Wed12132017

LAST_UPDATEWed, 13 Dec 2017 2pm

Over 1 Million Mobile Malware Out There, Android Is The Main Target

Google’s Android mobile operating system is less than 6-years old, but is already under attack by more than a million(1 million) malware threats and high-risk applications, according to new data from security software firm Trend Micro. In comparison, it took a decade for PC malware to reach this number of threats.

To date(as of September 2013), more than 1 billion Android devices have been activated throughout the world. As of July 2013, the Google Play store officially reached over 1 million apps and had over 50 billion downloads.

The Android platform has overtaken the iOS mobile market in many countries including Malaysia, based on a recent survey conducted by Trend Micro Malaysia. The IT security company said it is of no surprise as the open eco system is what smartphone manufacturers, app developers and consumers love but this comes with a price.  The open platform exposes users to become easier target for cybercriminals.

A recent survey conducted by Trend Micro Malaysia revealed that 63% of the respondents are Android users but only 19% installed additional mobile security. In Trend Micro’s 2Q Security Roundup for the year, more than 700 thousand malicious and risky apps were already found in the wild.

“Due to the continuous popularity of the Android platform among users, Trend Micro had earlier predicted that 2013 would be the year that mobile threats, specifically malware and high-risk apps to reach the 1 million mark. With three months left to spare before the year ends, our prediction has already came true,” said Goh Chee Hoh, Managing Director, SEA Region, Trend Micro Inc.

“Our Mobile App Reputation data indicates that there are now 1 million mobile malwares (such as premium service abusers) and high-risk apps (apps that aggressively serve ads that lead to dubious sites). Among the 1 million questionable apps we found, 75% perform outright malicious routines, while 25% exhibits dubious routines, which include adware. It is even more pressing today to ensure that you have an additional level of protection in your devices to avoid becoming a victim of such threats,” continued Goh.

The Top 3 Mobile Threats

Although Google is taking steps to keep the Android system secure using known features like the Bouncer service or automated scanning, sandboxing, permissions system, and remote malware removal, Android malwares continue to rise alongside the growing market for Android devices. Here are the top three threats that Android users may face:

Premium Service Abusers
Cybercriminals are using all kinds of tricks to get users to download malicious apps including creating fake versions of Skype, Instagram, Angry Birds Space and other legitimate apps which will then send unauthorized text messages to certain numbers and register users to costly services. Trojans are deployed to hijack a handset enrolled in premium service contracts, allowing the dispatcher to remotely access the same services that are paid for by the owner of the infected device.

Rootkits or data mining
The master key Android vulnerability allows cybercriminals to replace legitimate apps with malicious copies that release rootkits deep inside a phone’s system with one programmed task – to record sensitive data such as key strokes, passwords and locations. Mobile phishing sites are another method of tricking users into divulging personal information.

Fake URLs
With the prevalence of shortened URLs shared via the various social networks, users are tricked into visiting sites that are compromised, allowing for a virus to be planted on their devices that will steal information and breach user privacy.
Trend Micro recommend users to protect their devices by:
Using the smartphone’s built-in security features. Keep your smartphone safe from abuse and/or misuse by properly configuring your location and security settings.

Avoiding free but unsecured Wi-Fi access. Accessing the web via an open network may be convenient and free but it also allows anyone to access your phone.
Scrutinizing every app you download regardless of source. Trojanized apps also find their way to official app stores so users would still be encouraged to scrutinize closely the apps you download.

Understanding the permissions you are allowing before accepting them. Be careful about granting access to personal and/or device information or letting apps do other unnecessary actions in order to work.

Investing in an effective mobile security app. Being wary when downloading and installing apps isn’t enough, to stay protected anywhere and anytime, users should consider investing in a mobile security app to effectively defend your device against the latest mobile threats.

 

 

 

[Source]- Trend Micro