Juniper revealed it had detected a massive 276,259 malicious Android applications from March 2012 through March 2013 in its Third Annual Juniper Networks Mobile Threats Report. The report highlighted that a massive 73 percent of the malware used were FakeInstallers or SMS Trojans.
The threats are particularly nasty as they exploit holes in mobile payments to earn hackers as much as £7 immediate profit per infected device. The hacker can continue to steal money from their victims until the malware is forcibly removed from the device.
The figure means the scams are earning crooks at least £1.4m up-front profit. Trojan spy tools accounted for a further 19 percent of the detected attacks, with the remaining four percent being listed as 'other'.
Juniper researchers highlighted ongoing fragmentation in the Android ecosystem as a key reason for the marked increase in attacks targeting the platform.
"Attackers continue to benefit from the largely fragmented Android ecosystem that keeps the vast majority of devices from receiving new security measures provided by Google, leaving users exposed to even well-known and documented threats," the report states.
"Google provides protection against SMS threats in its latest OS version [4.2.2 Jelly Bean], yet according to Google, only four percent of Android phones have it as of 3 June. This threat could be largely eliminated if the Android ecosystem of OEMs and carriers found a way to regularly update devices."
Juniper is one of many security firms to criticise Android's fragmentation, with the latest official stats from the Android Developers forum confirming only four percent of phones are running using 4.2.2 Jelly Bean. The slightly older 4.2.1 version is running on 29 percent of active Android devices and the even older Ice Cream Sandwich version is active on a worrying 25.6 percent. Worse still, a massive 36.4 percent are running on the now ancient Gingerbread Android version.
Juniper highlighted Google's open policy to applications as another key issue facing the Android operating system. "Most significantly, Google's support for mobile application stores abets the work of mobile malware authors and has become a major security sticking point. These third-party marketplaces have become a favoured distribution channel for malware writers and offer a much shorter supply chain for getting their illicit wares to the public," the report advises.
"One clear problem affecting Android marketplaces is a lack of accountability. In the interest of building up their inventory, third-party app markets may have few - if any - barriers to entry for mobile application developers. That results in poor quality and malicious applications making it onto these online stores and, from there, onto Android devices."
Juniper researchers said these ongoing issues mean that 92 percent of mobile malware is designed to target Android. The figure marks a staggering increase from the 24 percent figure recorded during the same period in 2010.
Juniper is one of many security firms to detect an alarming spike in the amount of mobile malware. Russian security firm Kaspersky detected 23,000 new mobile threats in its Q1 2013 Threat Report.
No comments:
Post a Comment