The release of a free Android security application may simplify the protection of increasingly popular mobile devices, but user ignorance and the proliferation of malware-ridden honeytraps mean users must be targeted with focused education, a security expert has argued.
Noting that 99.5% of Android malware came from third-party app stores, BitDefender chief security researcher Catalin Cosoi tells CSO Australia that the sheer breadth of mobile application offerings, coupled with a user perception that mobile devices are free from security concerns, had created a real opportunity for mobile malware and adware authors.
“Unfortunately, users on Android were educated that they have to give something in order to get something for free, for example looking at ads to get apps for free,” he explains. “However, just from seeing a few ads in order to play a free game, many end up having no idea which application is doing what, and the quantity of what you get is totally misplaced.”
A recent study from the company’s Bitdefender Labs found that the volume of adware targeting Android devices jumped 61% in the five months to January, while reports of Trojans increased 37% and malware grew 27% over the period.
The most common variants included the FakeInst Trojan and Plankton adware families. Because users often grant permission to these and other unscrupulous applications, they often give ready access to personal information that is granted or, in a growing number of cases, extracted by increasingly virulent adware.
Free availability of Android malware software – Bitdefender’s new Antivirus Free for Android, for example – may be particularly useful in Australia which, recent figures from Sophos suggest, is home to the world’s most frequently attacked Android users.
User education is an important part of reducing these figures, Cosoi says, with many users unaware that the Android platform is being actively targeted for data theft by malware authors. “The market is now educated in terms of what computer malware does,” he explains. “But in terms of mobile devices, I don’t think they understand there is actual malware and adware for these devices. For them, it’s still just a phone – but with Internet capabilities.”
Gadget-loving executives can be the worst offenders, he adds: “The main thing that scares me a lot is that Android malware can actually forward emails. “If a CEO installs a crappy game that will forward all of his professional and personal emails, that’s the easiest way to send out your launch campaign, marketing records, and so on.”
“Once users see the problem, everybody will look for solutions. But it is very hard to make them understand to see the problem in the first place.”