Android Becomes The Main Target Of Cyber Criminals

A recent statistical analysis by Sophos, which compares the proportion of malware in potentially unwanted applications (PUAs) on Windows, Mac and Android, shows a trend that has been realized for a long time: cybercriminals have as one of the main objectives to Android devices, and use PUAs to go unnoticed by security sensors and penetrate Android and Mac devices.

It is true that Windows is still the most attacked operating system of all operating systems, but the new goal of cybercriminals is clearly Android.

“Although open systems are more susceptible to being vulnerable to malware, cybercriminals will use PUAs instead of malware to access systems that have their own app stores, such as Mac or Android. Cybercriminals see PUAs as a way to easily avoid security systems and achieve the same ultimate goal they have with other malicious programs: make money, ”explains Alberto Ruiz Rodas, Sales Engineer at Sophos Iberia.

If you analyze the gross volume of the samples analyzed by SophosLabs in 2016, you can see that:

• Of all the cyber attacks on Windows, 6% were PUAs while 95% were direct malware.
• Of all cyber attacks on Android, 75% is pure malware and 25% were PUAs.
• Of all cyber attacks on Macs, 6% was pure malware and 94% were PUAs.

While malware is designed to harm, PUAs fall more into the category of disturbances, that is, they are insufferable applications that run ads and pop-ups until finally the user uninstalls them.

The results of the analysis to Malware that attacks Android

In malware forecasts published by SophosLabs in February this year, researchers analyzed the specific malware designed for Android devices. SophosLabs analysis systems processed more than 8.5 million suspicious Android applications in 2016. More than half of these were malware or PUAs, which included bad adware behavior, that is, the software that automatically displays the user advertisement.

When the laboratory reviewed the Top 10 types of malware that attack Android, it detected that Andr / PornClk is the one that predominates in the attacks, representing more than 20% of the cases reviewed in 2016. Andr/ CNSMS, a sender of SMS of Chinese origin , was the second largest draft, with 13% of cases; followed by Andr / DroidRT, a rootkit (set of tools frequently used by cybercriminals who gain illegal access to a computer system) for Android (10%); and Andr / SmsSend (8%).