Slashdot Mirror

← Back to Stories (view on slashdot.org)

A New Instance of Android Malware is Discovered Every 10 Seconds, Say Researchers (9to5google.com)

Posted by msmash on from the story-of-our-lives dept.

An anonymous reader shares a report: Security firm G Data says that a new piece of Android malware is discovered every 10 seconds. At this rate, the company is predicting that there will be 3,500,000 new malicious Android files by the end of the year. "The threat level for users with smartphones and tablets with an Android operating system remains high. In all, the G DATA security experts expect around 3.5 million new Android malware apps for 2017," they said. The firm said that the risk was heightened by the fact that only a small minority of users are on the latest version of Android.

42 of 106 comments (clear)

  1. Are we at the point yet by sl3xd · · Score: 3, Insightful

    That we can accept as a community that Android has a serious problem that needs solving, and needs to join its competition in the leper colony?

    --
    -- Sometimes you have to turn the lights off in order to see.
    1. Re:Are we at the point yet by Archangel+Michael · · Score: 4, Insightful

      No.

      Most of the "discovered" malware is in APKs (where's the Appy App Guy?) that is on sources other than the Google Play Store. You have to want to be infected to be infected. Kind a like saying "My google was hacked" during the last few days, when the reality is, you "allowed" it to be installed.

      --
      Agent K: A *person* is smart. People are dumb, stupid, panicky animals, and you know it.
    2. Re:Are we at the point yet by CrashNBrn · · Score: 2

      Except part of the problem is similar to the issue that enabled the gMail/OAuth hack -- the information that you need to make an informed decision is hidden or not available at all. And that issue keeps getting worse as the phone-interface gets minimized and simplified ad-nauseum.

      Further, Android wont even allow you to know who the Author|Dev of a given app is. We are allowed to know the "version" - bonus.

    3. Re:Are we at the point yet by Mordaximus · · Score: 3, Insightful

      That we can accept as a community that Android has a serious problem that needs solving, and needs to join its competition in the leper colony?

      Walled gardens aren't a solution to the problem. The piece of the puzzle that keeps the platform you alluded to less vulnerable is that OS updates are available at the same time, for every supported device. While with android (with some notable exceptions) you are at the whim of the telcos AND vendors to get updates, if you ever do. The fractured landscape is the major issue.

    4. Re:Are we at the point yet by sl3xd · · Score: 2

      I must not have been clear: I wasn't advocating for any platform, or walled gardens. I was saying that maybe we should consider Android to be something nobody should use until its security problems are addressed - just like its competition.

      --
      -- Sometimes you have to turn the lights off in order to see.
    5. Re: Are we at the point yet by chill · · Score: 1

      Stop thinking Walled Garden and start thinking Gated Community. And yes, that most certainly is a component of the solution. There is a reason gated communities have less crime in real life. Having that extra layer of protection does help, even if you haven't upgraded the alarm, windows, doors, and locks on your own personal house.

      Consider it a compensating control. There is no one Silver Bullet solution, including updates available everywhere at once. It would help, yes. But trying to frame this as an all-or-nothing problem is dooming it to certain failure.

      --
      Learning HOW to think is more important than learning WHAT to think.
    6. Re:Are we at the point yet by Anonymous Coward · · Score: 2, Insightful

      That is true. However, it is *also* true that the various players in the industry (the software developers as well as the vendors) operated under the belief that they could motivate people to continuously buy a new phone every 2 or 3 years. They were banking on huge profits from profligate spending.

      Most people don't want to burn through that kind of money! Their phone still works, so sticking with it is frugal and wise! But they can't upgrade the android version, because the phone provider won't support upgrades anymore, or the hardware is not compatible with the next major upgrade, and the software provider won't backport the security fixes to the older versions of android.

      So now they must shell out hundreds of dollars just to get a free security patch. Fuck that, it's a raw deal.

      I have gone back to a dumb phone. It has talk, text, calendar, camera, music, calculator etc... and cost me a whopping $20. No security worries. But OMG no Internet! The world is gonna end! I only have access to a desktop or laptop all day at work and all day at home, so I can't use Internet when I am travelling between! What ever will I do???

    7. Re:Are we at the point yet by fermion · · Score: 1

      Android is the new MS Windows. Over a billion users, mostly tech illiterate, makes them an easy target. So it is hard to say how much of this is sheer number of users and how much of this incompetence. In the case of MS, there was clearly so incompetence. The ability to email a MS Office document an take down a computer is clearly negligence. I don't know how many similar issues Android has. The fact that Android phones for the most part are not updated regularly is a significant issue.

      --
      "She's a scientist and a lesbian. She's not going to let it slide." Orphan Black
    8. Re:Are we at the point yet by pr0fessor · · Score: 4, Informative

      No.

