More than 440,000 new strains of Android malware were discovered by security experts at G DATA analyzing data for the first quarter of 2015.
That the company's Q1 2015 Mobile Malware Report found so many strains of malware, representing a 6.4 percent jump from the quarter before, is not surprising, considering half of U.S. consumers use a smartphone or tablet to do their banking and 78 percent of those on the Internet make purchases online, giving cybercriminals a large pool of potential victims as well as the opportunity for significant financial gain.
“Mobile banking has become a very profitable target of opportunity,” Andy Hayter, security evangelist at G DATA, told SCMagazine.com in an email correspondence. “With mobile banking applications being new, bad guys are taking advantage, and targeting these apps since the majority of those using them are unaware that you should protect your mobile device from malware.”
The uptick represents 4,900 new Android malware files each day of the quarter, up 400 files daily from those recorded in the second half of 2014. About 200 new malware samples were identified daily, meaning that a new malware sample was discovered every 18 seconds.
Indeed, the motivation behind the Android malware was largely financial, with the G DATA experts contending that at least 50 percent of the malware being distributed is financially motivated, including banking and SMS Trojans, such as SVPENG and FAKETOKEN, among their numbers.
“Nothing ‘should' be a surprise in the findings,” Hayter said, since the rising number of Android-based devices has spawned greater opportunity. “The bad guys know to attack the platform with the most users, and the fact that Android is an open source with many versions makes it that much more of an easy target.”
However, Hayter noted, that the research indicated that users aren't protecting themselves in the mobile arena in the same way they are on the desktop. “What I think we are seeing is a segment of the user population that has accepted anti-malware software on their desktop PC, but not seeing the need on their mobile device,” he said.
Researchers also pointed out that all intelligent devices—from smart cars to heating equipment—are vulnerable to attack. More recently, security holes have been discovered in a number of these devices and researchers at G DATA contended that this would continue to be the case as the Internet of Things (IoT) comes to fruition. The devices, G DATA said, will represent a major attack vector, which pointed specifically to fitness devices as an example. “All of the data collected can be stolen if it is not properly encrypted,” the report said.
To prepare for the onslaught of devices and ratcheted up potential for breaches that IoT propagates, Hayter advised companies planning to use or implement such devices to assess devices' and applications' built-in security. “As this is a developing technology field one can expect many new hacking attempts,” he noted. “What does the device manufacturer say about security? Is there an update method? Can you add this device to all the intelligent platforms that you have to monitor in your company?”
Companies developing IoT devices should put a premium on security “when creating the application that controls it,” said Hayter, noting that “building in security as part of the initial design will pay off in the future.”