Juniper Networks: Mobile malware threats explode 614% year-over-year


Mobile malware threats surged 614 percent between March 2012 and March 2013 to eclipse 275,000 total malicious apps, according to a new Juniper Networks report.

Ninety-two percent of all mobile malware identified by Juniper's Mobile Threat Center targets Google's (NASDAQ:GOOG) open-source Android operating system, up from 24 percent in 2010. Juniper blames Android's vulnerabilities on the fragmentation afflicting the platform, noting that the vast majority of devices run older versions of the OS, preventing them from receiving new security measures delivered by Google and leaving users exposed to even known threats. "According to Google, as of June 3, 2013, only 4 percent of Android phone users were running the latest version of the operating system, which provides mitigation against the most popular class of malware measured by the MTC that makes up 77 percent of Android threats," Juniper said.

Attackers are also exploiting lax security standards across third-party Android app stores. "The MTC identified more than 500 third-party Android application stores worldwide, most with very low levels of accountability or oversight, that are known to be hosting mobile malware--preying on unsuspecting mobile users as well as those with jailbroken [Apple (NASDAQ:AAPL)] iOS mobile devices," Juniper said. Three out of five malicious third-party stores originate from either China or Russia, the network services firm added.

Seventy-three percent of all known mobile malware falls into the category of "FakeInstallers"--SMS Trojans that transmit messages to premium rate numbers without the user's consent, under the guise of installers for legitimate applications. Juniper research indicates that each successful FakeInstaller attack can yield approximately $10 in immediate profit. The MTC also found that a growing number of more sophisticated attackers are designing intricate botnets and targeted attacks capable of disrupting and accessing data across corporate networks.

Juniper additionally identified a series of legitimate free applications that could leak corporate data on devices. "Free mobile applications sampled by the MTC are three times more likely to track location and 2.5 times more likely to access user address books than their paid counterparts," the company said. "Free applications requesting/gaining access to account information nearly doubled from 5.9 percent in October 2012 to 10.5 percent in May 2013."

The Juniper Networks report follows on the heels of a new Lookout Mobile Security study revealing that more than 1 million U.S. consumers have downloaded adware to Android devices over the past 12 months. Approximately 6.5 percent of all free Android apps available for download from the Google Play digital storefront contain adware, defined by Lookout as ad networks that exhibit intrusive behavior without first securing appropriate user consent--e.g., displaying advertising outside of the normal app experience, harvesting personally identifiable information or initiating unexpected actions in response to ad clicks. Adware is most commonly lurking inside personalization apps (26 percent), followed by racing games (23 percent) and sports games (18 percent).

For more:
- read this release

Related articles:
Lookout: 1M U.S. Android owners have downloaded adware in past year
Android malware disguised as mobile ad network infects up to 9 million devices
ACLU lobbies FTC to probe carriers over Android security
Report: Android malware doubled in 2012, infecting 3 million devices
Apple exec Schiller takes shot at Android over malware headaches
F-Secure: Android to blame for 79 percent of all mobile malware in 2012