Why it matters: A new threat report from security firm Eset has detailed several developments regarding cyberthreats, one of which touches on Android’s well-documented malware issues. Researchers noted how aggressive ransomware tactics have increased in recent months, in addition to a sharp uptick in brute-force attacks and workers from home being targeted by deceptive phishing campaigns.
One area focused on within the report is the current state of Android malware. "It is an open source system with many vendors having their own Android versions (with their own vulnerabilities and patching problems)," Eset security awareness specialist Ondrej Kubovič told The Register.
There is good reason for Kubovič’s concerns: the report highlighted how Android threat detections increased in T2 2021 -- the second analysis report out of three in a year -- by 32.6%. Android banking malware, in particular, grew by 49% (158.7% in T1). Growth has declined, but "the trend is worrying given the direct impact of these threats on the financial situation of their victims," the company stressed.
Leading the top 10 Android threat detections in T2 2021 is Android/Snaptube PUA, which requests affected users to download several additional apps. Spyware and Adware are categories that experienced a 71% and 63% increase, respectively. Android threat categories that were declining but are starting to grow again are Clickers (26.9%), HiddenApps (11.3%) -- deceiving apps that hide their own icons -- and SMS trojans (3.8%).
Threat categories for Google’s smartphone operating system, found on around 80% of the world’s phones, that declined during T2 were Cryptominers (-14.3%) and Ransomware (-7.7%), both declines being mostly attributed to the variations of cryptocurrency prices.
Countries that were affected the most by Android threats in T2 were Russia, India, Brazil and Argentina -- they’re the usual suspects because of the substantial amount of users and size of the countries -- but accompanying them are also Mexico, Ukraine, Turkey, Peru, and Slovakia.
Not to say Apple’s iPhone and iOS are immune to attacks, but Android’s malware problems are prevalent due to its open platform, whereas iOS is a closed ecosystem, hence the emphasis on Google’s OS in the report. Apple has complete control over both the OS and apps that can be installed -- although some apps do slip through the review process -- while Android imposes no limitations on the applications that can be installed, thus making it considerably easier for hackers to target victims.
One such case where malware had an adverse impact on Android users was a new trojan called GriftHorse. It was spread via 200 malicious apps approved on the Google Play store and several third-party app stores. More than 10 million Android devices from over 70 countries were infected, resulting in tens of millions of dollars being stolen from victims.
"One notable difference though: most cases where iOS was (or has been) targeted were high-profile attacks targeting zero-days or leveraging zero-click attacks," Eset's Kubovič added. "Based on that, we could say Android is more interesting to the 'average' cybercriminal as means of earning money, whilst iOS is typically in the cross-hairs of sophisticated groups, nation states, and/or spyware companies, aiming at very specific users. This of course is not clear cut – more of a blurry border – and each of those actors can target both operating systems."
So how is Google combating the worrying amount of malware attacks Android is subjected to? Researchers pointed towards some encouraging changes being implemented in Android 12. "Android's new iteration promises to provide users with more control over, and transparency about, how their data is being handled," the report said.
One such feature will be the Privacy Dashboard, which "will provide a clear and simple overview of app accesses to the device location, microphone, and camera over the past 24 hours." Currently in a beta phase, Android 12 will also "add indicators that show users in real time which apps are accessing their camera and microphone feeds."
While the report wasn’t as comprehensive regarding iOS threats, it did touch on exploits achieved on jailbroken devices. Recent reports also showcase how, while not as severe compared to Android malware cases, the iPhone can be exposed to vulnerabilities; a recently discovered flaw, for example, allows hackers to steal money on locked iPhones. Either way, Apple has claimed Android has 47 times more malware than its own OS.