This site uses cookies. By continuing to browse this site you are agreeing to our use of cookies. Find out more.X

BT global security practice head claims one in three Android apps are malicious

Share this article:
Warnings over ability to 'Trojanise' Android apps
Warnings over ability to 'Trojanise' Android apps

The head of the global security practice at BT, Jill Knesek, has claimed that more than a third of all Google Android applications contain some form of malware.

According to EETimes, Jill Knesek said that after analysis of more than 1,000 Android applications, BT discovered that a third were compromised with some form of active or dormant malware.

“Almost every device is compromised with some kind of malware, although often it's not clear if that code is active or what it is doing,” she said in a panel discussion at the NetEvents Americas conference.

However when asked by ZDNet about the claim, BT said that the opinions were reflective of information available from public studies. BT said that it had done some testing on both Android and Apple OS environments, but not on the scale reported in the last week.

Paul Ducklin, Sophos's head of technology for Asia Pacific, questioned the comment, saying that if one in three apps is infected and the average device has ten apps installed, then it doesn't sound terribly far-fetched that almost every device might be compromised.

He said: “But if it's often not clear whether a device is infected, how can we be so sure that one in three apps really is compromised? Perhaps the risk is much smaller and more knowable than Knesek suggested?

Knesek's comments come a few days after G Data's Security Labs found a piece of malicious software for Android that shops for paid-for apps. Named ‘MMarketPay.A', it automatically buys paid apps without the knowledge of the smartphone or tablet user.

It said that the malware is hidden in fake GO Weather, Travel Sky or E-Strong File Explorer apps, and is being distributed through various Chinese websites and third-party provider app marketplaces. It said that the Trojan gains access to the mobile provider's app store and can then download and install additional malware or paid apps. While this is currently only targeting Chinese users, G Data Security Labs believed it could spread to Europe.

G Data said that the malware changes the mobile device's access point name and connects to China Mobile and the Trojan intercepts the confirmation message and provides a response via a specific server. The malware can then access China Mobile's app store without logging in, then purchase and install any apps at the victim's expense at any time.

Ralf Benzmüller, head of G Data's Security Labs, said: “We are watching the development of a new and lucrative business model for cyber criminals here. Hence we think it is quite possible that a modified version of this malicious app will appear in Europe and target the customers of European mobile providers."

The Trend Micro 2012 Q2 threat report said that 25,000 Android malware apps had been identified in the second quarter of 2012, an increase of 317 per cent over the number of samples found in the first quarter of 2012. However Trend Micro said that it had seen only one in five Android devices with a security app installed.

Share this article:

SC webcasts on demand

This is how to secure data in the cloud


Exclusive video webcast & Q&A sponsored by Vormetric


As enterprises look to take advantage of the cloud, they need to understand the importance of safeguarding their confidential and sensitive data in cloud environments. With the appropriate security safeguards, such as fine-grained access policies, a move to the cloud is as, or more, secure than an on-premise data storage.


View the webcast here to find out more

More in News

Tor Project unearths attack that identifies users

Tor Project unearths attack that identifies users

Users of The Onion Router (TOR) network have been warned of an attack that could deanonymise them if they used the service from February to July this year.

Hackers tap flaws in Amazon cloud to host DDoS botnets

Hackers tap flaws in Amazon cloud to host ...

Profitable and easy-to-use vulnerability exploited by cybercriminals says security researcher

China allegedly behind attack on Canadian research group

China allegedly behind attack on Canadian research group

One day on from claims that Chinese hacker group 'Comment Crew' was behind the theft of confidential documents on an Israeli missile defense system, the country is also being cited ...