Android-focused cybercriminals are racing to catch up to the mobile industry – releasing ten new malicious APK files (Android Package Kits) for every 1,200 Android subscriptions added. With growth rates in 2017 over six times faster than mobile smartphone subscriptions, Android-based malware is a significant threat to mobile networks and their subscribers.
Cybercriminals have tapped into both the vulnerabilities and popularity of the Android OS and its ecosystem. There are over two billion Android devices, 15 Android OS versions active in mobile networks, and more than 700 device models. Half of these – 1 billion Android devices – have outdated operating systems, making them a ripe target for malicious actors.
The large majority of malicious APKs were delivered to the victims via simple web downloads. Typically, subscribers unknowingly install malicious APKs and are, therefore, unwitting accomplices to malicious activities. Since Android malware requires user interaction for an APK to be loaded onto a mobile device, adversaries often resort to social engineering to lure the user into taking multiple steps to install unknown APK files, such as asking the user to “Allow APKs from unknown sources,” and requiring the user to confirm installation as well as permissions to read specific data during installation. Once installed, however, malware often works in the background without the user’s knowledge, propagating malware to other devices, joining botnets, stealing subscriber data, demanding ransom or attacking mobile infrastructure.
These are some of the findings of our recently published report, Look What's Riding your Network: A Deeper Look at Growing Threats to Mobile Networks and Subscribers. The report summarizes the rapid growth of malicious APK files and provides a peek into the malware and other threats found in live mobile networks.
The report draws from Unit 42 research, Palo Alto Networks WildFire threat analysis, observation of multiple service provider networks, and other industry research. Palo Alto Networks WildFire includes an extensive threat database documenting malware impacting Android, iOS and many other threats to mobile networks and devices.
In 2017, global mobile subscriptions will reach a total of 7.8 billion. By 2022, the total is expected to reach 9.1 billion, according to a recent Ericsson report. Cybercriminals have taken note and will continue to turn their malicious activity toward mobile.
Armed with full visibility from Palo Alto Networks, including correlation of “threat to subscriber” identifiers, mobile network operators can make more effective policy and prevention decisions, such as blocking communication to known malicious sites, blacklisting DoS-generating endpoints, and notification of subscribers.
To learn more: