by Gary Sims, 1 year ago
New malware, which targets Android users with the offer of a system upgrade, has been discovered. UpdtBot (Update Bot), as it is known, spreads via SMS messages but is really a malicious app which allows…
You might be asking yourself if you read the headline to this post correctly. A 2200% growth in the number of malicious Android apps, can that be right? Unfortunately it is. According to the Mobile Threat Report Q1 2012 (PDF) released by security company F-Secure, the number of malicious Android application package files (APKs) they received in the first three months of the year grew from 139 in 2011 to 3063 for the same period in 2012. Similarly, in 2011 security researchers discovered 10 new families of Android malware. Move forward twelve months, and that number has grown nearly four-fold with 37 new families and variants discovered in Q1 2012.
So why the growth? For one part, it is due to Android's popularity. As market shares have grown and companies like Samsung have moved into the top handset manufacturer spots, Android has become a lucrative target for malware writers. Greed is a powerful motivator and the majority of malware is written to gain money illegally and unethically. The 2200% jump in malicious apps is largely due to attempts by malware writers to modify malware signatures to defeat anti-virus detection coupled with an increase in the number of apps trojanized.
This trojanizing of popular apps is a key strategy for cyber criminals. They take a popular game, say Angry Birds, and then add malware to it. Next, it is disseminated via third party app stores or via direct download links on social networking sites. Unsuspecting victim's download the app which in turn infects their Android device. In the case of premium rate SMS malware, the next phone bill is unexpectedly large!
Three interesting malware packages found in the last year include:
As always – be careful what you download and from where you download it!
Are you concerned about Android malware? Are you a victim? What do you think Google should do about it? Let us know by leaving a comment below.