According to the recently released Mobile Malware Report – Threat Report: Q1/2015, security researchers at G Data Software have identified an increase in Android malware over the course of the past year.
“During the first quarter of 2015, G DATA security experts chronicled 440,267 new malware files,” explains the report. “This represents an increase of 6.4 percent compared to the fourth quarter of 2014 (413,871). On average, the experts discovered almost 4,900 new Android malware files every day in the first quarter of 2015, an increase of almost 400 more new malware files per day compared to the second half of 2014.”
Christian Geschkat, G DATA mobile solutions product manager, explained to Infosecurity Magazine that approximately half of the malware samples his company detected were financially motivated and were therefore capable of stealing users’ banking credentials:
“The use of smartphones and tablets for online banking is increasing rapidly,” observed Geschkat. “With its dominant market position, the Android operating system in particular is coming to the attention of cyber-criminals. Hence it is no surprise that attackers are developing and distributing financial malware such as banking trojans especially for this platform. As such, we are expecting a significant increase in financially motivated malware for the Android operating system this year.”
But this rise in mobile malware threatens much more than just people’s hard-earned money. It also potentially jeopardizes the security of IoT products that are compatible with a mobile device, such as fitness trackers and medical applications that might store a person’s sensitive information.
Ultimately, the findings of G Data might not come as a surprise to many.
After all, a recent study released by Pulse Secure found that around 97% of mobile malware is specifically designed to target Android devices. This is in part due to the low barriers of entry for app developers and, until recently, a lack of manual security screening for new applications submitted to the Google Play Store.
Just this week, Google was forced to a kick a malicious app out of the Google Play store which was pretending to be an Android battery monitor.
For now, Android users can reduce (but not entirely eradicate) the risk by only installing apps from known sources.
Let’s be honest. Android is and will continue to remain a preferred mobile platform for hundreds of millions of users well into the future.
But if ordinary customers and app developers are to continue to benefit from this mobile OS, Google would be wise to look at G Data’s findings and invest some deeper resources into bolstering Android’s security.
It’s a difficult tradeoff, app security vs. openness and speed of release, but it needs to be weighed regardless.
Found this article interesting? Follow Graham Cluley on Twitter to read more of the exclusive content we post.