      Google tries to keep malware out of the play store but malware does make it's way into the play store.

      Things like this are constantly popping up... Thinking that only using the google play store is enough is wrong.

      http://www.technewsworld.com/s...

      http://www.zdnet.com/article/c...

    9. Re:Are we at the point yet by Archangel+Michael · · Score: 1

      I get a new phone every two years or so. I don't buy top of the line, Samsung/Apple phones, or from the carrier. My current phone is a OnePlus 3T which is far better than my previous Google Nexus 6P in just about every way I need it to be. The one area that the 6P was better, was the special bands my carrier uses in my area to extend range, which my current phone does not have. But it isn't standard LTE frequencies,and only Tmo has them.

      The phone was about 1/2 price of the top of the line phone, and compares well against it. I can afford a phone every two years, or top of the line one every 4. Now you know.

      --
      Agent K: A *person* is smart. People are dumb, stupid, panicky animals, and you know it.
    10. Re:Are we at the point yet by Archangel+Michael · · Score: 1

      I didn't say it was enough to use just Google Play Store, I said it was the best option. The other option is installing the same apps from untrusted sources, which have surely been compromised rather than the probably more legit ones in the store.

      The best option is only install Apps you actually need, from companies that have been around a while. Most of the Crapware is on Crap apps that don't actually do anything, using permissions sets that should set of all kinds of alarms.

      --
      Agent K: A *person* is smart. People are dumb, stupid, panicky animals, and you know it.
    11. Re: Are we at the point yet by sl3xd · · Score: 1

      Stop thinking Walled Garden and start thinking Gated Community.

      Could you please expand on what you mean by "gated community" in this context, and how it differs from a "walled garden"?

      --
      -- Sometimes you have to turn the lights off in order to see.
    12. Re:Are we at the point yet by sl3xd · · Score: 1

      The fact that Android phones for the most part are not updated regularly is a significant issue.

      Not only are they not updated, but they cannot be updated by the user makes many Android devices little better than the legion of IoT devices.

      --
      -- Sometimes you have to turn the lights off in order to see.
    13. Re:Are we at the point yet by Just+Some+Guy · · Score: 1

      Kind a like saying "My google was hacked" during the last few days, when the reality is, you "allowed" it to be installed.

      Nope. As long as we maintain that attitude, security will be a dumpster fire. Basically, we've built a system that makes it dead simple for our users to shoot themselves in the foot. You and I might be clever enough to avoid the pitfalls, but it shouldn't take a degree in compsci to use a device safely any more than you should need to be a mechanical engineer to drive a car.

      The haughty "it's not our fault!" POV has to die if we're ever going to fix things. If we design systems that let our users get pwned at the drop of a hat, it's more our fault than theirs.

      --
      Dewey, what part of this looks like authorities should be involved?
    14. Re:Are we at the point yet by Mordaximus · · Score: 1

      I must not have been clear: I wasn't advocating for any platform, or walled gardens. I was saying that maybe we should consider Android to be something nobody should use until its security problems are addressed - just like its competition.

      Or I misread, good point either way.

    15. Re:Are we at the point yet by fluffernutter · · Score: 1

      Apparently you missed how you actually had to be stupid enough to walk off the paved path and into the swamp to get infected, even with Android.

      --
      Laws are rules for the court, but merely a bottom bar to hit for life. Think beyond laws in your actions always.
    16. Re:Are we at the point yet by fluffernutter · · Score: 1

      Maybe people shouldn't drive until car accidents stop happening.. because there are far more of those in the wild than Android infections.

      --
      Laws are rules for the court, but merely a bottom bar to hit for life. Think beyond laws in your actions always.
    17. Re:Are we at the point yet by fluffernutter · · Score: 1

      The market ALWAYS gives consumers what they want! You just have to accept what they sell.

      --
      Laws are rules for the court, but merely a bottom bar to hit for life. Think beyond laws in your actions always.
    18. Re:Are we at the point yet by fluffernutter · · Score: 1

      It doesn't take a comp sci to understand that you don't go on alternative app stores and start installing knockoff apps where most of the summary is in Russian.

      --
      Laws are rules for the court, but merely a bottom bar to hit for life. Think beyond laws in your actions always.
    19. Re:Are we at the point yet by Just+Some+Guy · · Score: 1

      Evidence has shown that this is incorrect. Repeatedly.

      --
      Dewey, what part of this looks like authorities should be involved?
    20. Re:Are we at the point yet by swillden · · Score: 1

      Google tries to keep malware out of the play store but malware does make it's way into the play store.

