Most Android threats would be blocked if phones ran latest Android version, report says

Android 4.2 contains protection against premium rate SMS apps, but has a very low distribution rate, Juniper researchers say

Over three quarters of Android threats are malicious apps that send SMS messages to premium rate numbers and could be mitigated by a protection feature present in Android 4.2, according to researchers from networking vendor Juniper Networks.

However, because manufacturers and carriers fail to update Android end user devices in a timely fashion, only 4 percent of devices currently run Android 4.2, even though this version was released more than six months ago.

From March 2012 to March 2013 the number of mobile threats grew by 614 percent to reach a total of 276,259 malicious samples, researchers from Juniper Networks' Mobile Threat Center (MTC) said in a report released Wednesday. Of those malicious applications, 92 percent target the Android operating system, they said.

The surge of Android malware in the past two years is consistent with the findings of other security vendors that track mobile threats. This growth is primarily driven by Android's "commanding share" of the global smartphone market, the Juniper researchers said.

The majority of Android malware, 77 percent, are apps that earn money for their creators by either requiring users to send SMS messages to premium rate numbers or by surreptitiously sending such messages on their own. These threats usually masquerade as legitimate applications or come bundled in pirated apps.

The Juniper researchers estimate that every successful attack using such an app can bring an immediate profit of US$10 for the attacker on average.

Android 4.2 introduced a feature that detects attempts to send SMS messages to special rate numbers, also known as short codes, and prompts users for confirmation. Unfortunately, due to the Android market fragmentation, only 4 percent of Android devices are currently running Android 4.2.x.

This estimation is based on data collected from Google Play over a 14-day period ending on May 1, 2013, the Juniper researchers said. Based on the same data, the most common versions of Android found on devices are Android 2.3.3 to 2.3.7, also known as "Gingerbread," with a 36.4 percent coverage and Android 4.0.3 and 4.0.4, also known as "Ice Cream Sandwich," with 25.5 percent.

The lack of regular updates for Android devices contributes to the growth of Android malware, because the latest protections added by Google to the operating systems reach users too late or never, the researchers said.

The second most common type of Android threats are spyware applications that capture and transfer sensitive user data to attackers. These account for 19 percent of all malicious samples collected by Juniper's MTC.

Some information-stealing Android Trojan apps discovered during the past year and distributed through drive-by downloads or phishing emails could also pose a threat to enterprise environments, the Juniper researchers said. Data collected from enterprise mobile devices running Juniper's Junos Pulse endpoint collaboration and security software showed at least one infection on 3.1 percent of such devices.

While that figure is not large enough to raise a significant alarm, it is proof that the threat of mobile malware to corporate devices is not only theoretical, the Juniper researchers said. "We expect the presence of mobile malware in the enterprise to grow exponentially in the coming years."

Join the CSO newsletter!

Error: Please check your email address.

Tags Android OSsecuritymobile securityscamsmobilespywarejuniper networksmalwaremobile applications

More about GoogleJuniperJuniper

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Lucian Constantin

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts

Market Place