The SophosLabs 2017 malware forecast warned that smartphone infections are skyrocketing, especially in Android devices. The latest Nokia threat report backs up that assessment, showing how mobile malware spread faster than any other sinister code last year. Among other things, the report said:
- Android phones and tablets accounted for 81% of primary targets.
- Malware infected approximately 1.35% of all mobile devices in October – the most since Nokia started tracking it in 2012.
- Overall infection rates rose 63% sequentially in the second half of 2016.
- Smartphones were the top malware targets by a large margin, making up 85% of all mobile device infections in the second half of the year.
- Smartphone malware attacks surged nearly 400% over the previous year.
- Far fewer attacks targeted iOS-based phones – just 4%. The dominant malware in those cases was Spyphone, software that tracks the users’ calls, social media apps, text messages and GPS locations.
Meanwhile, Nokia’s report cited major vulnerabilities in devices connected to the Internet of Things (IoT). The best example of that came in the form of October’s coordinated assault against Dyn, one of several companies hosting the the Domain Name System (DNS). In that attack, Mirai malware was used to hijack internet-facing webcams and other devices to turn them into massive botnets that were then pointed at Dyn. The attack crippled such major sites as Twitter, Paypal, Netflix and Reddit.
Android under siege
Nokia’s finding that Android devices are a top target matches up with what SophosLabs reported in its malware forecast, released in February during RSA Conference 2017. SophosLabs analysis systems processed more than 8.5m suspicious Android applications in 2016. More than half of them were either malware or potentially unwanted applications (PUA), including poorly behaved adware.
When the lab reviewed the top 10 malware families targeting Android, Andr/PornClk was the biggest, accounting for more than 20% of the cases reviewed in 2016. Andr/CNSMS, an SMS sender with Chinese origins, was the second largest (13% of cases), followed by Andr/ DroidRT, an Android rootkit (10%), and Andr/SmsSend (8%).
In addition to malware, Android was found vulnerable to a variety of hacking techniques. In one such case, researchers found that attackers can crack Pattern Lock within five attempts by using video and computer vision algorithm software.
Earlier this month, meanwhile, researchers at Palo Alto Networks discovered 132 Android apps on Google Play tainted with hidden IFrames linking to malicious domains in their local HTML pages. Interestingly, the malware was Windows-based. SophosLabs showed additional research tracing that malware back to a developer who goes by the name Nandarok.
Defensive measures
Though Android security risks remain pervasive, there’s plenty users can do to minimize their exposure, especially when it comes to the apps they choose.
- Stick to Google Play. It isn’t perfect, but Google does put plenty of effort into preventing malware arriving in the first place, or purging it from the Play Store if it shows up. In contrast, many alternative markets are little more than a free-for-all where app creators can upload anything they want, and frequently do.
- Consider using an Android anti-virus. By blocking the install of malicious and unwanted apps, even if they come from Google Play, you can spare yourself lots of trouble.
- Avoid apps with a low reputation. If no one knows anything about a new app yet, don’t install it on a work phone, because your IT department won’t thank you if something goes wrong.
- Patch early, patch often. When buying a new phone model, check the vendor’s attitude to updates and the speed that patches arrive. Why not put “faster, more effective patching” on your list of desirable features, alongside or ahead of hardware advances such as “cooler camera” and “funkier screen”?