Exponential Proliferation of Android Malware Targeting Banking Apps

by Matt Klassen on July 21, 2015

The torrent of malware invading the Android ecosystem continues unabated, proliferating at a rate of approximately 4,900 new malware threats per day, according to a report from G Data SecurityLabs released last Wednesday. In fact, the report indicates that Android is increasingly becoming the target of course for cyber-criminals, as the potential rewards for hacking into largely unsecured Android devices become ever greater.

To wit, the report indicates that the number of new malware strains could rise exponentially this year, potentially reaching as high as 2 million, as the number of new strains is already up 21 percent over Q1 of last year.

The reason that Android continues to garner the increasing interest of cyber-criminals and other ne’er-do-wells is not hard to find, as recent studies have found that almost half of all smartphone users both in Europe and in North America use their mobile devices for financial transactions…and that’s money for the taking for cyber-thieves.

“The report shows that the OS has a bigger market share than the others, and thus is more interesting to security researchers and malware authors alike. Also, a lot of vendors offer Android devices varying in quality standards, but that is not a problem of the OS itself, but rather of the vendor in question,” said security evangelist for G Data Andy Hayter.

But it’s not like we didn’t see this coming. Not only has Android long been vulnerable to a variety of malware intrusions due to system fragmentation and substandard security protocols, but security experts like G Data have been predicting this sharp spike for years now.

As G Data’s Eddy Williams wrote more than two years ago, “Mobile malware has developed into a lucrative eCrime business for online criminals. The perpetrators are mainly using Trojans horses to exploit this, as these can be deployed in numerous ways. The malware enables not only the theft of personal data, but also fraud using expensive premium rate services, for example…Because of the lucrative possibilities for criminals to make a profit, we predict a further upsurge in the mobile malware industry in future.” Dark tidings indeed.

The greatest threat however, as it has always been, is the end user, as the report indicates that free apps and other such software downloaded from discount third party sites are the more appealing malware vectors for cyber-criminals, as such sites usually lack the security checks of established app stores like Google Play.

Once downloaded, these malicious pieces of code now increasingly target banking and purchasing software on mobile devices, with LinuxInsider writer Jack Germain reporting that “At least half of all Android malware now in circulation includes banking Trojans, SMS Trojans and similar malware components.”

But lets be honest, while careless user behaviour is the strongest contributing factor to Android vulnerability, Google has never really cared about the security of its cash cow, depending solely on mobile vendors to shore up that problem. As tech insider said Rob Enderle explains, “Google’s lack of focus on this problem, reminiscent of Microsoft’s similar mistake in the late 1990s — which resulted in their having to rethink their OS and create Windows XP — has created a massive exposure for Android users.”

For that reason, Android has always been rife with vulnerabilities, a problem not only now with the platform’s deployment in financial transactions, but in the future when it will undoubtedly become the centrepiece of the growing IoT market as well. 

Did you like this post ? TheTelecomBlog.com publishes daily news, editorial, thoughts, and controversial opinion – you can subscribe by: RSS (click here), or email (click here).

Written by: Matt Klassen. www.digitcom.ca. Follow TheTelecomBlog.com by: RSS, Twitter, Facebook, or YouTube.

Previous post:

Next post: