The number of infected applications for Google’s Android platform in the third quarter of this year increased from nearly 30,000 in June to nearly 175,000 in September. This was reported in the Trend Micro Security roundup report for the third quarter of 2012.
Aggressive adware is the most important element in the Android attacks, says Trend Micro. Only 20 percent of Android users use a security app, increasing the risk that users falling prey to cyber criminals even greater. Users should be aware what permissions an app requires, before they approve any unintended access to sensitive information.
“Though most adware is designed to collect user information, a fine line exists between collecting data for simple advertising use and violating one’s privacy,” Trend Micro said. “Because adware normally collect user information for legitimate purposes, they can serve as an effective means to gather more data than some would want to give out.”
Some apps have clear malicious intent, such as apps that secretly involve a premium software services purchase. Other apps are malicious in a more subtle way a threat to privacy, and they collect information from the user than what the user wants.
The top three malware indentified by the company are ZeroAccess, Downad/Conficker, and Keygen, with more than 900,000 ZeroAccess infections to date.
According to the security roundup report, the Netherlands is at No. 2 behind the U.S. out of countries that host malicious websites. Zero Access malware found on peer-to-peer (P2P) sharing sites was the main source of infection in the quarter. The old DOWNAD/Conficker worm was on the second place. PayPal is most used for phishing activities while LinkedIn topped the list of Blackhole Exploit Kit targets. Most spam in the third quarter came from Saudi Arabia and India.
According to Raimund Genes, CTO of Trend Micro, it is actually no surprise that there has been such a huge increase in mobile malware.
“At the end of the day, all mobile apps are essentially Web clients; therefore, they are as unsecure as a browser, and that’s how you should treat them,” David Sancho, Trend Micro’s senior threat researcher, said in a statement.
Recently, FBI issued alert on the rise of Android malwares and advised some precautionary measures to prevent mobile devices from being attacked. Graham Cluley, a senior security analyst at Sophos, also shared the same opinion. Android is a much more open platform than iOS, and there are plenty of opportunities for cybercriminals to distribute Android code that either pretends to be a cracked version of a legit app, or to make money by sending expensive SMS messages to premium rate numbers.
It’s becoming clearer every day that users cannot rely upon Google alone to keep them safe from malware threats on Android. It is, thus, better that users install an antivirus onto their device and exercise caution when installing apps.