An increasing number of Android phones are infected with mobile malware programs that are able to turn the handsets into spying devices, according to a report from Kindsight Security Labs, a subsidiary of telecommunications equipment vendor Alcatel-Lucent.
The vast majority of mobile devices infected with malware are running the Android operating system and a third of the top 20 malware threats for Android by infection rate fall into the spyware category, Kindsight said in a report released Tuesday that covers the second quarter of 2013.
The Alcatel-Lucent subsidiary sells security appliances to ISPs (Internet service providers) and mobile network operators that can identify known malware threats and infected devices by analyzing the network traffic.
Data collected from its product deployments allows the company to compile statistics about how many devices connected to mobile or broadband networks are infected with malware and determine what are the most commonly detected threats.
The malware infection rate for devices connected to mobile networks is fairly low, averaging at 0.52 percent, Kindsight said in its report. These infected devices include mobile phones as well as Windows laptops that use a mobile connection through a phone, a 3G USB modem or a mobile hotspot device.
In January the number of infected mobile phones accounted for slightly more than 30 percent of all infected devices connected to mobile networks, but by June they grew to more than 50 percent.
The vast majority of infected mobile phones run Android. Those running BlackBerry, iOS and other operating systems represent less than 1 percent of infected mobile devices, Kindsight said.
When calculated separately, on average more than 1 percent of Android devices on mobile networks are infected with malware, Kindsight said in its report.
The malware threat most commonly seen on Android devices was an adware Trojan program called Uapush.A that sends SMS messages and steals information, Kindsight said. Uapush.A was responsible for around 53 percent of the total number of infections detected on Android devices.
The second-most-common Android threat was a Trojan program called QdPlugin, whose primary purpose is to install and control other adware programs. This malware is distributed as repackaged versions of legitimate games and connects to a control server located in the U.S.
A particularly worrying trend is the increase in the number of spyware threats that appear in the top 20, according to Kindsight. Spyware programs can typically record phone calls and text messages; track the phone’s location; monitor email, social media and browsing activity; access photos and contact information, and more.
“Until now mobile spyware has been aimed at the consumer market, with the promise of being able to track your loved one’s every move through their phone,” said Kevin McNamee, security architect and director of Alcatel-Lucent’s Kindsight Security Labs, in a blog post Tuesday. “But locating teenagers and a straying spouse are only one part of the story.”
“Mobile spyware in the ‘Bring Your Own Device’ (BYOD) context poses a threat to enterprises because it can be installed surreptitiously on an employee’s phone and used for industrial or corporate espionage,” McNamee said.
In order to demonstrate the risks posed by such threats, Kindsight has developed a proof-of-concept spy-phone program that can be injected into other Android applications and can provide the attacker with backdoor access to enterprise networks. He plans to present it at the Black Hat USA 2013 security conference in Las Vegas next week.
Kindsight’s report also contains infection statistics for home networks, saying that 10 percent of them showed signs of malware infections. Six percent of home networks had infections with high-threat-level malware like botnets, rootkits or banking Trojans programs, Kindsight said.