There are many players in the mobile device landscape, with Apple iOS, Google Android, Blackberry and Windows Phone all competing for market share. When it comes to malware, however, one vendor is the clear leader — Android.
According to the new 2013 Mobile Threats Report from the Juniper Networks Mobile Threat Center, 92 percent of mobile threats are now targeted at Android. That’s up from 47 percent in 2012.
“That’s an incredible number and it shows not only where attackers are finding opportunities, it shows where attackers are finding ways to make money, and that’s why they are focusing on Android,” Michael Callahan, vice president of global security product marketing at Juniper, told eSecurity Planet.
Inside that Android malware base, 73 percent of all attacks are from some form of fake installer. In a fake installer attack, the android user goes to a mobile app store that is different than the default Google Play store. Juniper found at least 500 such non-Google Play app stores that were all serving fake installer-based mobile malware.
“The fake installers are dominant because the attackers can make so much money from them,” Callahan said.
With the fake installer attack, a user goes to a non-Google Play store and downloads an app they want. In addition to whatever app the user intentionally wants to install, the app store is also placing a fake installer on the mobile device, which can often leverage Android’s SMS features.
With Android’s SMS, users are able to send a message that can be used for legitimate charitable donation purposes. The fake installers abuse that SMS functionality, sending donation payment SMS messages to the attacker, who is then able to collect the money.
“We reverse-engineered one of the fake installers and found that the attacker was making $10 per SMS message,” Callahan said.
What Can You Do?
While the prospect of being infected by mobile malware that sends paid SMS messages out without user authorization is frightening, there is a simple fix.
In Juniper’s research, the vast majority of malware was found in non-Google Play app stores. While Callahan noted that some malware can and does land in Google Play, it is a rare occurrence.
“Where users get into trouble is when they visit one of the 500 non-Google Play app stores, because they feel more aligned with them for some reason,” Callahan said.
That alignment could be due to language or regional issues as well as cost.
“If users go the legitimate route, the chance of something bad happening is pretty slim,” Callahan said. “It’s similar to what we’ve all been taught to do with email: You just don’t click on stuff from people you don’t know.”
Sean Michael Kerner is a senior editor at eSecurity Planet and InternetNews.com. Follow him on Twitter @TechJournalist.