Android accounts for 92% of mobile malware, malicious apps increase 614%

[FLoss]

A new study on smartphone malware has found that 92 percent of nefarious mobile

software is targeted at Google's Android platform, and the amount of attacks are

growing.

"Most Android malware could be avoided if users were running the latest operating system, but Juniper's data says only 4 percent of users are."

The latest data released on Wednesday by Juniper Networks reveals that Android

malware has grown at a "staggering rate" over the last three years. In 2010, it

accounted for just 24 percent of all mobile malware, while as of this March the

platform accounts for nearly all of it.



In the last year alone, the total number of malicious apps has grown 614 percent to

276,259. The annual Mobile Threats support also identified more than 500 third-

party Android application stores worldwide that are known to host mobile malware.


Of the malicious apps tracked by Juniper, three out of five emanated from either

China or Russia.


Almost three-fourths of mobile malware turn a profit by tricking users into sending

text messages to premium-rate numbers owned by attackers. Juniper estimates that

each successful smartphone attack can net about $10 in immediate profit.


Juniper also estimates that 77 percent of current Android threats could be eliminated

if users were running the latest version of the platform. However,

currently only 4 percent of Android devices are running the latest operating system.


"With mobile malware on the rise and attackers becoming increasingly clever, we

need better protection for mobile users and corporations," said Michael Callahan,

vice president of global product marketing at Juniper Networks. "While on one hand

the OEMs, carriers and software vendors must collaborate to develop platforms that

mitigate large threats, enterprises and government organizations need to take a

comprehensive look at protecting their data and networks by adopting a holistic

approach to mobile security."


Apple has frequently highlighted the security of its iOS platform and contrasted it

with the presence of malware on Google's competing Android mobile operating

system. During his company's most recent quarterly earnings report, Apple Chief

Financial Officer Peter Oppenheimer cited a study by McAfee Labs that found 97

percent of mobile malware was on the Android platform, while the remainder was

primarily on Nokia Symbian and Java ME.

Juniper's latest figures correlate with separate data released in May by F-Secure Labs,

which also found that mobile malware is rapidly growing — but only for Android.

Their figures found that Android accounted for 136 of 149 known threats, or 91.3

percent of all malware activity.

Link

 

[The Technician]

This could also be avoided if people weren't idiots and would stop downloading random and suspicious shit

 

[shoubie2003]

Stuff like this makes me not want to switch from IOS to an android device. Pardon my ignorance but what does this malware do to a mobile device?

 

[BigATLslim]

^^^Message.

 

[Goingmark40]

easy fix is for people to know what apps they downloading and to look at the permissions before they install...lotta junk apps out there

 

[Maxxam]

This could also be avoided if people weren't idiots and would stop downloading random and suspicious shit

/thread

 

[Djmarkxr7]

This could also be avoided if people weren't idiots and would stop downloading random and suspicious shit

Yup!

Same way they open up any damn e-mail & wonder what happened, treat you computer, cellphone or whatever like it's your front door, the same way you wouldn't let just anyone walk into your house, don't d/l or open everything just because you received it!

 

[FLoss]

[7/3] Security flaw opens all modern Android devices to "zombie botnet" takeover

A newly discovered flaw in Google's Android security model enables

rogue apps to gain full access to the Android system and all installed apps, read all

data on the device, harvest passwords and create a botnet of "always-on, always-

connected and always-moving" spy devices tracking users' location while secretly

recording.



The far reaching vulnerability, discovered by San Francisco's Bluebox Security,

involves "discrepancies in how Android applications are cryptographically verified &

installed, allowing for APK code modification without breaking the cryptographic

signature."

Android apps (packaged as an "APK") are signed with an encryption key (just like iOS

apps) to prevent a malicious party from changing the code. Signed apps are

expressly designed to enable the system to detect any tampering or modification.



However, due to the newly discovered Android flaw, a rogue developer can trick the

system into thinking that a compromised app is still legitimate, giving it system wide

access to do virtually anything.



"A device affected by this exploit could do anything in the realm of computer malice,

including become a part of a botnet, eavesdrop with the microphone, export your

data to a third party, encrypt your data and hold it hostage, use your device as a

stepping stone to another network, attack your connected PC, send premium SMS

messages, perform a DDoS attack against a target, or wipe your device," a

representative of the company wrote AppleInsider.



Affects everything Android, in a big way


The flaw has been in place since the release of Android 1.6 "Donut," meaning it

affects virtually all Android devices sold in over the last four years, essentially all of

the installed base of Android devices: Eclair, Froyo, Gingerbread, Honeycomb, Ice

Cream Sandwich and Jelly Bean.

A compromised app exploiting the vulnerability can take the appearance of a

legitimate app that has been given wide access to system resources. Bluebox notes

that many of Android licensees' own apps (such as those from HTC, Samsung,

Motorola or LG) as well as many VPN apps (such as Cisco's AnyConnect) are

customarily "granted special elevated privileges within Android – specifically System

UID access."



After bypassing Android's app-signing model to take the place of such an app, rogue

malware can obtain "full access to Android system and all applications (and their

data) currently installed."



This means the app subsequently "not only has the ability to read arbitrary

application data on the device (email, SMS messages, documents, etc.), retrieve all

stored account & service passwords, it can essentially take over the normal

functioning of the phone and control any function thereof (make arbitrary phone

calls, send arbitrary SMS messages, turn on the camera, and record calls)."



Bluebox adds, "finally, and most unsettling, is the potential for a hacker to take

advantage of the always-on, always-connected, and always-moving (therefore hard-

to-detect) nature of these 'zombie' mobile devices to create a botnet."



A big flaw to fix, requiring 900 million firmware updates



Bluebox disclosed the vulnerability to Google and members of the Open Handset

Alliance in February 2013, but the firm notes that "it’s up to device manufacturers to

produce and release firmware updates for mobile devices (and furthermore for users

to install these updates). The availability of these updates will widely vary depending

upon the manufacturer and model in question."

So far, Android licensees have been extremely slow to roll out any updates for their

users, often refusing to bother with distributing even significant security patches.



Android's unaddressed security lapses have helped make it the world's leading

mobile platform for malware, a problem many of its supporters simply refused to

acknowledge. However, this new vulnerability means puts Android users at even

more risk, because now they can't even trust apps signed by a legitimate developer.



As security firm F-Secure noted in May, "the Android malware ecosystem is

beginning to resemble to that which surrounds Windows."



Bluebox will be detailing the vulnerability in a Black Hat USA 2013 session by its

chief technology officer Jeff Forristal.



Partial containment, Google not open to talking about it


Update: a report by Computerworld notes that Samsung has included a patch

rectifying the issue for one device: its flagship Galaxy S4. The article noted Forristal

as saying that "Google has not released patches for its Nexus devices yet, but the

company is working on them."



"Google declined to comment on the matter," the report added. "The Open Handset

Alliance did not respond to a request for comment."



However, Google has blocked distribution of apps exploiting the flaw in Google Play,

although if user to is tricked into manually installing a malicious update "for an app

originally installed through Google Play, the app will be replaced and the new version

will no longer interact with the app store."



Addressing the issue of updating the hundreds of millions of Android devices that

have already been sold, Computerworld observed, "the slow distribution of patches

in the Android ecosystem has long been criticized by both security researchers and

Android users.



"Mobile security firm Duo Security estimated last September, based on statistics

gathered through its X-Ray Android vulnerability assessment app, that more than

half of Android devices are vulnerable to at least one of the known Android security

flaws.​