Following a spike in activity earlier this year, the online seeding of malicious mobile programs subsided in the third quarter, while ransomware took off, according to Kaspersky Lab's latest malware report, “IT Threat Evolution Q3 2016.”
While ransomware accounted for less than 1 percent of attacks, the number of Kaspersky users attacked by such malware had increased by 2.6 times compared to the previous quarter, Roman Unuchek, senior malware analyst for Kaspersky Lab, told eWEEK in an email exchange.
"Ransomware certainly has shown to be one of the more dangerous threats, and its consistent growth every quarter is a story that should not be ignored," he said. "Also, the transition in geographies that attackers are going after with ransomware shows that they're not just sticking to one area but really targeting victims all over."
The company logged nearly 172 million online attacks in the third quarter, of which 33 percent were web-based malware, such as URLs and malicious scripts, and 67 percent were file-based malware.
The number of mobile malware packages seeded online dropped significantly, to 1.5 million in the third quarter from 3.6 million the previous quarter. Malicious installation packages, which anti-virus companies such as Kaspersky Lab scan for online, had climbed quickly in the first two quarters of this year, jumping from only 186,000 packages in fourth quarter of 2015.
"There was a significant growth in Q2," he said. "It was mainly because of lots of new [potentially unwanted programs]. Also, there was a growth in adware."
Mobile malware has slowly taken hold in the world of cyber-crime, but for the most part, poses only a slight threat to users of the main mobile app stores such as Apple's App Store and Google's Play store. Security firms, such as Kaspersky Lab and others, typically scan third-party stores for mobile malware packages. Third-party download sites have significantly more malware than Apple's and Google's stores.
Almost 68 percent of all programs classified as mobile malware were legitimate programs that had potentially dangerous functionality—generically referred to as RiskTools by Kaspersky—or adware programs. More than three-quarters of the remaining malicious programs did not fall into a particular family, but were detected by the company's generic cloud detection system.
Banking trojans affected about 15 percent of attacked users, with nearly 8 times more users affected in September compared to June.
In addition, more mobile malware focused on rooting smartphones and gaining system-level access to the devices, Unuchek said. Ransomware and banking trojans both had started adopting rooting functionality, he said.
"However, the most popular kind of rooting malware are advertising Trojans," he said. "They use rooting rights to silently install other apps and launch them and for showing aggressive advertising. Sometimes it becomes impossible for a person to use an infected device because of number of newly installed apps and lots of ads."
Most mobile threats affected China, Southeast Asia, Russia, some countries in Africa and Venezuela. Those regions tend to make far more use of third-party app stores, which have more lax controls over malware.