Mobile malware stepped up an order of magnitude in volume and sophistication during 2011 and this trend has continued in the first quarter of 2012, according to F-Secure’s latest quarterly report.
The threat posed by such malware in the real world has always been hard to assess but the numbers in the company's Mobile Threat Report show a clear pattern, especially for the number one malware target, Android, which dominates the statistics.
The security companies haven’t been exaggerating – while the success of new malware remains to be gauged something is definitely going on.
In the first quarter of 2011 10 new families and variants of Android malware were discovered. A year later this has nearly quadrupled to 37 families while in the same period the number of malicious APK files (malware types used in specific attacks) has risen from 137 to 3,063.
To put the Android numbers into a wider context, in the same period Symbian recorded 12 malware families; there were no recorded examples of new malware on other platforms during the quarter.
“This growth in number [for Android] can be attributed to malware authors crafting their infected or trojanised applications to defeat anti-virus signature detection, distributing their malware in different application names, and trojanising widely popular applications,” said F-Secure’s researchers.
The ominous trend is that quarter-on-quarter malware is not only getting more common but more sophisticated.
An important technique is the use app ‘wrappers’ to allay the suspicion of users that rogue software might have been installed. These work by bundling legitimate apps with malware in order to gain permissions without the user understanding what it is being granted for.
F-Secure offers the recent example of malware using Angry Birds and Instagram Android apps as covers for premium rate SMS text apps. This trick looks likely to grow in popularity.
"The most interesting malware trends over recent months has been the increase in trojans that deliver on their promises. This makes it harder for victims to know they have been victimised as there is less for them to detect," said F-Secure security advisor, Sean Sullivan.