Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror
Google Android Privacy Security

A New Instance of Android Malware is Discovered Every 10 Seconds, Say Researchers (9to5google.com) 106

An anonymous reader shares a report: Security firm G Data says that a new piece of Android malware is discovered every 10 seconds. At this rate, the company is predicting that there will be 3,500,000 new malicious Android files by the end of the year. "The threat level for users with smartphones and tablets with an Android operating system remains high. In all, the G DATA security experts expect around 3.5 million new Android malware apps for 2017," they said. The firm said that the risk was heightened by the fact that only a small minority of users are on the latest version of Android.
This discussion has been archived. No new comments can be posted.

A New Instance of Android Malware is Discovered Every 10 Seconds, Say Researchers

Comments Filter:
  • by sl3xd ( 111641 ) on Friday May 05, 2017 @11:26AM (#54360937) Journal

    That we can accept as a community that Android has a serious problem that needs solving, and needs to join its competition in the leper colony?

    • by Archangel Michael ( 180766 ) on Friday May 05, 2017 @11:30AM (#54360973) Journal

      No.

      Most of the "discovered" malware is in APKs (where's the Appy App Guy?) that is on sources other than the Google Play Store. You have to want to be infected to be infected. Kind a like saying "My google was hacked" during the last few days, when the reality is, you "allowed" it to be installed.

      • Re: (Score:2, Insightful)

        by Anonymous Coward

        That is true. However, it is *also* true that the various players in the industry (the software developers as well as the vendors) operated under the belief that they could motivate people to continuously buy a new phone every 2 or 3 years. They were banking on huge profits from profligate spending.

        Most people don't want to burn through that kind of money! Their phone still works, so sticking with it is frugal and wise! But they can't upgrade the android version, because the phone provider won't support

        • I get a new phone every two years or so. I don't buy top of the line, Samsung/Apple phones, or from the carrier. My current phone is a OnePlus 3T which is far better than my previous Google Nexus 6P in just about every way I need it to be. The one area that the 6P was better, was the special bands my carrier uses in my area to extend range, which my current phone does not have. But it isn't standard LTE frequencies,and only Tmo has them.

          The phone was about 1/2 price of the top of the line phone, and compare

      • by pr0fessor ( 1940368 ) on Friday May 05, 2017 @12:19PM (#54361341)

        No.

        Google tries to keep malware out of the play store but malware does make it's way into the play store.

        Things like this are constantly popping up... Thinking that only using the google play store is enough is wrong.

        http://www.technewsworld.com/s... [technewsworld.com]

        http://www.zdnet.com/article/c... [zdnet.com]

        • I didn't say it was enough to use just Google Play Store, I said it was the best option. The other option is installing the same apps from untrusted sources, which have surely been compromised rather than the probably more legit ones in the store.

          The best option is only install Apps you actually need, from companies that have been around a while. Most of the Crapware is on Crap apps that don't actually do anything, using permissions sets that should set of all kinds of alarms.

        • Google tries to keep malware out of the play store but malware does make it's way into the play store.

          Not much, not often. 0.15% of devices that only use Google Play have any "potentially harmful apps", which is actually a broader category than "malware".

          And if you have Verified Apps enabled, you'll be warned if you have malware installed.

          See: https://source.android.com/sec... [android.com]

          The 2016 report will be out soon, I expect.

      • Kind a like saying "My google was hacked" during the last few days, when the reality is, you "allowed" it to be installed.

        Nope. As long as we maintain that attitude, security will be a dumpster fire. Basically, we've built a system that makes it dead simple for our users to shoot themselves in the foot. You and I might be clever enough to avoid the pitfalls, but it shouldn't take a degree in compsci to use a device safely any more than you should need to be a mechanical engineer to drive a car.

        The haughty "it's not our fault!" POV has to die if we're ever going to fix things. If we design systems that let our users get pwned a

        • It doesn't take a comp sci to understand that you don't go on alternative app stores and start installing knockoff apps where most of the summary is in Russian.
        • by Altrag ( 195300 )

          And if they went the other way then you'd be bitching that they designed a walled garden and you're not free to do what you want with your device.

          As it stands, you have to go through 2 or 3 steps in order to open your phone up to untrusted apps -- and they warn you a time or two along the way that some software may well be malicious.

          Google does as much as they can to protect you from yourself, but at the end of the day, having the freedom to do whatever you want implies having the freedom to shoot yourself

      • by Sark666 ( 756464 )

        It's a huge problem to not be able to get timely updates, or continued support. After a year sometimes you are on your own. Now your device is outdated and you have no recourse to get to the latest version of android.

        Only if your device is supported by a rom. And roms are huge deal to make and support specific hardware.

        Imagine android was a generic rom and you got drivers from the manufacturers. As long as the driver model didn't break, you could use the original drivers on new android roms.

    • Except part of the problem is similar to the issue that enabled the gMail/OAuth hack -- the information that you need to make an informed decision is hidden or not available at all. And that issue keeps getting worse as the phone-interface gets minimized and simplified ad-nauseum.

      Further, Android wont even allow you to know who the Author|Dev of a given app is. We are allowed to know the "version" - bonus.

    • by Mordaximus ( 566304 ) on Friday May 05, 2017 @11:43AM (#54361061)

      That we can accept as a community that Android has a serious problem that needs solving, and needs to join its competition in the leper colony?

      Walled gardens aren't a solution to the problem. The piece of the puzzle that keeps the platform you alluded to less vulnerable is that OS updates are available at the same time, for every supported device. While with android (with some notable exceptions) you are at the whim of the telcos AND vendors to get updates, if you ever do. The fractured landscape is the major issue.

      • by sl3xd ( 111641 )

        I must not have been clear: I wasn't advocating for any platform, or walled gardens. I was saying that maybe we should consider Android to be something nobody should use until its security problems are addressed - just like its competition.

        • I must not have been clear: I wasn't advocating for any platform, or walled gardens. I was saying that maybe we should consider Android to be something nobody should use until its security problems are addressed - just like its competition.

          Or I misread, good point either way.

        • Maybe people shouldn't drive until car accidents stop happening.. because there are far more of those in the wild than Android infections.
      • They come with a cost, and maybe for you the cost is too high--but it's absurd to claim that this isn't a solved problem.

      • Stop thinking Walled Garden and start thinking Gated Community. And yes, that most certainly is a component of the solution. There is a reason gated communities have less crime in real life. Having that extra layer of protection does help, even if you haven't upgraded the alarm, windows, doors, and locks on your own personal house.

        Consider it a compensating control. There is no one Silver Bullet solution, including updates available everywhere at once. It would help, yes. But trying to frame this as an all-

        • by sl3xd ( 111641 )

          Stop thinking Walled Garden and start thinking Gated Community.

          Could you please expand on what you mean by "gated community" in this context, and how it differs from a "walled garden"?

          • by chill ( 34294 )

            Android has a toggle switch to allow you to install from sources other than the Play Store. You can also enable Developer Mode just by clicking an icon (repeatedly).

            Unlike Apple, where you're trapped inside unless you break out, Android provides a workable gate that can be opened and closed by the user.

            The simple answer is Google's team has by far and away more resources and experience in vetting app malware than most people. That extra layer of scrutiny is valuable.

    • by fermion ( 181285 )
      Android is the new MS Windows. Over a billion users, mostly tech illiterate, makes them an easy target. So it is hard to say how much of this is sheer number of users and how much of this incompetence. In the case of MS, there was clearly so incompetence. The ability to email a MS Office document an take down a computer is clearly negligence. I don't know how many similar issues Android has. The fact that Android phones for the most part are not updated regularly is a significant issue.
      • by sl3xd ( 111641 )

        The fact that Android phones for the most part are not updated regularly is a significant issue.

        Not only are they not updated, but they cannot be updated by the user makes many Android devices little better than the legion of IoT devices.

  • by Kohath ( 38547 )

    Walled gardens sure suck. Having to deal with millions of opportunities to be infected with malware is a small price to pay for ... native code pr0n apps.

