Mobile malware infections relatively low, study shows

Malware targeting Google’s Android operating system is not yet as big a problem as some security suppliers claim, study reveals

Malware targeting Google’s Android operating system is not as big a problem yet as some security suppliers are claiming, a study has revealed.

The study of North American wireless 4G internet traffic, carried out by security firm Damballa and Georgia Tech, found that of 380 million mobile devices, less than 1% were infected with malware.

“This means that real users on a real network are seeing low volumes of real mobile malware,” said Brian Foster, chief technology officer at Damballa.

Those infections were the normal variety of bot-related malware that is seen on the PC, he said, including malware for setting up botnets as well as malware for spam, phishing and fake antivirus.

The findings of the study support Google’s own findings, presented at the Virus Bulletin conference in Berlin in October, that less than 1% of Android installations from Google Play are malicious.

Damballa was able to analyse passive domain name system (DNS) data from cellular and wired internet service providers (ISPs) with visibility into 43% of wired and 33% of wireless traffic in North America.

Although mobile malware is certainly something we need to keep an eye on, it is nowhere near what we are seeing on the PC

Brian Foster, Damballa

The study observed that mobile devices connected to the same infrastructure for malware command and control as PCs 98.7% of the time.

This means that the bad guys out there that writing PC malware are the same guys experimenting with Android malware,” said Foster.

“They are also using the same infrastructure to communicate instructions to whatever malware is running on Android,” he told Computer Weekly.

Another interesting fact uncovered by the study, he said, was that 99.99% of all the malware classified as mobile was actually running on a PC tethered to a mobile device.

“Less than 1% of the infections on the network was malware actually running on a mobile phone,” said Foster.

This means the huge numbers of mobile malware variants being detected by security suppliers do not appear to be translating into real-world infections in the North American region.

“Although mobile malware is certainly something we need to keep an eye on, it is nowhere near what we are seeing on the PC,” he said.

More on mobile malware

Foster added that most malware that security researchers see is not seen by the average user, and the research provides a new perspective on the scale of malware threats.

According to Damballa, one of the reasons mobile malware is still low is that while PC malware is easy to distribute through online downloads, mobile apps are more tightly controlled and vetted by app stores.

“We see pockets of more widespread Android malware, but only in regions of the world such as the Middle East and parts of Asia where there is no Google Play market,” said Foster.

However, he said those behind Android malware have always been innovative, which is unlikely to change. 

In the meantime, the report concludes that mobile application markets are providing adequate security for a majority of mobile devices.

Read more on Endpoint security