Over three quarters of Android threats are malicious apps that send SMS messages to premium rate numbers could be mitigated by a protection feature present in Android 4.2, according to researchers from networking vendor niper Networks.
However, because manufacturers carriers fail to update Android end user devices in a timely fashion, only 4 percent of devices currently run Android 4.2, even though this version was released more than six months ago.
From h 2012 to h 2013 the number of mobile threats grew by 614 percent to reach a total of 276,259 malicious samples, researchers from niper Networks’ Mobile Threat Center (MTC) said in a report released dnesday. Of those malicious applications, 92 percent target the Android operating system, they said.
The surge of Android malware in the past two years is consistent with the findings of other security vendors that track mobile threats. This growth is primarily driven by Android’s “comming share” of the global smartphone market, the niper researchers said.
The majority of Android malware, 77 percent, are apps that earn money for their creators by either requiring users to send SMS messages to premium rate numbers or by surreptitiously sending such messages on their own. These threats usually masquerade as legitimate applications or come bundled in pirated apps.
The niper researchers estimate that every successful attack using such an app can bring an immediate profit of $10 for the attacker on average.
at Android 4.2 provides
Android 4.2 introduced a feature that detects attempts to send SMS messages to special rate numbers, also known as short codes, prompts users for confirmation. Unfortunately, due to the Android market fragmentation, only 4 percent of Android devices are currently running Android 4.2.x.
This estimation is based on data collected from ayover a 14-day period ending on May 1, 2013, the niper researchers said. Based on the same data, the most common versions of Android found on devices are Android 2.3.3 to 2.3.7, also known as “Gingerbread,” with a 36.4 percent coverage Android 4.0.3 4.0.4, also known as “Ice Cream Swich,” with 25.5 percent.
The lack of regular updates for Android devices contributes to the growth of Android malware, because the latest protections added by to the operating systems reach users too late or never, the researchers said.
Spyware
The second most common type of Android threats are spyware applications that capture transfer sensitive user data to attackers. These account for 19 percent of all malicious samples collected by niper’s MTC.
Some information-stealing Android Trojan apps discovered during the past year distributed through drive-by downloads or phishing emails could also pose a threat to enterprise environments, the niper researchers said.
Data collected from enterprise mobile devices running niper’s nos lse endpoint collaboration security software showed at least one infection on 3.1 percent of such devices.
ile that figure is not large enough to raise a significant alarm, it is proof that the threat of mobile malware to corporate devices is not only theoretical, the niper researchers said. “ expect the presence of mobile malware in the enterprise to grow exponentially in the coming years.”
