Android spyware infections on the rise: report

About 1 per cent of Android devices are infected with malware, according to Alcatel-Lucent's Kindsight Security Labs

An increasing number of Android phones are infected with mobile malware programs that are able to turn the handsets into spying devices, according to a report from Kindsight Security Labs, a subsidiary of telecommunications equipment vendor Alcatel-Lucent.

The vast majority of mobile devices infected with malware are running the Android operating system and a third of the top 20 malware threats for Android by infection rate fall into the spyware category, Kindsight said in a report released Tuesday that covers the second quarter of 2013.

The Alcatel-Lucent subsidiary sells security appliances to ISPs (Internet service providers) and mobile network operators that can identify known malware threats and infected devices by analyzing the network traffic.

Data collected from its product deployments allows the company to compile statistics about how many devices connected to mobile or broadband networks are infected with malware and determine what are the most commonly detected threats.

The malware infection rate for devices connected to mobile networks is fairly low, averaging at 0.52 percent, Kindsight said in its report. These infected devices include mobile phones as well as Windows laptops that use a mobile connection through a phone, a 3G USB modem or a mobile hotspot device.

In January the number of infected mobile phones accounted for slightly more than 30 percent of all infected devices connected to mobile networks, but by June they grew to more than 50 percent.

The vast majority of infected mobile phones run Android. Those running BlackBerry, iOS and other operating systems represent less than 1 per cent of infected mobile devices, Kindsight said.

When calculated separately, on average more than 1 percent of Android devices on mobile networks are infected with malware, Kindsight said in its report.

The malware threat most commonly seen on Android devices was an adware Trojan program called Uapush.A that sends SMS messages and steals information, Kindsight said. Uapush.A was responsible for around 53 percent of the total number of infections detected on Android devices.

The second-most-common Android threat was a Trojan program called QdPlugin, whose primary purpose is to install and control other adware programs. This malware is distributed as repackaged versions of legitimate games and connects to a control server located in the U.S.

A particularly worrying trend is the increase in the number of spyware threats that appear in the top 20, according to Kindsight. Spyware programs can typically record phone calls and text messages; track the phone's location; monitor email, social media and browsing activity; access photos and contact information, and more.

"Until now mobile spyware has been aimed at the consumer market, with the promise of being able to track your loved one's every move through their phone," said Kevin McNamee, security architect and director of Alcatel-Lucent's Kindsight Security Labs, in a blog post Tuesday. "But locating teenagers and a straying spouse are only one part of the story."

"Mobile spyware in the 'Bring Your Own Device' (BYOD) context poses a threat to enterprises because it can be installed surreptitiously on an employee's phone and used for industrial or corporate espionage," McNamee said.

In order to demonstrate the risks posed by such threats, Kindsight has developed a proof-of-concept spy-phone program that can be injected into other Android applications and can provide the attacker with backdoor access to enterprise networks. He plans to present it at the Black Hat USA 2013 security conference in Las Vegas next week.

Kindsight's report also contains infection statistics for home networks, saying that 10 percent of them showed signs of malware infections. Six percent of home networks had infections with high-threat-level malware like botnets, rootkits or banking Trojans programs, Kindsight said.

Join the CSO newsletter!

Error: Please check your email address.

Tags KindsightAndroid OSalcatel-lucentsecuritymobile securityspywaremalware

More about Alcatel-LucentBlackBerryLucent

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Lucian Constantin

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place