New Malware Threats Emerge on Mobile Platforms, Studies Find

From ransomware to adware, mobile devices are seeing more attacks, even though far fewer users are affected than on typical personal computer platforms.

Mobile Malware Threats 2

Security researchers have long predicted that malware will arrive on mobile platforms, threatening the owner's sensitive information and using the devices to carry out a variety of scams, from stealing bank funds to racking up premium texting charges.

In some regions, where third-party application stores are numerous and not well secured, malware rates have soared. In North America, however, where applications are usually downloaded from Google's Play store or Apple's App Store, the security checks conducted by those companies have kept mobile devices mainly free of malware.

In 2014, for example, only about 0.15 percent of devices that only installed applications from Google Play had a potentially harmful app installed, according to Google.

Yet, that may start to change in 2016, according to researchers. One technique, known as overlays, may allow criminals to steal information in real time and foil the use of smartphones as a second security key used to augment Website login security ranging from Gmail to bank accounts, Limor Kessem, security researcher for IBM's X-Force research group, told eWEEK. Such techniques may result in much higher infection rates on mobile devices, she said.

"Mobile malware is finally doing what everyone thought it was going to do," Kessem said.

IBM is not alone in its predictions.

Security firm Webroot found that 52 percent of the 20 million apps that it scanned from app stores worldwide were either potentially unwanted or outright malicious. "When we look at those environments, the stores have a lot of malicious mobile apps—in some cases, upwards of 30 percent," Grayson Milbourne, Webroot's security intelligence director, told eWEEK.

And 70 percent of enterprises believe that the company had lost data because of an insecure mobile device, according to a survey conducted by the Ponemon Institute for mobile-security firm Lookout. Fifty-four percent of companies believed that malware had infected a corporate mobile device in the past two years, the survey reported.

From several recently released reports, a fresh picture emerges of the current mobile malware threat.

The relative danger of mobile malware infection, for the most part, continues to be overstated. PCs continue to account for the majority of malicious traffic seen on residential networks, according to data from Nokia's Application and Analytics group, which released a report on March 1 that summarizes the threats the company saw on both mobile and residential networks in 2015.

About 11 percent of computer systems were infected with malware or potentially unwanted software, such as adware, in the second half of 2015, down from 14 percent in the first half, the company found. Smartphones, meanwhile, only had a 0.3 percent infection rate, the company found, which is in line with Google's data.

However, the rate of PC infections is falling, while the rate of smartphone infections has begun to climb, according to Nokia. Smartphones now account for the majority of malicious traffic seen on mobile networks, according to Nokia's Applications and Analytics group.

In the past, a great deal of malware seen on mobile networks could be tracked back to Windows PCs or laptops tethered to mobile phones, but in 2015 that changed with smartphones accounting for about 60 percent of malicious traffic.

Robert Lemos

Robert Lemos

Robert Lemos is an award-winning freelance journalist who has covered information security, cybercrime and technology's impact on society for almost two decades. A former research engineer, he's...