, and

Android Malware. It’s something that we hear a fair bit about at Ausdroid, and it’s something that you probably should be mindful of. Every so often, digital security companies put out their research on the current trends in security threats, and F-Secure has just released their Q1 2014 findings.

F-Secure claims that over 99% of the new mobile threats they discovered targeted Android, and it’s easy to understand why: it’s fast becoming the most popular platform, and unlike iOS with its strongly enforced walled-garden approach, the security model on Android is different, and arguably more permissive, which allows greater opportunity for malware to find its way in.

In Q1 2014, F-Secure found 277 new threat families and variants, 275 of which targeted Android, one iPhone, and one Symbian. In comparison, the same quarter last year brought 149 new threat families and variants, 91% of which targeted Android.

It’s not just a growth in malware that’s of concern; there’s also been a number of new threats uncovered. F-Secure found a cryptocurrency (think BitCoin) miner, which infects a user’s phone and uses their spare CPU cycles to generate currency for the operator of the hack. We’re also seeing threats which target the early boot-up stage of Android which makes them hard to remove, trojan horse type malwares, as well as those targeting online banking.

Mikko Hyppönen, F-Secure’s Chief Research Officer said:

These developments give us signs to the direction of malware authors. We’ll very likely see more of these in the coming months. For example, mobile phones are getting more powerful, making it possible for cybercriminals to profit by using them to mine for cryptocurrencies.

It seems much of this malware was detected in the UK, Europe and the Middle East, with lesser findings in the US and elsewhere. However, while there isn’t much detail about infection rates in Australia, it’s highly likely that as a smart-phone adopting nation, we’re likely to be right up there. It’s just a question of whether these things are detected, and if so, reported.

More traditional threats still exist, with malware targeting premium SMS-based subscription services also remaining steady as the most common malicious activity.

F-Secure have prepared a list of the most common malware activities, below. If you see any of these things happening on your handset or on your mobile bill, it’s time to take a close look at what’s happening on your phone.

  • Sending SMS messages to premium-rate numbers
  • Downloading or installing unsolicited files or apps onto the device
  • Silently tracking device location or audio or video to monitor the user
  • Pretending to be a mobile AV solution but actually having no useful functionality
  • Silently connecting to websites in order to inflate the site’s visit counters
  • Silently monitoring and diverting banking-related SMS messages for fraud
  • Stealing personal data like files, contacts, photos and other private details
  • Charging a ‘fee’ for use, update or installation of a legitimate and usually free app


If you’re after more information about F-Secure’s research and findings, you can view the Mobile Threat Report Q1 2014 on their website.

We don’t advocate any particular company’s products in the realm of threat protection, but there are solutions from F-Secure, Trend Micro and others. You should consider them all, and consider whether you need one; those who are very careful with what they do on their smartphones would probably consider such security solutions as snake-oil, but others who are less careful, or perhaps less knowledgeable, may benefit from this kind of protection. 

Source: F-Secure Mobile Threat Report Q1 2014F-Secure Blog.
    6 Comments
    newest
    oldest
    Inline Feedbacks
    View all comments
    Alexei Watson

    F-Secure trying to secure their own market. I don’t trust security companies telling me I need security products.

    As long as people use common sense when installing and read the permissions that an app is asking for when installing, they should reduce their risk to a negligable amount.

    Milty C

    Exactly! But i also like to consider app downloads and reviews, other apps by the same dev, quality of devs website, and decent monetizing method as good indicators.

    Phill Edwards

    Don’t you I have security software on your PC? In the same way you need it on your phone.

    Alexei Watson

    Your android phone and your PC have very different access to administrative privileges. That’s why there isn’t a huge need for antivirus on a Linux PC. Same goes for android, it is essentially a very modified linux operating system.

    ozcjr

    We know, not everyone likes these kinds of stories..

    peter__

    “unlike iOS, the security model is different”. What does this even mean? Oh I know, what you’re saying is that unlike Android on IOS the security model is the same. I’m clear now.