Android Accounted For 79% Of All Mobile Malware In 2012, 96% In Q4 Alone

PC Tech March 7, 2013

2 minutes read

Is it because Android is the most popular smartphone platform in the world right now, or is it because it’s just fundamentally easier to attack? In any case, Google’s mobile juggernaut Android continues to be the world’s biggest magnet for mobile malware. According to a report out today from security specialists F-Secure, Android accounted for 79% of all malware in 2012, up from 66.7% in 2011 and just 11.25% in 2010. On the other side of the spectrum, Apple’s iOS, the world’s second-most popular platform for smartphones in terms of new purchases, remains one of the least compromised, with 0.7% of malware on its platform.

Symbian, whose market share is in rapid decline and is being left for dead by its former parent Nokia, is down to 19% of all malware, compared to 62.5% two years ago. F-Secure predicts that it will go the way of the dodo bird and become extinct in 2013, as users replace their Nokia handsets with Android devices. Meanwhile, Windows Mobile, BlackBerry and J2ME each accounted for less than 1% of threat families in circulation in the year.

Breaking down progress over the past year, Android’s malware record appears to have seen a particularly bad spike in Q4 2012. F-Secure notes that in the fourth quarter it accounted for a full 96% of attacks. In fact, according to its records, all other platforms except for Symbian (at 4%) didn’t appear to have any malware threat families received at all.

Holding these up to Q4 market analysis, these figures are not proportionate to market shares for current sales, but they are somewhat more reflective of what devices are in circulation today. In that sense, the shift between Symbian falling and Android rising is due to the fact that Android has been the biggest benefactor of Symbian’s decline.

“Malware in general has a parasitic relationship with its host,” writes Sean Sullivan, security advisor at F-Secure Labs. “As old Symbian handsets continue to be replaced by those with other operating systems, especially Android, Symbian malware dies off and will probably go extinct in 2013.”

In terms of what forms malware is taking, F-Secure says that 66% of detections were Trojans (malware masked as something else). F-Secure believes that Google’s increased security prompts, which it introduced with the 4.2 variant (Jelly Bean), should help bring that number down. However, if you look at Google’s most recent stats on distribution, released this week, Android 4.2 is only at 1.6% — meaning that this make take some time to come to pass. (For the record, Gingerbread 2.3.3 and upwards remains the most popular in terms of distribution, at 44%, with Ice Cream Sandwich at number-two with 28%).

Another major problem continues to be dodgy SMS messages: F-Secure notes some 21 of the 96 Android threat variants come from premium SMS that encourages downloads and sometimes end up as repeat problems by way of subscription services to which users unwittingly become subscribed. Then, users don’t know about this until the charge comes up on their bill — if they bother to scrutinize that bill, that is.

Interestingly, F-Secure also notes that those releasing malware have become more sophisticated in their reasons for infiltrating devices. Specifically, there’s been a significant shift in terms of malware attacks becoming financially motivated over the last several years, with financial gains now well outweighing those attacks that have been made in the past. Why the shift? It may be because malicious hackers were still learning the ropes for how to infiltrate devices back in the day.

Or it could be something else: The rise in financial motivations also speaks to the fact that we as a population are using our devices for significantly more transactional services — and that makes them increasing targets for attacks aimed specifically at that fact. This is something that will eventually have to be squared with all the many ambitions and developments in the market today to turn our handsets into our default wallets.