Home / / FireEye reports massive rise in Android malware

FireEye reports massive rise in Android malware

Company reports 500% rise in apps designed to steal financial data

FireEye reported a 500% increase in malicious apps that target financial data.
FireEye reported a 500% increase in malicious apps that target financial data.

The amount of Android apps designed to steal financial data increased dramatically in 2013, according to research from FireEye.

The security company said that after conducting research in the second half of 2013, it found a 500% increase malicious apps that are intended to steal financial data.

According to a new report from FireEye, titled ‘Out of Pocket: A Comprehensive Mobile Threat Assessment of 7 Million iOS and Android Apps' levels of malware increased on both Android devices and also on iOS devices.

FireEye threat researchers analyzed seven million mobile apps on both Android and iOS platforms from January to October 2014. Researchers reviewed popular apps with more than 50,000 downloads to assess their exposure to a common vulnerability, and found that 31% of them were exposed to it. Of those, 18% were in categories with potentially sensitive data, including finance, medical, communication, shopping, health, and productivity.

"Today, mobile apps represent a significant threat vector for enterprises," said Manish Gupta, senior vice president of products at FireEye. "Worse, most enterprises have little or no information on mobile security risks nor any way to deal with an advanced attack on a mobile device. Our findings highlight the threat apps pose and why enterprises must implement a mobile security policy that focuses on applications."

The report highlights a number of risks to mobile users, including malicious apps that steal information once installed, legitimate apps written insecurely by developers, legitimate apps using insecure or aggressive ad libraries, malware or aggressive adware that pass Google Play checks and are thus assumed ‘safe', identity theft and premium rate phone and SMS fraud.

The report also identifies a new delivery channel for iOS malware that bypasses the Apple App Store review process. Attackers can take advantage of enterprise/ad-hoc provisioning to deliver malicious apps to end users, either through USB connections or over the air. FireEye researchers found more than 1,400 iOS apps publicly available on the Internet introducing variants of security issues, signed and distributed using enterprise provisioning profiles.