Android 4.2

Search giant Google cancelled its Monday Android event in New York City owing to Hurricane Sandy.


Less than one year since a Google executive claimed the Android platform didn't have a problem with malware, over 50,000 unique instances of malware have been detected.

According to the latest figures from Finnish security firm F-Secure, unique instances of Android malware have jumped ten-fold in the past three months from 5,033 to 51,477.

The increase in samples occurred even after Google introduced Bouncer, an additional layer of security on the Google Play store, that scans new and existing apps and developer accounts for malicious activity.

The majority of these pieces of malware are Russian and Chinese-based, with a lot of the malware making money by dialling premium-rate numbers.

However, these pieces of malware are targetting only users in the countries in which they originated, as you can only dial those premium rate numbers if you are physically in those countries.

Acccording to Mikko Hypponen, security chief for F-Secure, the increase of unique instances is down to a couple of very active families of malware.


Only 42 new families of malware have been detected in Q3 2012, with the people behind them constanly tweaking them and launching new variants, which accounts for the much higher number of instances detected.

Hypponen says there are a couple of very active families, which are accounting for a lot of the increase.

There are a couple of reasons why China in particular has become such a hotbed of mobile malware activity. The first is that China officially passed the US as the largest smartphone market in Q2 of 2012, making it an ideal target for cybercriminals.

The second is that over 80 percent of smartphones sold in China use Android. A lot of Chinese Android users also download software from less-secure third-party app markets.

While security firms like F-Secure are updating their mobile anti-virus software to reflect these ever-changing pieces of malware, but the cybercriminals are always one step ahead.

The Finnish company uses heuristics to try and predict and detect these new forms of known malware, but it is nowhere near as powerful as those available on PC anti-virus software.

"It is a very good time for the attackers to be operating," Hypponen said.

The mobile malware sector is very immature and like the PC malware market of a decade ago, a lot of cyber criminals are still testing the boundaries of the various platforms.


Proof-of-concept malware, which doesn't necessarily make the creators any money, is a high percentage of the malware being detected on the Android platform.

"There are plenty of people who are investigating Android as a platform, and trying [to see] if you can write malware, what can you do, what can't you do," Hypponen says.

In just under two weeks, it will be one year since Google's open-source programs manager Chris DiBona called anti-virus companies like F-Secure "scammers and charlatans" for selling mobile anti-virus software.

"If you work for a company selling virus protection for Android, RIM or iOS, you should be ashamed of yourself," DiBona said on his Google+ page.

In what seems like a contradiction to this statement, Google launched Bouncer earlier this year, which monitors apps which have already been submitted to the Google Play store.

However, since the program was launched researchers have shown that there are ways to circumvent the security measures which Bouncer implements.

"I don't think the numbers agree with Chris DiBona," Hypponen said last week.


Hypponen says it's still tough to give an accurate percentage of the number of smartphones which are infected today, though it's a lot less than the percentage of infected PCs worldwide.

Android is far and away the most active platform for malware, accounting for two-thirds of all new malware detected in the last quarter, but surprisingly the next highest detection rate came on the Symbian platform.

Almost one-third of new malware detected in the last three months is on the Symbian platform.

This is surprising considering Nokia has now officially ditched the platform completely, and it now accounts for less than five percent of the worldwide smartphone market.


Windows Phone and iOS has virtually no malware at all, which is baffling to the Hypponen:

"I can't really explain why we're not really seeing more activity on iOS in general. iOS 6 patched 179 vulnerabilities in webkit. 179 holes in the browser which could have been used, at least potentially, to build drive-by exploits. Nobody's doing that, I don't understand why."

However, like a lot of things in the security industry, it has proven difficult to predict what will happen next in this space:

"It has been proven to be hard to forecast anything in the mobile space. Many of the things we think are absolutely going to happen, they haven't."