Android malware growing at rate of 1,320 percent per year

110% in Sept., 111% in October, and the growth curve keeps getting steeper.

Malware is becoming a much bigger problem much faster than anyone expected on Android smartphones and tablets. Much faster, too.

The risk to consumers' privacy is probably still far greater from the snoopy, gossipy permission requirements on Android apps that automatically take permission to ID your location, your friends, your activities and send copies home to their developers to help "improve customer support."

Or the risk might be greater from what is apparently a flood of law-enforcement agencies pouring every phone number they can grab into the same bucket marked "possible suspects" and handing it to cell phone carriers with a request for a list of all the calls made to or from each of those numbers, on the off chance someone, somewhere in America is plotting something illegal using a cell phone.

Or it could be that phones running Android are outselling iPhone – taking up 52 percent of blobal sales compared to 15 percent for iPhone.

That's a big market that requires a big response. Malware writers have never been shy about stepping forward into a gap through which money might be extracted.

But this?

According to Juniper Networks the number of samples of malware designed for Android leaped 472 percent between July, 2011 and Nov. 10.

According to Juniper there was a 400 percent increase in android malware between the summers of 2009 and 2010. That was in a whole year. The 472 percent was for five months. That's an increase of 110 percent in September and another 111 percent in November – and a projected annual growth of approximately 1,320 percent.

That number sounds ridiculous, but Juniper's growth curve keeps getting steeper during 2011 and into 2012, so it may actually be an underestimate.

Of those, 55 percent are spyware that collect data on location, contacts, activities and similar information.

About 44 percent are SMS Trojans that connect to the net along with a legitimate application and send SMS messages to numbers that charge a high per-message premium call fee. The anonymous owners of the number and the malware charge the cell company – which charges you – premium access fees similar to the $1.99 per vote American Idol charges or high per-minute charges tech support or sex lines charge.

As many as 90 percent of Android phones are vulnerable to malware, Juniper found.

Since March, Juniper has also been collecting samples of malware designed not just to watch what you're doing, but to take over root access and do what it wants, instead.

"GingerMaster," a Trojan rootkit cicrulating in China, for example, jailbreaks the phones it attacks and gives the access mechanism to a stranger.

One developer that goes by the name "Myournet" poisoned at least 21 Android apps earlier in the year and uploaded them to the Android Market for distribution.

Apple's greater filtering and anti-virus on iTunes is one big reason malware for iPhones is more rare than for Android, the report said.

Another is that Google and the ISVs that build apps for Android aren't that good at responding to news about vulnerabilities.

The holes exploited by "Myournet" were known already when the exploits were found in March, and have yet to be fixed, Juniper reported.

A bigger problem – paranoia – slows the response of both Apple and Google. Security developer Charlie Miller, for example, has broken several iterations of iPhone's security, telling Apple about it each time like a good "partner." The most recent time, Apple kicked him out of the program for being a security risk, apparently for having found one.

Read more of Kevin Fogarty's CoreIT blog and follow the latest IT news at ITworld. Follow Kevin on Twitter at @KevinFogarty. For the latest IT news, analysis and how-tos, follow ITworld on Twitter and Facebook.

What’s wrong? The new clean desk test
Join the discussion
Be the first to comment on this article. Our Commenting Policies