      Not much, not often. 0.15% of devices that only use Google Play have any "potentially harmful apps", which is actually a broader category than "malware".

      And if you have Verified Apps enabled, you'll be warned if you have malware installed.

      See: https://source.android.com/sec...

      The 2016 report will be out soon, I expect.

      --
      Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
    21. Re:Are we at the point yet by Altrag · · Score: 1

      No, the market will always give consumers the absolute least costly approximation of what they want, for the highest possible price they can possibly suck out of them, and anyone who complains just gets ignored because you have a grand total of 2 or 3 options and they all operate under the same principle.

      Back in the days before cheap mass transportation, the whole "vote with your dollar" idea worked great. Most markets were a couple hundred customers at best, and losing 10 or 20 was a significant hit to your business. Nowadays markets are tens or hundreds of millions of people wide and losing even a few thousand is barely a statistical anomaly.

    22. Re:Are we at the point yet by Altrag · · Score: 1

      And if they went the other way then you'd be bitching that they designed a walled garden and you're not free to do what you want with your device.

      As it stands, you have to go through 2 or 3 steps in order to open your phone up to untrusted apps -- and they warn you a time or two along the way that some software may well be malicious.

      Google does as much as they can to protect you from yourself, but at the end of the day, having the freedom to do whatever you want implies having the freedom to shoot yourself in the foot. Their only other option is to go Apple's route and just remove your freedom completely (and even then, the first thing a lot of people do is jailbreak it in order to remove Apple's restrictions.)

      Or of course you could mean that they should just go ahead and solve the halting problem and other literally impossible tasks in order to magically determine whether any piece of software has malicious intent (including stuff that hasn't been submitted to their store thus disallowing manual human checking.) But I'm gonna go ahead and guess you'll be waiting a long time for that, from any company.

    23. Re:Are we at the point yet by Sark666 · · Score: 1

      It's a huge problem to not be able to get timely updates, or continued support. After a year sometimes you are on your own. Now your device is outdated and you have no recourse to get to the latest version of android.

      Only if your device is supported by a rom. And roms are huge deal to make and support specific hardware.

      Imagine android was a generic rom and you got drivers from the manufacturers. As long as the driver model didn't break, you could use the original drivers on new android roms.

    24. Re:Are we at the point yet by fluffernutter · · Score: 1

      Yes because I should be prevented from going to a website I know and installing an APK from it because someone else goes to some Russian site and installs an app in Chinese and gets malware.

      --
      Laws are rules for the court, but merely a bottom bar to hit for life. Think beyond laws in your actions always.
    25. Re: Are we at the point yet by chill · · Score: 1

      Android has a toggle switch to allow you to install from sources other than the Play Store. You can also enable Developer Mode just by clicking an icon (repeatedly).

      Unlike Apple, where you're trapped inside unless you break out, Android provides a workable gate that can be opened and closed by the user.

      The simple answer is Google's team has by far and away more resources and experience in vetting app malware than most people. That extra layer of scrutiny is valuable.

      --
      Learning HOW to think is more important than learning WHAT to think.
  2. Yeah by Kohath · · Score: 1

    Walled gardens sure suck. Having to deal with millions of opportunities to be infected with malware is a small price to pay for ... native code pr0n apps.

    1. Re:Yeah by hyperar · · Score: 1

      Walled gardens sure suck. Having to deal with millions of opportunities to be infected with malware is a small price to pay for ... native code pr0n apps.

      Whenever i read someone saying that they rather have the power to run anything from anywhere i wonder what is it so great that you want to run and isn't on the Play Store?, 99.9% of the apps on the store are bullshit and only a few of them are really worth it, so, what is it that you get outside the Store that's so great?. This isn't a criticism on said philosophy, i really don't care what others do neither why they do it, i just find it curious, like there's something that i'm missing, most apps i download i end up deleting a few minutes later since they're crap

    2. Re:Yeah by Altrag · · Score: 1

      Typically its for apps that are blocked for non-technical reasons. Porn as the GP said (porn is always a big driver of everything digital..) anything that remotely has the scent of piracy attached to it.. things the overlords just don't like because they don't. Etc.

      Hell I bought a Humble Android bundle at one point. You had to enable non-store apps just to install those games for some bizarre reason.. Humble couldn't get Google to give them store codes or something.. I don't know/remember the whole situation but I was definitely surprised that turning off security was a recommended solution from an organization like Humble.

  3. How many people do they employ? by omnichad · · Score: 3, Interesting

    They found one instance of polymorphic malware and are using it to pad their numbers and make them look like they're working harder.

  4. Walled gardens demonstrably solve this problem. by Brannon · · Score: 1

    They come with a cost, and maybe for you the cost is too high--but it's absurd to claim that this isn't a solved problem.

