Juniper Finds Android Malware Quadrupling8:09 PM EST Tue. Nov. 15, 2011
The amount of malware written for Android has more than quadrupled since July, an indication that criminals are targeting Google's open approach to the smartphone operating system to try to fleece mobile phone subscribers, networking company Juniper Networks says.
Juniper reported Tuesday a 472 percent increase in malware samples from July through mid-November. Month to month, Juniper found a 28 percent increase in September and a 110 percent jump in October.
During the same time period last year, the amount of malware was roughly a quarter of what it is now, an indication that hackers increasingly see Android as a cash cow. "Since Android's existence, we have never seen an increase this dramatic," Dan Hoffman, chief security evangelist at Juniper, said.
Hoffman gives two reasons for the increase: Android's rapidly growing user base and the fact that Google allows third-parties to build and sell apps for the OS. The former means there's lots of potential victims, while the latter makes it possible for criminals to launch their own sites to trick people into downloading illicit software.
Android was the most popular smartphone operating system in July, accounting for 40 percent of the U.S. market versus second-place Apple at 28 percent, according to Nielsen Co.
Along with fewer users, Apple also has fewer malware. That's because all apps for the iPhone have to be vetted and sold by Apple on the App Store. This system makes it more difficult to for hackers to get access to the smartphone.
Despite the tighter control, Apple's system isn't perfect. "It's not a guarantee (against malware)," Hoffman said. In addition, Apple refuses to let most security vendors sell software through the App Store. "iPhone users are at a disadvantage, because they don't have the freedom to pick a security client of their choice," Hoffman says.
Hackers are expected to increase attacks on smartphones, as more people use them for online banking and making payments. Last week, Juniper's security unit discovered what it called the "largest trove of malicious applications aimed at Android."
The Russia-based third-party app store sold malware that was fake versions of paid applications. In addition, the site tricked users into sending premium text messages to give permission to download an app available for free from the Android Market. The fees for the text messages went to the app store.
Hoffman predicts the number of illicit sites will increase and many may go unnoticed for a long time. "There's much more malware out there that we don't know," he says.