than half an hour after connecting to the internet (on a dial-up connection no less) the first spam message popped up. And those pop ups kept coming until I looked up how to switch off the Messenger service. Considering the ubiquity of spam spread by Windows Messenger, it was inexcusable for Microsoft to leave that service on by default until SP2.
Not entirely true. The apps I have sideloaded were recommended on XDA, and various other sites. Side loading by default is off and many devices do not allow the user to change it, and the vast majority of users don't even know how to do it or are unaware that they can. Very much like the app store most users don't go past the highly downloaded or recommended apps. I won't deny malware is a problem with Android but I think most users especially in the US have little to none to worry about.
I loved and hated XP, it was the mother magnet of malware. My friend would get malware without ever visiting any questionable sites. Vista along with Chrome has all but eliminated malware.
Oh for goodness' sake.
1) Newbies cannot accidentally sideload an app. They have to first go find and purposely turn on "Load from unknown sources" and on some phones, also turn off "Disallow or warn before installation of apps that may cause harm."
2) Look at the list of threats. Almost all affect a small, targeted group that sideload an app in China or India, etc. They include sideloaded apps aimed at Tibetan human rights activists, and my favorite, "A fake "job offer" Android app in India informs that the user is being considered for a position at TATA Group, an Indian multinational company. To arrange the interview, the app asks for a refundable security deposit."
Sorry, but if you're that gullible, it doesn't matter if the "threat" came from an app or a website or an email.
3) Many of these "security firms" include, as potential threats, apps like log viewers which people download on purpose. Anything to boost the numbers.
Security reports try to scare people into buying security software. That's their primary purpose.