Unpatched systems are one of the leading vectors for malware to worm its way into victims’ lives, but user education appears to lag behind this reality. Case in point: Of the more than two-thirds of people worldwide who use Android’s operating system, more than 80% of them are using an outdated version.
According to G DATA’s Q3 2015 Mobile Malware report, there were 6,400 new instances of malware targeting Android devices every day in the third quarter—translating into a lot of risk. By the end of the quarter, G DATA analysts had already counted more Android malware instances so far in 2015 than in the whole of 2014 ((1,575,644 vs. 548,129). In the third quarter alone, 574,706 different malware strains were found, which is an increase of 50% compared to the same period last year.
“In researching new malware hitting Android devices each quarter, our researchers found that a huge amount of people haven’t been using the updated version of the operating system,” said Andy Hayter, security evangelist at G DATA. “There are a number of reasons for this, but this opens up a huge attack surface of users with holes and vulnerabilities in their operating system, just waiting to be hit. With the continued growth in malware instances that the researchers also found, this is certainly a cause for concern and something consumers should really take seriously.”
Common reasons for the outdated OS version usage are the long delays in receiving updates from the phone vendors and mobile service providers, as well as the availability of OS updates for older devices. This is an issue with far-reaching consequences: Android after all is a gateway for the Internet of Things.
From fitness apps to vehicles, more and more devices are being networked together and can be linked to a smartphone or tablet. Such applications and the Android operating system are becoming more and more popular among cyber criminals, as they can offer a route for attack.
Android’s woes are likely to multiply, the firm predicted. For one, 2016 could see more smartphones with pre-installed malware, in the form of manipulated firmware. And, the firm is tracking an uptick in complex malware for online banking fraud. G DATA security experts expect to see an increase in complex malware that combines Windows and Android attack campaigns on online banking customers. The criminals' aim is to manipulate banking transactions on the internet.