The amount of mobile Android malware has surged this year, from a count of 30,000 malware specimens in June to almost 175,000 last month, according to Trend Micro's Security Roundup report for the third quarter of this year.
"When we predicted earlier there would be 125,000 by the end of the year, Google called us charlatans," says Raimund Genes, Trend Micro's chief technology officer, who says the security firm is counting Android malware variants as it does with Windows-based malware specimens. The Trend Micro report notes the fake versions of legitimate Android apps are the most prevalent type of Android malware, counted at 29,309. Others have names like Boxer, Kmin, Opfake, Trojsms, Ginmaster and Droidkungfu.
Ironically, since the Google Android operating system has undergone a kind of fracture due to so many variations of it being used by different manufacturers on Android mobile devices, this has probably actually slowed down hackers trying to attack the Android OS, Genes notes. And despite the surge in mobile malware, it's still far below the many millions of Microsoft Windows-based malware variants.
With directness, the Trend Micro report also takes aim at an area of growing concern, Android adware, devising a "Top 10 Most Aggressive Android Adware" list of adware that may send an excessive, undeclared amount of personal information captured off a device to ad networks.
A lot of this adware has come though the legitimate Google Play app store, and sometimes has been yanked when objections were voiced, but in Trend's view, this marketing adware has to be considered insidious if only because it's grabbing user personal data off Android devices outside of the adware's declared purpose by the developer, including licensing agreements.
This might be anything from geolocation data to unique ID of the phone and phone numbers you call and your contacts, among other things, Genes says. Often, "there's no way to opt in or opt out," he notes. "In Europe, it's illegal to grab that information."
Trend says it's analyzed adware for what it considers clear privacy violations, and some of these adware suppliers are not pleased to be named as "aggressive Android adware" and their lawyers are sending threatening letters to Trend Micro.
But Genes says Trend feels confident in its position and will continue to voice its concerns about ad networks that fail to alert users of adware's data-gathering behavior. The mobile adware issue evokes similar circumstances of years ago when what then came to be known as "spyware" targeting Windows desktops for marketing purposes became a battle in the security industry, too.
On Trend Micro's "Top 10 Most Aggressive Android Adware" list is:
Airpush with 26,321 Leadbolt with 20,502 Touchnet with 8,541 Gappusin with 6,978 Adwizp with 4,254 Plankton with 4,137 Adswo with 3,342 Wooboo with 2,032 Wapsx with 515 |Mobiletx with 100
Trend Micro bases much of its report findings on data collected across its cloud-based Smart Protection Network for global threat intelligence. There's also an update on the top spam-sending countries where email spam originates (though it's often thought to be controlled through botnets whose masters may reside in an entirely different country). Currently, the surprise is that Saudi Arabia has suddenly come from nowhere to become the top spam-sending country.
"This is really new," comment Genes, and it's probably because spam filtering has improved in other countries, such as the U.S, India and Turkey, and spammers are currently turning to Saudi Arabia as a new place to exploit compromised computers and networks to blast spam across the world.
Ellen Messmer is senior editor at Network World, an IDG publication and website, where she covers news and technology trends related to information security. Twitter: @MessmerE. Email: [email protected]
Read more about wide area network in Network World's Wide Area Network section.