Amount of Malware on Android Has Skyrocketed

Malware aimed at Google’s Android mobile operating system has increased exponentially in the last few months, quintupling since July, according to security firm Juniper Networks. The volume of infected applications aimed at the operating system did not decrease, said Dan Hoffman, Chief Mobile Security Analyst at Juniper and a member of the company’s global threat center.

"We're seeing a mix of the traditional hacking community [working] on malware very similar to organized efforts on the PC side, as well as people who are just a little smart, the '15-year-old kid crowd,' who are able to hide some malicious content in an app," Hoffman said in an interview.

According to studies conducted by Juniper, the volume of Android malware samples increased by 472% just in the nearly 5 months since July of this year. Most of the number explosion occurred in September and October.

"We've seen an exponential growth in Android malware over the last several months," Juniper noted in a recent blog post that went along with Juniper’s recently-published report on the malware.

The primary threat still comes from intentionally-harmful applications with malware implanted by criminals. They’re typically pirated versions of legitimate applications and have been embedded into the official Android market.

Lack of Policing

"That is very clearly the threat now," said Hoffman. Hoffman thinks that the number of these apps will continue to grow. That’s because Google doesn’t monitor what applications make it onto the Android market, as Apple does with its AppStore.

At least three, maybe more, different kinds of malware have made it onto the Android Market in 2011. The applications were finally taken down by Google, but only after a substantial number of users had downloaded them. Most of the harmful applications have popped up in Chinese app stores that feature Android software.

Smart Hackers

Juniper thinks that the hackers writing malicious Android code are the same hackers that specialized in writing malicious code for Symbian and Windows Mobile. Since those operating systems aren’t as popular anymore, they’ve decided on Android as their next target. And they’re not just script-kiddies either.

"Together, the Symbian and Microsoft Windows Mobile platforms are the oldest and most researched mobile platforms, and devices running those mobile operating systems have been the targets of the most prolific and effective malware known to affect mobile devices," Juniper said.

While it may be the lack of policing by Google that allowed the malware to be distributed, it is also that policy that enables users to protect themselves. “There may be a better vetting process on iOS, but a really critical point is that Android users have the benefit of a security marketplace,” Hoffman said.

"In iOS, consumers and even enterprise don't have a choice," Hoffman said. "There's no benefit of competition because users are completely reliant on Apple for security."

That’s at least partially true. When Lookout Security, a leader in Android-based antivirus software released a version for iOS, they were unable to feature any malware-scanning capabilities in the application.

COMPUTERWORLD