X

Android users twice as likely to see malware than six months ago

Apps infected with malware grew five-fold since January, Lookout mobile threat report finds.

Elinor Mills Former Staff Writer
Elinor Mills covers Internet security and privacy. She joined CNET News in 2005 after working as a foreign correspondent for Reuters in Portugal and writing for The Industry Standard, the IDG News Service and the Associated Press.
Elinor Mills
3 min read
 
This chart shows the growth of malware-infected apps from 80 at the beginning of the year to more than 400 six months later.
This chart shows the growth of malware-infected apps from 80 at the beginning of the year to more than 400 six months later. Lookout

LAS VEGAS--If you've got an Android you are 2.5 times more likely to encounter malware on the device today than six months ago, while mobile users have a 30 percent likelihood of clicking on a malicious link, according to a report released today from mobile security firm Lookout.

Those figures are based on detection rates from Lookout users on Android, but not the iPhone, however the rates are presumed to be about the same, according to Lookout.

"This number is likely so high because users on mobile devices often encounter threats targeting PCs--people read email, Facebook messages, text messages, and tweets on their phones just as they do on their PCs," the company says in its report, released on the eve of the Black Hat security conference here. However, many Web-based threats such as phishing attacks do not discriminate based on platform, while others, such as Websites containing browser exploits, are targeted at a specific operating system.

An estimated 500,000 people were affected by Android malware in the first half of this year, a period when apps infected with malware rose from 80 in January to more than 400 in June, according to the report, which focuses on Android and Apple's iOS. Lookout collects data from more than 700,000 Android and iPhone apps and 10 million Android devices around the globe, and offers free and fee-based versions of a security service for the open source Android platform, but not for iOS. While Apple vets every app before allowing it to be sold on the Apple App Store, the Android Market allows any app to be published but provides detailed information about what permissions the app has on a device.

Related stories
How to secure passwords on your Android device
Skype brings video support to 17 Android phones
12 tips for mastering Android

Two of the most prevalent Android threats were DroidDream, which prompted Google to remove malware-infected apps that drop a Trojan on devices from the Android market in March and again in July, and GGTracker, according to the Lookout Mobile Threat Report. Authors of DroidDream released more than 80 unique apps with different malware variations that were designed to take control of a device. Typically, the malware distributors take legitimate apps and repackage them in the hopes that people will confuse them with the legitimate apps.

GGTracker is believed to be the first threat designed to steal money from Android users in the U.S. It signs up for premium text message subscription services without the user's knowledge and they are charged $10 per service and as much as $50 for multiple services. GGTracker also used new techniques to distribute the malware, including "malvertising" in which mobile ads direct users to a malicious site that automatically downloads malware when visited.

The report warns of another new type of attack that can happen when a legitimate application is published and updated to include malware once there is a large user base. Everyone who downloaded the app, which initially was benign, is infected when the app gets updated.

To stay safe, mobile users should only download apps from trusted sources, pay attention to the address of URLs they click on, and be on alert for unusual phone behavior that could signal an infection.