Information stored on an Android smartphone or tablet is vulnerable to almost 4,900 new malware files each day, according to a report G Data SecurityLabs released Wednesday.
Cybercriminals’ interest in the Android operating system has grown, the firm’s Q1 2015 Mobile Malware Report revealed.
“The report suggests that Android devices are becoming a bigger target for the bad guys and more profitable than in previous years,” said Andy Hayter, security evangelist for G Data.
The number of new malware samples in the first quarter increased 6.4 percent (440,267) from the fourth quarter of last year (413,871). The number of malware strains rose by 21 percent compared with the first quarter of 2014 (316,153).
More than 2 million new Android malware strains are likely to surface this year, G Data security predicted.
Just the Start
The 2 million figure is very realistic, due to the increasing use of Android devices for banking and shopping online, G Data suggested.
“The report shows that the OS has a bigger market share than the others, and thus is more interesting to security researchers and malware authors alike. Also, a lot of vendors offer Android devices varying in quality standards, but that is not a problem of the OS itself, but rather of the vendor in question,” Hayter told LinuxInsider.
Google introduced premium SMS Checks last year. After that, the malware models started to spread out, he noted.
“Before that time there were a few very active malware families, such as SMS FakeInstaller,” Hayter said. “Since then there are lots of small families.”
At least 41 percent of consumers in Europe and 50 percent in the U.S. use a smartphone or tablet for their banking transactions. Plus, 78 percent of Internet users make purchases online.
The new malware files have a financial foundation, according to the G Data report. At least half of all Android malware now in circulation includes banking Trojans, SMS Trojans and similar malware components.
The actual percentage of malware-infected Android apps easily could be higher, the researchers warned. They only studied malware with a direct financial purpose — many other types of cases might exist.
For example, a malware program might install apps or steal credit card data as an additional process after a payment is made. Because that type of malware would not seem to be financially motivated, it would not have been included in the report’s statistics.
Thin Dividing Line
Free Android apps offer particularly attractive attack vectors to cybercriminals. Many apps, especially free apps, rely on advertising to fund their development.
Bad apps can hide themselves in the background or conceal functions from users. Bad apps also can send legitimate apps’ data to additional advertising networks.
Apps that do such things — like programs running on PC OSes — are called “Potentially Unwanted Programs,” or PUPs. The report categorizes such apps as adware, noting that they often hide in manipulated or fake apps that are installed from sources other than the Google Play Store.
Android is a derivative of Linux, an operating system generally considered less likely to be targeted by viruses and malware. However, Android is less rigorous and less secure than other mobile platforms, said Rob Enderle, principal analyst at the Enderle Group.
“There is much more sideloading, which means there is a far easier path to getting viruses on Android devices than any other mobile platform,” he told LinuxInsider.
Google historically has been less focused on security and customer satisfaction than firms that are more closely tied to user revenue, Enderle said. Another reason for Android’s vulnerability is that mobile platforms generally don’t run security software.
Historically, they have been somewhat protected because of their tight ties to curated stores, “but now that smartphones have PC-like performance, they are becoming a magnet for malware,” noted Enderle.
Google’s lack of focus on this problem, reminiscent of Microsoft’s similar mistake in the late 1990s — which resulted in their having to rethink their OS and create Windows XP — has created a massive exposure for Android users,” he said.
Murky Supply Chain
Google uses a number of filtering methods to keep apps containing malware out of the Play Store. It requires app makers to declare which ads are displayed within the app, banning advertising forms that mimic system messages, as well as deceptive or confusing content.
However, consumers who use alternative app stores or intrusive advertising networks expose their devices to greater malware risk. Third-party outlets come packed with unwanted add-ons, and verification and guidelines are not clearly regulated, G Data said.
Advertisements that claim to be offering apps for download or purchase from Google Play are also entry points for malware, notes the report. They can expose devices to spyware and more adware.
“The risk of unknowingly installing PUPs or potential ransomware is greater when the app to be installed is not installed via Google Play or official Android vendor stores such as Samsung Apps,” said G Data’s Hayter.
Perhaps the one most effective strategy to minimize the risk of infection is to avoid discount app stores.
“Do not download apps from unknown app stores, except if you really trust the specific vendor,” Hayter said.
Several other practices will further safe use of Android apps. For instance, install a malware scanner. Check the permissions thoroughly before installing any app. Read consumer reviews on the Play Store. Do not trust free versions of apps that usually cost money, he advised.
Another concern is the role Android devices might play in attacks on intelligent cars, routers, and consumer appliances connected to the Internet of Things.
“The report demonstrates that Android devices are becoming a bigger and [more] profitable target for malware attacks. The increase in Android malware will continue to see an increase as the number of devices increase, including IoT devices that are Android-based,” said Hayter.
Intelligent devices are prone to attacks. Android smartphones and tablets increasingly are being used to control IoT devices. Unless data is encrypted, everything an app collects can be stolen by malware.