Explosive growth in Android malware – 600pc in just 12 months

24 Feb 2014

Android malware has increased by nearly 600pc to a total of more than 650,000 individual pieces of malware, researchers at SophosLabs have revealed.

Sophos today published its first Mobile Security Threat Report at Mobile World Congress in Barcelona, Spain. This report shows that the mobile revolution is clearly in effect, and as a result, mobile malware is on the rise.

By the end of this year, smartphones will outnumber the entire human population, with smartphone subscriptions reaching more than 7bn.

Just as the cyber-criminals targeted the dominant operating system of the past – Windows – now they are targeting the Android platform and its nearly 1bn devices.

In the past 12 months, researchers at SophosLabs have seen an alarming acceleration in the development of mobile malware.

In that time, Android malware has increased by nearly 600pc to a total of more than 650,000 individual pieces of malware.

sophos mwc

Although this is a tiny fraction of the number of pieces of malware out there for the traditional Windows PC, Android malware is indeed the fastest-growing threat to users.

The report also shows that in some countries (Russia, Austria and Sweden) the percentage of mobile devices that have been attacked by malware in the past three months (called the threat exposure rate, or TER) has outstripped the percentage of PCs that were attacked during the same period.

Spain, UK, India, Austria, and China all have a mobile TER fast approaching the desktop TER.

Flappy nerds

The most insidious of these mobile malware are designed to go after our bank accounts. Earlier this year, SophosLabs detected Windows malware that infects Android devices via a USB connection, and downloads a Trojan to the device that can intercept SMS text messages to steal two-factor authentication codes.

“If the cyber-criminals can get their hands on these codes, they can access email or mobile banking accounts despite the extra layer of security two-factor authentication is supposed to provide,” Sophos warned.

“Along with the growth of malware for Android, we have also seen a sharp rise in applications that, while not malware strictly speaking, pose a threat to user security and privacy, and the usability of devices. The potentially unwanted apps, or PUAs, include apps that link to aggressive advertising networks, can track devices and locations, and may even capture contact data.

“Some PUAs are little more than scams designed to trick users into paying for services they don’t need. For example, SophosLabs recently spotted apps mimicking the popular (and now defunct) Flappy Bird game in third-party Android app stores. Some malicious versions of the Flappy Bird game will send SMS text messages to premium-rate phone numbers, charged to your bill.”

Mobile malware image via Shutterstock

John Kennedy is a journalist who served as editor of Silicon Republic for 17 years