Juniper Networks has reported skyrocketing rates of Android malware infections on the networks of its mobile customers, with detected malware more than quadrupling in just the last six weeks. That’s on top of dramatic increases in the previous two years. The report will put more pressure on Google to tighten up security practices in the Android Market.
In a May report, Juniper networks reported a 400 percent increase in malware attacks since the summer of 2010. This week, the firm announced a further increase of almost 500 percent since that report came out, with most of the increase occurring since the beginning of October.
There are likely several factors behind the increase. The total number of smartphones in the market is growing rapidly, and Android’s share of that market has also been growing as well. And as Microsoft has discovered, the market leader tends to get a disproportionate share of attention from malware authors. But Juniper also blames Google for the lax security policies of its app store:
The main reason for the malware epidemic on Android is because of different approaches that Apple and Google take to police their application stores. Android’s open applications store model, which lacks the code signing and an application review process that Apple requires, makes it easy for attackers to distribute their malware. There is still no upfront review process in the official Android Market that offers even the hint of a challenge to malware writers that their investment in coding malware will be for naught. Until there comes a time that someone (ever heard of Charlie Miller?) figures out a tried and true way to get malicious applications into the App Store, Android will remain the target of mobile malware writers around the world.
Last month we explored the relative merits of Apple and Google’s approaches to their respective app store. We pointed to security as one of the key advantages of the Apple model. Juniper’s latest results lend credence to our argument.
Juniper says the malware it has detected breaks down into two major category. One is spyware that transmits sensitive personal information to a server that is presumably controlled by the malware author. Spyware accounts for 55 percent of malware detected by Juniper. Most of the rest use SMS scams as a monetization strategy. This type of malware “sends SMS messages to premium rate numbers owned by the attacker in the background of a legitimate application, without the person’s knowledge,” Juniper says. “Once these messages are sent, the money is not recoverable, and the owners of these premium rate numbers are generally anonymous.”
Google removes malware from its app store when it discovers it, and has the power to remotely wipe malicious software from users’ phones. However, some malware has the ability to exploit Android security vulnerabilities and gain root access. Once that happens, the only reliable way to get rid of it is to reset the phone to its factory settings.
Juniper is in the business of selling security products to businesses. So while we have no reason to doubt the soundness of the firm’s methodology, its results should be taken with a grain of salt.
View full post on National Cyber Security » Virus/Malware/Worms