  5. Instance Panic by PMuse · · Score: 1

    In other news, Minecraft software running on users' devices is estimated to spawn a new instance of ZOMBIE every 10 ticks, projected to total 26 days x 24 hours x 60 minutes x 60 seconds x 200 ticks x 1 zombie /10 ticks x 1/24 average play time x 100,000,000 copies sold = 187,200,000,000,000 ZOMBIES by the end of the month.

    How can we worry about a few million malware at a time like this?

    --
    "We reject as false the choice between our safety and our ideals." --The American President (20.1.2009)
    1. Re:Instance Panic by Falos · · Score: 1

      Because Android malware Android danger Android.

      X Xxx Xxxxxxxx xx Android Malware xx Xxxxxxxxxx Xxxxx xx Xxxxxx, xxx xxxxxxxxxx
      Xxxxxxxx xxxx X Xxxx xxxx xxxx x xxx xxxxx xx Android malware xx xxxxxxxxxx every 10 seconds. Xx xxxx xxxx, xxx xxxxxxx xx xxxxxxxxxx xxxx xxxxx xxxx xx 3,500,000 xxx malicious Android files xx xxx xxx xx xxx xxxx. "xxx threat level xxx xxxxx xxxx xxxxxxxxxx xxx xxxxxxx xxxx xx Android xxxxxxxxx xxxxxx xxxxxxx high. xx xxx, xxx X XXXX xxxxxxxx xxxxxxx xxxxxx xxxxxx 3.5 million xxx Android malware xxxx xxx xxxx," xxxx xxxx. Xxx xxxx xxxx xxxx xxx Xxxx xxx xxxxxxxxxx xx xxx xxxx xxxx xxxx x xxxxx xxxxxxxx xx xxxxx xxx xx xxx xxxxxx xxxxxxx xx Android.

  6. Malware, yeah by Artem+S.+Tashkinov · · Score: 1

    The threat level for users with smartphones and tablets with an Android operating system remains high.

    Sigh. Yet another advertisement for a "security" company which most likely sells some "security" related products and/or services.

    The truth is if 1) you don't have "unknown sources" enabled on your Android (it's OFF by default) 2) you update your Android software (it's updated by default) 3) your device receives regular updates, you're almost perfectly safe and you don't need to be running any AV product on your Android.

  7. More importantly... by Gravis+Zero · · Score: 1

    How many instances of Android malware goes undiscovered?

    --
    Anons need not reply. Questions end with a question mark.
  8. Re:Does the malware affect all android versions? by omnichad · · Score: 1

    Android only names their OS after sweet foods. Like "Apple" or "Blackberry."

  9. How does it compare.. by sqorbit · · Score: 1

    How does this compare to Windows, iOS, and others. Are we bashing Android because we can without knowing how often Windows is attacked?. My guess is that Windows equals or exceeds this.

    --
    Sent from my TARDIS
  10. Yet, who gets infected? by nevermore94 · · Score: 1

    Despite all of this Android malware that is supposedly in the wild, who actually gets infected by it? Sure, I am computer systems engineer and know better than to do dumb things, but I know many people in lots of different tech and non-tech circles with Android phones and I have never even heard an anecdotal rumor of someone actually getting some kind of malware on their phone. Despite all of the malware clickbait stories, people with modern phones on major carriers that aren't trying to use pirated apks from shady sites seem to be pretty darn safe. Wake me up when there is a major worm outbreak that affects Android 6+ phones on Verizon and AT&T.

    --
    Nevermore.
  11. I'm on my 7'th year and never seen any by AbRASiON · · Score: 1

    Nor has anyone I know or help or am related to etc.

    Android has other problems, I think Google should simply pull a full halt on feature development for 3 months solid and have a "quarter of optomisation" period where they damn well try to speed the things up. 3 year old iphones still 'feel' snappier due to clever tricks and better code.

  12. Still less than Windows by manu0601 · · Score: 1

    1 malware for 10 seconds means 8640 per day, which is still much lower that Windows' malware feed which was over 50000 malware sample per day in 2010

  13. Re:That's why I stick to iOS devices by peawormsworth · · Score: 1

    I realize your flaming. But I have to say that the opposite is true. The security holes in open source software are usually found only because it is open source. If there are holes in open source, then by definition it means that the original programmers missed it. If it was closed source, then we still would not have these fixes and we would remain vulnerable. And how exactly do the Russians or other boogie men get their holes in the code without it being part of the source code? Because if I was a hacker, I would want my holes in closed source, so the target has no way of knowing it is there.

  14. Malware = Ownership by peawormsworth · · Score: 1

    If you cannot install a virus/malware on your device, then you don't actually own it.