Android Malware Doubled in 2016, Adding to Mobile Malware Problem

In-brief: Smart phones infected with Android malware jumped 95 percent between 2015 and 2016, part of a steady increase in mobile phone infections in recent years, Nokia said on Monday.

Smart phones infected with Android malware jumped 95 percent between 2015 and 2016, part of a steady increase in mobile phone infections in recent years, Nokia said on Monday.

Infected mobile phones now account for a little more than 1% of  mobile phone network traffic, a share of overall mobile activity that grew sharply, especially in the last six months of 2016, according to data from the mobile device firm. Infected smart phones now account for 85% of malicious traffic, far outstripping traffic from infected Microsoft Windows systems.

Infected mobile devices accounted for 85% of malicious traffic on mobile networks. (Image courtesy of Nokia.)

Nokia published the data in its Threat Intelligence Report for the second half of 2016. The report presents trends and statistics for malware infections in devices connected through mobile and fixed networks, aggregating data from across networks where Nokia’s NetGuard Endpoint Security solution is deployed. The report is based on an analysis of traffic from more than 100 million devices deployed on both fixed, broadband and mobile networks, Nokia said.

Overall the monthly smart phone infection rate averaged 0.90 percent in the second half of 2016, reaching as high as 1.35 percent of devices in October, 2016. That might not sound like so big a problem (99 percent of mobile devices are _not_ infected.) But the .9 percent marks a 83 percent jump between the first- and last six months of 2016.

Much of that risk is due to malware that targets mobile devices running Google’s Android, though Nokia notes that Apple’s iOS operating system was also targeted by malware authors and nation-state actors. Specifically, the Pegasus malware is a sophisticated spyware application that leverages three iPhone vulnerabilities to compromise Apple’s signature smart phone and gather data from the owner. Other iOS malware includes AceDeceiver and Yispector, Nokia said.

Nokia data shows a steady increase in infected mobile device traffic. (Image courtesy of Nokia.)

Still, malware infections were a small fraction of traffic on mobile networks, especially when compared to infections on fixed, residential broadband networks where infections averaged 10.72 percent in the second half of 2016 and nine percent overall for 2016. High-level threats such as bots, rootkits, keyloggers and banking Trojans remained steady at around six percent of fixed, broadband networks, Nokia said. Overall, however, malware in fixed residential networks declined in 2016 compared with 2015, during which the infection rate spiked as high as 18 percent in the first few months of the year.

Despite the headlines it garnered, the Mirai botnet was not among the top five malware samples identified by Nokia targeting home networks.

Nokia said the increase in mobile threats and corresponding decrease in fixed, broadband networks may be evidence that a shift is under way, with cyber criminals and other attackers increasingly focused on mobile platforms and devices at the expense of traditional platforms like laptops and desktop computers.

As the Mirai botnet showed, industry needs to “rethink IoT deployment strategies and invent new ways to protect these devices from abuse going forward, Nokia said.

Google’s Android is the world’s most popular mobile operating system and runs a wide range of devices – from phones and tablets to television sets. But Google’s decentralized ecosystem, which leaves it to downstream partners to issue patches for their devices, has resulted in slow uptake of critical security patches across the Android ecosystem. Recent data, for example, suggests that seven in 10 Android devices using one of the five, major US carriers are at least two months behind on security patches.

Comments are closed.