Report: Number of infected Android devices on the rise, due to third-party application

Nokia’s Threat Intelligence report shows that the majority of infected devices that connect to mobile networks were indeed Android phones. Nokia praises Google’s efforts with Google Play Protect and says that Play Store’s defenses are much better than they were two years ago.

According to Nokia, Companies typically receive hundreds of thousands of security alerts per year, up to 70 percent of which are never investigated. In addition, the proliferation of point security solutions in customers’ networks is extremely complex and difficult to manage. The Uapush adware is the most popular malicious app, the Jisun ransomware came in second and the Marcher banking trojan in third. The average infection rate was 0.68%.

However, third-party app stores are less protected and are a common vector of infection. The biggest threat are trojanized apps – once that pose as popular apps (say, Netflix) but contain malicious code. Due to government restrictions, essentially all Androids in China use a non-Google store.

Other key findings of the 2017 Nokia Threat Intelligence Report include:

  • Smartphone infections at 72 percent – Smartphone infections accounted for 72 percent of all mobile network infections. The rest were due to Internet of Things (IoT) devices and Windows-based PCs.
  • Android OS the prime target – Android malware samples grew 53 percent in 2017, and Android devices accounted for 69 percent of all infections (vs. 74 percent in 2016), primarily due to the proliferation of insecure third-party application stores (96 percent of app. market).
  • Increase in Windows/PC infections – Infections of Window/PC systems increased in 2017: 28 percent compared to 22 percent in 2016. Infections on other platforms, including iOS devices remained steady at approximately 4 percent.
  • Misbehaving applications – Misbehaving applications (due to software updates and other ecosystem changes) caused significant performance issues – in some cases resembling a DDoS attack.
  • More aggressive adware – Increasingly aggressive adware samples from third-party applications became more difficult to uninstall, displayed ads when the host application was not in use, and compromised personal information such as phone numbers, e-mail addresses and contact lists.
Note that Nokia collects this info via NetGuard, a security product used by mobile network operators. This way it can detect infected devices with no client-side software, but it skews the numbers against smartphones as it only tracks Windows systems that use a dongle or are tethered through a phone (i.e. not ones with a fixed home Internet connection).
To Top