In the recently announced Sophos’ 2017 malware forecast the researchers explored the specific malware designed for Android devices. Sophos analysis systems processed more than 8.5m suspicious Android applications in 2016. More than half of them were either malware or potentially unwanted applications (PUA), including poorly behaved adware.
The Sophos statistical analysis comparing the ratio of malware to potentially unwanted applications (PUA) across Windows, Mac and Android illustrates a trend we’ve been seeing for some time: attackers are heavily focused on Android devices.
The analysis also shows the bad guys using PUAs to slip past security sensors and penetrate Android and Mac devices. While Windows continues to be the most-targeted of all operating systems, but the ferocity against Android is clear.
And, the more open the system, the more susceptible it is to malware.
On the other hand, if the system has its own app store such as Mac and Android – or undergoes a system or human review – then malware writers will use PUA instead of malware. Malware writers see PUA as a way to more easily bypass security systems and achieve the same end goal they have with other malware – making money.
A look at the raw volume of samples analyzed by Sophos in 2016 painted the following picture:
· Of everything targeting Windows, 6% were PUAs while 95% was straight-up malware.
· Of everything targeting Android, 75% is pure malware and 25% were PUAs.
· Of everything targeting Macs, 6% was pure malware and 94% were PUAs.
While malware is designed to do harm, PUAs fall more into the nuisance category: annoying apps that run ads and pop-ups until you finally uninstall them.
Sunil Sharma, vice president-sales, Sophos India & SAARC said, “Though Android security risks remain pervasive, there’s plenty users can do to minimize their exposure, especially when it comes to the apps they choose. I believe this reports gives us a fair understanding of the threat landscape and will give a sense of direction to the enterprises on threats to watch out for in 2017.”
He added that, “Users need to be extra vigilant to protect against cybercriminals who amp up their nefarious ways while your guard is down. Be cyber aware and use best security practices. Only use verified software instead of free for all apps and keep updating your software devices as manufacturers keep adding patches to their firmware for increased device protection. For Mac users we recommend using a real-time anti-virus. Similar advice applies for malware and PUAs targeting Windows.”
When the lab reviewed the top 10 malware families targeting Android, Andr/PornClk is the biggest, accounting for more than 20% of the cases reviewed in 2016. Andr/CNSMS, an SMS sender with Chinese origins, was the second largest (13% of cases), followed by Andr/ DroidRT, an Android rootkit (10%), and Andr/SmsSend (8%). The top 10 are broken down in this pie chart: