Security Research
Showing results for 
Search instead for 
Do you mean 

Trick or treat? Who’s afraid of mobile malware?

Heather_Goudey on ‎10-31-2013 06:07 PM

While attending the annual Virus Bulletin International Conference earlier this month, I was surprised to hear a security researcher indicate to the attending malware experts that statistically, Android malware is not a significant concern.


This presentation really stood out, as the statistics presented were in contrast to the impression I have on the threat posed by malware on mobile platforms. The last few years, there have been a number of professional research papers detailing the increasing threat to the mobile space.  Android devices, according to these papers, have been increasingly targeted. As the popularity of Google’s Android platform has increased, so has the volume of malware targeting its consumers. 


McAfee, in its quarterly threat report released this August, reported roughly 17,000 new Android malware samples added to their database, noting that “halfway through 2013, we have already collected almost as many mobile malware samples as in all of 2012.”


The computer security firm, Blue Coat, released a mobile malware report in February 2013.  It stated that Android devices offer “a unique case study on the rise of mobile malware. The unregulated app market and diversity of Android-based devices ensures that cybercriminals will find greater success targeting these platforms.” To be fair, it did also suggest that user-behavior alone may be easily exploited.


What may be more interesting is that Sophos, in its 2013 Security Threat Report, found Android threat exposure rates exceeding those of PCs in the United States and Australia.


Also significant is a report published in July by (associated with the United States’ Department of Homeland Security) which indicates that “44 percent of Android users are still using Android versions 2.3.3 through 2.3.7 - known as Gingerbread - which were released in 2011 and have a number of security vulnerabilities that were fixed in later versions.


After 15 years spent working in the anti-malware space, I have seen some significant shifts in the threat landscape. When I started, our databases of malware were comparatively very, very small.  We saw one, or two, or three, dramatic threats at a time. In effect, these would sweep the globe, we would clean them up and we would wait for the next one, which might be weeks or months away. We have seen this change into a vast and distributed threat landscape of constant threats and seemingly infinite variants. I acknowledge that today the mobile malware landscape is relatively small when compared against this vast malware landscape of the desktop. I acknowledge the shift to mobile malware has been slower than some imagined it might be. This should not, however, give us the permission to think that the uptick we are seeing now is anything other than the significant shift we have been expecting.  Crime will follow opportunity. Malware will follow technology. Our job is to make the technologies more secure for users where we can.  The rapid adoption of newer and more sophisticated mobile devices by consumers and the marked rate of growth of malware in the mobile space absolutely warrants close monitoring and ongoing research by the computer security community.


Of course, Android isn’t the only mobile platform – there are several significant others and these comments apply to mobile technology in general, not to Android specifically.


As always, the team looks forward to time spent with the very creative minds that help us keep users safe. The HP ZDI team is excited to attend the PacSec Applied Security Conference in Tokyo, Japan next month, where Google and BlackBerry will join us as sponsors of the Mobile Pwn2Own challenge to demonstrate unpublished mobile 0-day attacks. 


Shannon Sabens

HP Security Research

0 Kudos
About the Author


27 Feb - 2 March 2017
Barcelona | Fira Gran Via
Mobile World Congress 2017
Hewlett Packard Enterprise at Mobile World Congress 2017, Barcelona | Fira Gran Via Location: Hall 3, Booth 3E11
Read more
Each Month in 2017
Software Expert Days - 2017
Join us online to talk directly with our Software experts during online Expert Days. Find information here about past, current, and upcoming Expert Da...
Read more
View all