The Juniper study – its third annual Mobile Threats Report – showed that the majority of attacks are directed at Android devices, as the Android market continues to grow. Malware aimed specifically at Android devices has increased at a staggering rate since 2010, growing from 24 percent of all mobile malware that year to 92 percent by March 2013.
According to data from Juniper’s Mobile Threat Center (MTC) research facility, the number of malicious mobile apps jumped 614 percent in the last year to 276,259, which demonstrates “an exponentially higher cyber-criminal interest in exploiting mobile devices”.
“Malware writers are increasingly behaving like profit-motivated businesses when designing new attacks and malware distribution strategies,” Juniper said in a statement. “Attackers are maximising their return on investment by focusing 92 percent of all MTC-detected threats at Android, which has a commanding share of the global smartphone market.
In addition to malicious apps, Juniper Networks found several legitimate free applications that could allow corporate data to leak out. The study found that free mobile apps sampled by the MTC are three times more likely to track location and 2.5 times more likely to access user address books than their paid counterparts. Free applications requesting/gaining access to account information nearly doubled from 5.9 percent in October 2012 to 10.5 percent in May 2013.
McAfee’s study found that a type of SMS malware known as a Fake Installer can be used to charge a typical premium rate of $4 per message once installed on a mobile device. A “free” Fake Installer app can cost up to $28 since each one can tell a consumer’s device to send or receive up to seven messages from a premium rate SMS number.
Seventy-three percent of all known malware involves Fake Installers, according to the report.
“These threats trick people into sending SMS messages to premium-rate numbers set up by attackers,” the report states. “Based on research by the MTC, each successful attack instance can yield approximately $10 in immediate profit. The MTC also found that more sophisticated attackers are developing intricate botnets and targeted attacks capable of disrupting and accessing high-value data on corporate networks.”
Juniper’s report identified more than 500 third-party Android application stores worldwide, most with very low levels of accountability or oversight, that are known to host mobile malware – preying on unsuspecting mobile users as well as those with jail-broken iOS mobile devices. Of the malicious third-party stores identified by the MTC, 60 percent originate from either China or Russia.
According to market research firm ComScore, Android now has a 52.4 percent market share worldwide, up 0.7 percent from February. As Samsung has been taking market share from Apple, Android use is expected to continue to grow, according to ComScore.
According to market analyst firm Canalys, Android represented almost 60 percent of the mobile devices shipped in 2012. Apple accounted for 19.3 percent of devices shipped last year, while Microsoft had 18.1 percent.