F-Secure Labs announced that it discovered 259 new mobile threat families and variants of existing families in the third quarter of 2013, according to the new Mobile Threat Report for July-September 2013. Two hundred fifty two of these were Android threats and the remaining seven were Symbian. The number is an increase from the 205 threat families and variants found in the second quarter.
In another step in the march toward Android malware commoditization, reports surfaced in July of a new toolkit, Androrat APK binder, which simplifies the process of inserting malicious code into legitimate Android apps. And in a sign that complexity of Android malware is increasing, one in five mobile threats are now bots, says the report. Thanks to security measures in place in the Google Play store, fewer malware threats are appearing there. Instead the growing concern in Google Play is with apps that infringe on privacy by over collection of data.
“People understand there’s something questionable about giving their information to big data, yet they give a lot of the same information to questionable apps all the time,” said Sean Sullivan, Security Advisor at F-Secure Labs. “At least with companies like Google, there is some accountability and some established privacy practices. For example if you delete your Gmail account, they will delete your data. But with these little apps, you have no idea what they’re doing with your data. And you know what they’re doing? They’re selling it to marketing networks.”
The Mobile full Threat Report July-September 2013 is available here, and includes more details on mobile banking Trojans, the Masterkey vulnerability, and the F-Secure Labs’ recommendations for mobile threat protections.