Android Accounted For 79% Of All Mobile Malware In 2012, 96% In Q4 Alone, Says F-Secure

Is it because Android is the most popular smartphone platform in the world right now, or is it because it’s just fundamentally easier to attack? In any case, Google’s mobile juggernaut Android continues to be the world’s biggest magnet for mobile malware. According to a report out today from security specialists F-Secure, Android accounted for 79% of all malware in 2012, up from 66.7% in 2011 and just 11.25% in 2010. On the other side of the spectrum, Apple’s iOS, the world’s second-most popular platform for smartphones in terms of new purchases, remains one of the least compromised, with 0.7% of malware on its platform.

Symbian, whose market share is in rapid decline and is being left for dead by its former parent Nokia, is down to 19% of all malware, compared to 62.5% two years ago. F-Secure predicts that it will go the way of the dodo bird and become extinct in 2013, as users replace their Nokia handsets with Android devices. Meanwhile, Windows Mobile, BlackBerry and J2ME each accounted for less than 1% of threat families in circulation in the year.

f-secure malware 2 (annual)

Breaking down progress over the past year, Android’s malware record appears to have seen a particularly bad spike in Q4 2012. F-Secure notes that in the fourth quarter it accounted for a full 96% of attacks. In fact, according to its records, all other platforms except for Symbian (at 4%) didn’t appear to have any malware threat families received at all.

F-Secure malware 1

Holding these up to Q4 market analysis, these figures are not proportionate to market shares for current sales, but they are somewhat more reflective of what devices are in circulation today. In that sense, the shift between Symbian falling and Android rising is due to the fact that Android has been the biggest benefactor of Symbian’s decline.

“Malware in general has a parasitic relationship with its host,” writes Sean Sullivan, security advisor at F-Secure Labs. “As old Symbian handsets continue to be replaced by those with other operating systems, especially Android, Symbian malware dies off and will probably go extinct in 2013.”

In terms of what forms malware is taking, F-Secure says that 66% of detections were Trojans (malware masked as something else). F-Secure believes that Google’s increased security prompts, which it introduced with the 4.2 variant (Jelly Bean), should help bring that number down. However, if you look at Google’s most recent stats on distribution, released this week, Android 4.2 is only at 1.6% — meaning that this make take some time to come to pass. (For the record, Gingerbread 2.3.3 and upwards remains the most popular in terms of distribution, at 44%, with Ice Cream Sandwich at number-two with 28%).

Another major problem continues to be dodgy SMS messages: F-Secure notes some 21 of the 96 Android threat variants come from premium SMS that encourages downloads and sometimes end up as repeat problems by way of subscription services to which users unwittingly become subscribed. Then, users don’t know about this until the charge comes up on their bill — if they bother to scrutinize that bill, that is.

threats by type

Interestingly, F-Secure also notes that those releasing malware have become more sophisticated in their reasons for infiltrating devices. Specifically, there’s been a significant shift in terms of malware attacks becoming financially motivated over the last several years, with financial gains now well outweighing those attacks that have been made in the past. Why the shift? It may be because malicious hackers were still learning the ropes for how to infiltrate devices back in the day.

Or it could be something else: The rise in financial motivations also speaks to the fact that we as a population are using our devices for significantly more transactional services — and that makes them increasing targets for attacks aimed specifically at that fact. This is something that will eventually have to be squared with all the many ambitions and developments in the market today to turn our handsets into our default wallets.

Screen Shot 2013-03-07 at 09.39.02

Update: TC has reached out to Google for a comment, but a spokesperson says that the company does not comment on security company reports. Also worth pointing out a dissenting opinion on the above data from a reader in the comments below, highlighting that what gets identified as malware may sound more alarming than it actually is.

“F-Secure can say that anything is malware, even ‘dodgy sms’ which doesn’t fall under the definition of malware…. They say they detected trojans, but they didn’t explain what were their effects on the system, because if they did, everyone will know they’re not really trojans, that’s only what they want you to think,” he writes. “I’ve been using different droids for 3 years now, never had an issue with them. I’m a developer by the way.”

Be that as it may, there are more than security vendors putting out reports and warnings on malware and cybersecurity threats. Smartphones are still an emerging area — but a hugely popular one — and therefore remain a moving target.