When Malware
Goes Mobile

We explain the causes and consequences
and show you the cures

< Prev 1 | 2 | 3 | 4 Next >

Why iOS is safer than Android

Google’s Android platform has become a larger target for mobile malware writers than Apple iOS. This could be a result of Android’s popularity—with more than 1 million activations per day, Android smartphones command a 59% market share worldwide. However, the relative vulnerability of Android vs. iOS comes down to the level of control the vendors have over products and the marketplace for development and distribution of apps.

Mobile malware writers know the best way to infect as many devices as possible is to attack central application markets. The cybercriminals plant applications that include hidden (obfuscated) malicious functionality in an attempt to avoid detection included in the vendor’s application vetting process (e.g., Google Bouncer).

In 2011 alone, Google removed more than 100 malicious applications from its app store. Google discovered 50 applications infected by a single piece of malware known as Droid Dream, which had the capability to compromise personal data. However, Google hasn’t always acted in a timely manner to prevent infections. Users downloaded one harmful app more than 260,000 times before the company removed it from the app market. So creating a mobile security policy that requires end users to protect personal mobile devices wthin the enterprise is key to keeping your organization's data safe.

Apple and iOS

Apple’s walled garden App Store—where applications are fully vetted before being made available to customers—has prevented widespread malware infection of iOS users. As a centralized point of distribution, the App Store provides users with confidence that the apps they download have been tested and validated by Apple.

Evidence of malicious malware showing up in the App Store is anecdotal at best, as Apple does not typically volunteer such information. However, it’s safe to assume that since Apple does not make APIs available to developers, the iOS operating system has fewer vulnerabilities.

However, iOS isn’t 100% invulnerable. Take the tale of Charlie Miller, a security researcher who deliberately created a suspicious application and submitted it to Apple. Apple initially approved the application, which uncovered a bug in iOS. As soon as Apple discovered that the application was suspicious, the company suspended Charlie’s developer account for one year.

Google and Android

Like Apple, Google provides a centralized market for mobile applications called Google Play. However, that is offset by the Android’s ability to install apps from third-party sources. Some are well-known and reputable such as Amazon. Others are not, and originate from malware hotspots in Russia and China. The criminal developers deconstruct and decompile popular apps like Angry Birds, and publish malicious versions and make them available for free.

One alternative market for these “cracked” or “cloned” applications is Blackmart, and the apps cracked for that market are known as PJApps. Tools used to crack legitimate applications allow the mobile malware writers to repackage popular applications and add their own functionality. Repackaged apps will typically include some potentially unwanted pieces, such as advertising frameworks or malicious capabilities.

Another family of Android-specific malware reported to Sophos is known as DroidSheep, a tool used by hackers to listen to network traffic and gain access to online accounts of popular websites. Attackers running DroidSheep can impersonate victims' accounts and gain access to sites not using a secure connection. DroidSheep allows the attacker to sniff wireless network traffic and steal authentication tokens, which the attacker can then use to impersonate someone else. Popular sites such as Yahoo, Google, and Facebook support HTTPS connections, which a tool like DroidSheep cannot infiltrate.

The most prolific family of Android malware is known as Boxer. In April 2012, when the popular photo sharing application Instagram was released on the Android platform, mobile malware writers immediately took notice. The malware creators copied the contents of the Instagram site and created a fake, malicious counterpart complete with rogue applications. Once installed, the app sends SMS messages to premium-rate services, concentrated mostly in Eastern European countries like Russia, Ukraine and Kazakhstan. In the process, cybercriminals earn a fast and tidy commission at the expense of users.

Mobile malware by the numbers

The number of threats―especially on the Android platform―continues to increase. In 2011 SophosLabs observed 81 times more Android malware in 2010―an 8,000% leap. In 2012 SophosLabs has already resulted in 41 times more malware than in all of 2011―a growth rate of nearly 4,100%.

Go to next page: 10 tips to prevent mobile malware

Sophos solutions

Sophos Mobile Control Sophos Mobile Control
See how we can protect BYODs

We also offer a free Android malware scanner. It scans all your Android apps for malware and protects against loss and theft with a remote lock feature. Start protecting your Android device today.