BT global security practice head claims one in three Android apps are malicious

News by Dan Raywood

The head of the global security practice at BT, Jill Knesek, has claimed that more than a third of all Google Android applications contain some form of malware.

The head of the global security practice at BT, Jill Knesek, has claimed that more than a third of all Google Android applications contain some form of malware.

According to EETimes, Jill Knesek said that after analysis of more than 1,000 Android applications, BT discovered that a third were compromised with some form of active or dormant malware.

“Almost every device is compromised with some kind of malware, although often it's not clear if that code is active or what it is doing,” she said in a panel discussion at the NetEvents Americas conference.

However when asked by ZDNet about the claim, BT said that the opinions were reflective of information available from public studies. BT said that it had done some testing on both Android and Apple OS environments, but not on the scale reported in the last week.

Paul Ducklin, Sophos's head of technology for Asia Pacific, questioned the comment, saying that if one in three apps is infected and the average device has ten apps installed, then it doesn't sound terribly far-fetched that almost every device might be compromised.

He said: “But if it's often not clear whether a device is infected, how can we be so sure that one in three apps really is compromised? Perhaps the risk is much smaller and more knowable than Knesek suggested?

Knesek's comments come a few days after G Data's Security Labs found a piece of malicious software for Android that shops for paid-for apps. Named ‘MMarketPay.A', it automatically buys paid apps without the knowledge of the smartphone or tablet user.

It said that the malware is hidden in fake GO Weather, Travel Sky or E-Strong File Explorer apps, and is being distributed through various Chinese websites and third-party provider app marketplaces. It said that the Trojan gains access to the mobile provider's app store and can then download and install additional malware or paid apps. While this is currently only targeting Chinese users, G Data Security Labs believed it could spread to Europe.

G Data said that the malware changes the mobile device's access point name and connects to China Mobile and the Trojan intercepts the confirmation message and provides a response via a specific server. The malware can then access China Mobile's app store without logging in, then purchase and install any apps at the victim's expense at any time.

Ralf Benzmüller, head of G Data's Security Labs, said: “We are watching the development of a new and lucrative business model for cyber criminals here. Hence we think it is quite possible that a modified version of this malicious app will appear in Europe and target the customers of European mobile providers."

The Trend Micro 2012 Q2 threat report said that 25,000 Android malware apps had been identified in the second quarter of 2012, an increase of 317 per cent over the number of samples found in the first quarter of 2012. However Trend Micro said that it had seen only one in five Android devices with a security app installed.


Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews