Skip to main content

Which Android OS is subject to greatest security threat?

Yesterday brought us yet more reports of a surge in malware targeting the Android operating system, and a closer look to see what versions are most under threat suggests Gingerbread users should be wary.

According to research recently published by Kaspersky Lab, over half of malware detected on the platform during the third quarter of 2012 struck the Gingerbread iteration, which began with version 2.3. The greatest segment of the malware distribution was specifically found on Android 2.3.6, which accounted for 28 per cent of all blocked attempts to install malware.

The second most targeted version was 4.0.4 - an update of the rapidly proliferating Ice Cream Sandwich OS. This accounted for 22 per cent of the attacks discovered over the quarter, with ICS as a whole attracting 38 per cent of the malware detected by Kaspersky.

Having been succeeded by ICS and the recent Jelly Bean, Gingerbread is no longer the Android OS attracting the most discussion, but this is not what concerns cybercriminals explains Yuri Namestnikov, Senior Mobile Analyst at Kapersky. “Although Gingerbread was released back in September 2011, due to the segmentation of the Android device market it still remains one of the most popular versions, which, in turn, attracts increased interest from cybercriminals,” he said.

The evidence supports analysis from experts at Team Cymru who told ITProPortal that market share is the key driver behind attacks on operating systems. More important than the security infrastructure of the software itself is the number of people using it, as hackers simply want the largest user base possible to be on the receiving end of their attacks.

In Kaspersky’s study, more than half of the smartphone malware detected took the form of SMS Trojans, with malicious programs stealing money from victims’ mobile accounts by sending text messages from premium rate numbers.

The research also reported the widespread use of OpFake malware which poses as the OperaMini browser, followed by Trojans belonging to the Plangton and FakeInst family. These threats pretend to be installers for popular programs and are mostly distributed via alternative app stores created by cybercriminals.