The Android OS is now installed on hundreds of millions of devices. In Q3 2012 alone, 122 million Android devices were sold, compared to 60 million for the same period in 2011 (Gartner – November 2012). Cybercriminals have clearly taken notice of the huge number of devices, as evidenced by the explosive growth of Android malware over the last year.
Commtouch’s Internet Threats Trend Report released today includes figures for Android malware growth over the last few months. Although January’s level was still astonishingly high (over 178,000 unique samples) it did represent a 16% drop from the over 214,000 samples collected in December 2012. Commtouch’s AV Lab analysts have explained that the December levels may have been an anomaly.
Aside from the huge install base there are additional factors that add to the attraction of Android as a malware platform. The first is the always-connected nature of most devices – either to WiFi or mobile networks. This allows cybercriminals to access compromised devices at will and abuse them in the same way as wired PCs. The second is the built-in payment mechanism – usually to app stores – that does not require user re-entry of credit card information. This can be easily abused for bogus background app-store purchases. In addition to unwanted purchases, cybercriminals can monetize Android malware in other ways:
- Generating revenue from premium services (SMS/call fraud) which are used in the background and remain unknown to the user until large bills are received.
- Mobile banking Trojans that steal user banking credentials which can then be used to siphon money out of accounts.
- Espionage/corporate information theft – compromised devices – particularly in the BYOD (bring your own device) era – represent a huge threat to enterprises protecting sensitive data. These devices store VPN and email credentials allowing potentially damaging access to corporate networks.
- Phone cloning – device details are stolen and then used to create clones which can use mobile services (calls/data/SMS) at the user’s expense. Alternatively these numbers (traceable to legitimate users) can be used for criminal purposes.
- Mobile botnets – abusing the always connected nature of devices, they can be turned into zombies for the purposes of sending spam or malware via email or taking part in denial of service (DDOS) attacks.
In addition mobile Internet users are exposed to the same undesirable content prevalent on other platforms (such as phishing) as well as newly created Web threats, specific to mobile devices.
To enable vendors and service providers to respond to the growing Android threat Commtouch released its Mobile Security for Android offering in January. More information about the solution is available here.