In its annual security bulletin, anti-virus vendor Kaspersky Lab highlights phenomenal growth in the number of malware variants targeting the Android platform, and the spread of such malware in the wild.
Android is targeted by 99% of mobile malware, according to the company.
A major area of concern is malware using over-broad permissions to dupe users, the Kaspersky report notes. A frequent technique by malware authors is to offer simple functionality (a home screen theme, or a simple game), but to request SMS/MMS permissions, which can then be used to exchange premium-rate messages.
"Mobile malware has been the burning question for the last four years," says Simon Campbell-Young, CEO of Phoenix Distribution, a local partner of Kaspersky and other AV providers. "We've been saying it is going to fast-track itself as the mobile market develops. As those devices become more sophisticated, it's going to become reality."
And now it has, he says. That reality is changing mindsets - from early days, users and observers downplayed the mobile risks, but "that mindset is changing, and changing fast", Campbell-Young says.
"Especially in banks and telcos. But in the next six months, we expect to see an exponential curve in how enterprises and consumers adopt mobile anti-virus. You must be insane not to run something, whatever it is."
The value of data on mobile devices is high enough to be an attractive target for criminals, and to seriously harm a user or company affected by malware, Campbell-Young points out. "Who doesn't have passwords stored on their smartphone, or sensitive documents or e-mail?"
Although Android accounts for the vast majority of mobile malware, the Kaspersky report also notes instances of malicious software on Apple's app store for the first time, as well as on BlackBerry smartphones.
Unofficial app stores
The vast majority of Android malware comes from third-party app stores, or simply standalone downloads. Android allows users to install software from "unsafe" sources, and although mechanisms to detect malware are gradually being built into the OS, many users are exposed this way. In some parts of the world, where apps or entire stores do not cater to local users, these third-party app stores are the only way for users to source apps.
Also, many of the apps classified as "malware" are questionably classified as malicious. Among Kaspersky's list of top 10 mobile malware are apps which do nothing besides display advertising: they exist to dupe users into downloading them, to generate ad hits, but do nothing outright harmful.
Other unwanted behaviour includes modifying the browser home screen without user consent. But more serious threats in Kaspersky's list include Foncy, the first mobile botnet discovered during 2012, remote rootkits, and identity theft agents.
Google has taken steps to reduce the volume of malware. Early in 2012, it introduced Bouncer, an app scanning tool that identifies and removes harmful apps in its own store.
Google claimed Bouncer reduced the amount of potential malware items in its store by 40%, but plenty more was available.
Later in 2012, the company bought VirusTotal, and will use the AV technology to improve its detection. The latest version of the OS checks for known malware in apps from any source, and highlights risk to the user (but still allows installation to proceed after a warning).
Share