Juniper Study Finds Mobile Malware Grew 600 Percent, Targets Android Most
Careful what you install on your smartphone. The number of malware programs masquerading as legitimate mobile apps grew by more than 600 percent in 2012, according to a new survey by the networking company Juniper.
The mobile platform with the biggest target on its back is Google’s Android. Juniper says that malware aimed at phones running that operating system account for 92 percent of all mobile malware it has encountered.
The report goes on to explain that mobile malware for Apple’s iOS, the next-most-popular platform in terms of market penetration, is “noticeably absent” from its malware sample database. “Theoretical exploits for iOS have been demonstrated, as well as methods for sneaking malicious applications onto the iOS App Store,” the report says, but criminals have tended to favor Android as their target, because there is less oversight on the process of releasing applications into the wild.
About 73 percent of mobile malware was either FakeInstallers or SMS Trojans, which exploit holes in mobile payment systems to turn a quick profit. And they get around. Juniper says it found more than 500 third-party Android app stores operating around the world — and few catering to jailbroken iOS devices — distributing instances of malware.
Another issue facing Android users is the multiple variants of the OS in circulation. Juniper cites Google as saying that as of June 3 only four percent of Android users were running the most recent version of the OS which cleans up vulnerabilities that are exploited by about 77 percent of Android malware.
The report bases its findings on an analysis of 1.85 million mobile applications and known vulnerabilities, and comes on the same day that mobile security firm Lookout reported that 6.5 percent of free Android applications on Google Play contain adware.
It’s also just the latest in a series of industry reports tracking the rising concern of mobile security. Earlier this month, the security software firm Check Point reported the findings of a survey suggesting that most businesses experienced some kind of mobile security incident in the past year.
That’s not hard to imagine, especially in light of some of the newer tactics being employed by malware creators. In April, Lookout noticed that some malware it dubbed BadNews behaves in a perfectly benign manner at first, only serving up ads, but later pivots to using its access to the phone to install more malignant malware.