November 17, 2011, 10:16 AM — I know it’s a tad early for new years predictions but I’m going to beat the rush and make mine now: 2012 will be the year of mobile malware.
That’s an easy prediction to make, because if you look at the numbers 2011 was really the year of mobile malware, but only a handful of people have been paying close attention. Next year you won’t be able to avoid hearing about it, and if you carry anything remotely “smart” in your pocket – and you don’t carry adequate “protection, as we used to say in high school -- you may become a victim of it.
The latest figures from Juniper Networks bear this out. According to the Juniper Global Threat Center blog, the number of malware-laden apps available for Android devices jumped 472 percent since July. That’s right – there are nearly five times as many nasties available for the Android platform as there were just five months ago.
What does that mean in real numbers? I asked Dan Hoffman, chief mobile security evangelist for Juniper. He declined to put an exact number on the amount of Android malware, but he did say bad apps number in the “tens of thousands” and that 5 to 6 percent of the mobile devices that Juniper monitors have been infected.
The biggest threat to Android users may be “pirated” apps, says Hoffman – programs that look and feel like a legitimate software package but contain a malware payload. For example, a piece of malware masquerading as the Opera Mini Browser appeared in the Android market last month. The PowerAMP media player is another app that recently got pirated, notes Juniper.
Those two bogus apps were distributed via third-party app stores – notorious snakepits for nasty apps. But even the main Android Market is vulnerable, says Hoffman, thanks to Google’s hands-off app approval policy. Because the apps aren’t fully vetted, the Android market is low-hanging fruit for cyber thieves – a notoriously lazy bunch.
As you can see in this wicked cool infographic created by Juniper, the malware falls largely into two categories: SMS Trojans, which install apps that send bogus text messages to numbers owned by the malware authors (or their business partners) and charge you $2 to $3 per text; and outright spyware that can paw through your email, read your texts, and otherwise capture the personal or business information you have stored on the phone.