Infected Mobile Devices Spike to 15 Million in H1

Mobile malware is on the rise, to the tune of there being 15 million infected mobile devices present in consumer and business user hands at any given moment.

Alcatel Lucent’s Kindsight subsidiary has found that in the first half of 2014, the overall mobile infection rate climbed to 0.65%, given the 2.3 billion smartphones in the world today. Using data averaged from actual mobile deployments, the firm found that percentage to represent a serious spike in growth; the annual growth rate for mobile malware overall is just 20%. So, in the first half of 2014, the growth was more than double that.

Further, because Alcatel-Lucent sensors are not currently deployed in areas where infection rates are known to be higher than average, such as China and Russia, that global estimate is probably on the conservative side.

Detailing the findings in its latest malware report, Kindsight also said that the number of Android bugs continued to grow significantly, but not at the exponential rates seen in 2013. Still, the number of samples in its mobile malware database grew by a not-insignificant 83% in the first half of the year. In all, 60% of infected devices are Android. Less than 1% of devices are iPhones, Blackberrys, Symbian and Windows Mobile.

The other almost-40% are Windows PCs connected to the mobile network.

“Clearly the Android platform is the biggest malware target in the mobile space, followed by Windows PCs, which are still the favorite of hard-core professional cyber-criminals,” it said, explaining that Android offers the easiest target, because of Android’s lenient security measures on the handling of apps. For instance, apps can be downloaded from third-party app stores and websites, and there is no control of the digital certificates used to sign Android apps—so malicious offerings have an easier way through to the consumer than they do on other platforms.

“Apps are usually self-signed and can’t be traced to the developer,” Kindsight said.

While the numbers are shooting up-up-up, Kindsight was quick to point out that things could be worse.

“Despite the great increase in numbers, the quality and sophistication of most Android malware is still a long way behind the more mature Windows PC varieties,” it said in the report. “The command-and-control mechanisms (C&C) are primitive and often don’t work. Configurations are hard coded and inflexible. The malware makes no serious effort to conceal itself, and attack vectors are limited to hoping someone installs the infected app.

As for the type of malware being distributed, the most common form is trojanized apps that steal information about the phone or send short message service (SMS) messages. And, four of the five malware that are new to the top-20 list are in the mobile spyware category. These apps are used to track the phone’s location, monitor ingoing and outgoing calls and text messages, monitor email, and track the victims’ web browsing.

The top threat is Coogos.A!tr, a trojan for Android devices that checks whether the victim’s device is rooted, and will silently and automatically download a system package on the device if it is. Additionally, it posts the device’s International Mobile Station Equipment Identity (IMEI) and the victim’s International Mobile Subscriber Identity (IMSI) to a remote web server in China.

“In the past, this malware was distributed as active wallpaper, but a new version, packaged as a game, is much more popular, and it probably accounts for the significant increase in the infection rate over the first half of 2014,” Kindsight said. “However, activity has just recently dropped off.”

What’s Hot on Infosecurity Magazine?