    • Walled gardens sure suck. Having to deal with millions of opportunities to be infected with malware is a small price to pay for ... native code pr0n apps.

      Whenever i read someone saying that they rather have the power to run anything from anywhere i wonder what is it so great that you want to run and isn't on the Play Store?, 99.9% of the apps on the store are bullshit and only a few of them are really worth it, so, what is it that you get outside the Store that's so great?. This isn't a criticism on said philosophy, i really don't care what others do neither why they do it, i just find it curious, like there's something that i'm missing, most apps i downloa

      • by Altrag ( 195300 )

        Typically its for apps that are blocked for non-technical reasons. Porn as the GP said (porn is always a big driver of everything digital..) anything that remotely has the scent of piracy attached to it.. things the overlords just don't like because they don't. Etc.

        Hell I bought a Humble Android bundle at one point. You had to enable non-store apps just to install those games for some bizarre reason.. Humble couldn't get Google to give them store codes or something.. I don't know/remember the whole situa

  • by omnichad ( 1198475 ) on Friday May 05, 2017 @11:30AM (#54360967) Homepage

    They found one instance of polymorphic malware and are using it to pad their numbers and make them look like they're working harder.

  • In other news, Minecraft software running on users' devices is estimated to spawn a new instance of ZOMBIE every 10 ticks, projected to total 26 days x 24 hours x 60 minutes x 60 seconds x 200 ticks x 1 zombie /10 ticks x 1/24 average play time x 100,000,000 copies sold = 187,200,000,000,000 ZOMBIES by the end of the month.

    How can we worry about a few million malware at a time like this?

    • by Falos ( 2905315 )

      Because Android malware Android danger Android.

      X Xxx Xxxxxxxx xx Android Malware xx Xxxxxxxxxx Xxxxx xx Xxxxxx, xxx xxxxxxxxxx
      Xxxxxxxx xxxx X Xxxx xxxx xxxx x xxx xxxxx xx Android malware xx xxxxxxxxxx every 10 seconds. Xx xxxx xxxx, xxx xxxxxxx xx xxxxxxxxxx xxxx xxxxx xxxx xx 3,500,000 xxx malicious Android files xx xxx xxx xx xxx xxxx. "xxx threat level xxx xxxxx xxxx xxxxxxxxxx xxx xxxxxxx xxxx xx Android xxxxxxxxx xxxxxx xxxxxxx high. xx xxx, xxx X XXXX xxxxxxxx xxxxxxx xxxxxx xxxxxx 3.5 million xxx An

  • The threat level for users with smartphones and tablets with an Android operating system remains high.

    Sigh. Yet another advertisement for a "security" company which most likely sells some "security" related products and/or services.

    The truth is if 1) you don't have "unknown sources" enabled on your Android (it's OFF by default) 2) you update your Android software (it's updated by default) 3) your device receives regular updates, you're almost perfectly safe and you don't need to be running any AV product

  • How many instances of Android malware goes undiscovered?

  • How does this compare to Windows, iOS, and others. Are we bashing Android because we can without knowing how often Windows is attacked?. My guess is that Windows equals or exceeds this.
  • Despite all of this Android malware that is supposedly in the wild, who actually gets infected by it? Sure, I am computer systems engineer and know better than to do dumb things, but I know many people in lots of different tech and non-tech circles with Android phones and I have never even heard an anecdotal rumor of someone actually getting some kind of malware on their phone. Despite all of the malware clickbait stories, people with modern phones on major carriers that aren't trying to use pirated apks

  • Nor has anyone I know or help or am related to etc.

    Android has other problems, I think Google should simply pull a full halt on feature development for 3 months solid and have a "quarter of optomisation" period where they damn well try to speed the things up. 3 year old iphones still 'feel' snappier due to clever tricks and better code.

  • 1 malware for 10 seconds means 8640 per day, which is still much lower that Windows' malware feed which was over 50000 malware sample per day in 2010 [krebsonsecurity.com]
  • If you cannot install a virus/malware on your device, then you don't actually own it.

fortune: cpu time/usefulness ratio too high -- core dumped.

Working...