Android, Symbian Malware on the Rise

Yes. You read that headline correctly. F-Secure is talking about the beleaguered and nearly defunct Symbian operating system, upon which Nokia halted nearly all development in February before announcing that it had been put in maintenance mode in September. Despite a nearly 63 percent drop in shipments of Symbian devices in the second quarter of this year and its modest 4.4 percent share of the global smartphone market, Symbian was the new home for 21 variants of malware in Q3, up 17 percent from Q2.

Android securityYes. You read that headline correctly. F-Secure is talking about the beleaguered and nearly defunct Symbian operating system, upon which Nokia halted nearly all development in February before announcing that it had been put in maintenance mode in September. Despite a nearly 63 percent drop in shipments of Symbian devices in the second quarter of this year and its modest 4.4 percent share of the global smartphone market, Symbian was the new home for 21 variants of malware in Q3, up 17 percent from Q2.

Of course, there is a perfectly logical reason for the growth in malicious activity on the Symbian platform, according to the Finnish security firm F-Secure. Just because the shipment of new Symbian devices is grinding to a halt doesn’t mean that older handsets and second-hand devices cease to exist. In fact, in parts of the developing world, such devices remain quite popular among criminals and consumers.

The picture isn’t rosy for Android either. Google’s mobile operating system was the target of some 51,447 unique malware samples in Q3, among those were more than 40 new families of malware. In the first and second quarters of 2012, Android saw 3,063 and 5,033 unique malware samples respectively. In August alone, Android was besieged by more than 35,000 new malware samples, which is the primary reason why the increase in unique samples for Q3 was so dramatic.

The rise comes even as Google implemented Bouncer, the security feature that scans all new and existing applications for malicious activity in the Google Play store. F-Secure doesn’t attribute the surge in malware to a lack of effectiveness on the part of Bouncer. Rather, Android seems to be the victim and the beneficiary of China’s explosive growth, which has made the world’s most populous nation also its foremost consumer of smartphones. On the one hand, Google is likely making a lot of money through its newfound 81 percent market share in the People’s Republic. However, on the other hand, we have all learned that with an increase in market share comes with the price of an equally substantial increase in exploitation.

The other problem for Android is the prevalence of third-party application market places in China and other countries that operate outside the authority of Google Bouncer. SMS subscription-based scams remain a big problem for users of Google Android and Symbian.

F-Secure also examined iOS, J2ME, Windows Mobile, and Blackberry. These platforms weren’t without threats, but Blackberry’s trouble with Zitmo (the mobile variant of the Zeus trojan), the emergence of the cross-platform surveillance tool Finspy, and other isolated incidents seem relatively trivial in comparison. Together, iOS, J2ME, Windows Mobile, and Blackberry produced just four new families of malware. All-in-all, Android-based threats accounted for 66.8 percent of threats in the first three quarters of this year, Symbian for 29.8 percent, J2ME and iOS for 1.1 percent apiece, and Blackberry and Windows Mobile for 0.6 percent each.

The report also details the top 20 threats from 2007 to present. FakeInst, which affected Android users, was reportedly the most prolific threat. In second and third place were Mobler and SMSAnywhere, which targeted the Symbian platform. In fourth was OpFake, targeting Android, J2ME, Windows Mobile, and Symbian, making it highest ranking multi-platform threat. Commwarrior on Symbian, Redoc on Windows Mobile, and DroidKungFu on Android came in at fifth, sixth, and seventh. Rounding out the final thirteen places in the top 20 were Flexispy, Merogosms, Boxer, Flocker, JiFake, Zhaomiao, Cyppy, BopSmiley, DroidRooter, Konov, Beselo, DroidDream, Smsspy, Yorservi, and Yxe.

You can read F-Secure’s Q3 Mobile Threat Report in its entirety here [pdf].

Suggested articles