SophosLabs report explores mobile security threat trends, reveals explosive growth in Android malware

Mobile-Security-Threat-ReportWhen the first mobile malware appeared in 2004, the landscape for mobile devices was very different from today. The first iPhone, released in 2007, was still three years away; and the first Android smartphone wasn’t released for another four years, in 2008.

We know what this new generation of mobile devices has wrought—ultra-fast computing in the palm of your hand, everywhere connection, and a slew of mobile apps that enable us to do just about anything, from banking to posting on Facebook (which didn’t exist in 2004 either).

To mark the 10-year anniversary of mobile malware, we are releasing our first Mobile Security Threat Report this week at Mobile World Congress in Barcelona. This report shows that the mobile revolution is clearly in effect, and as a result, mobile malware is on the rise.

By the end of this year, smartphones will outnumber the entire human population, with smartphone subscriptions reaching more than 7 billion. And just as the cybercriminals targeted the dominant operating system of the past—Windows—now they are targeting the Android platform and its nearly one billion devices.

In the past 12 months, our researchers at SophosLabs have seen an alarming acceleration in the development of mobile malware. In that time, Android malware has increased by nearly 600% to a total of more than 650,000 individual pieces of malware (as shown in figure 1 below). Although this is a tiny fraction of the number of pieces of malware out there for the traditional Windows PC, Android malware is indeed the fastest growing threat to users.

android-malware-samples-chart

The report also shows that in some countries—Russia, Austria and Sweden—the percentage of mobile devices that have been attacked by malware in the past three months (called the threat exposure rate, or TER) has outstripped the percentage of PCs that were attacked during the same period. Spain, Great Britain, India, Austria, and China all have a mobile TER fast approaching the desktop TER (see figure 2 below).

mobile-desktop-TER-chart

The most insidious of these mobile malware are designed to go after our bank accounts. Earlier this year, SophosLabs detected Windows malware that infects Android devices via a USB connection, and downloads a Trojan to the device that can intercept SMS text messages to steal two-factor authentication codes. If the cybercriminals can get their hands on these codes, they can access your email or mobile banking accounts despite the extra layer of security two-factor authentication is supposed to provide. As we show in our report, there are many ways a hacker can profit by compromising our devices.

Along with the growth of malware for Android, we have also seen a sharp rise in applications that, while not malware strictly speaking, pose a threat to user security and privacy, and the usability of devices. The potentially unwanted apps, or PUAs, include apps that link to aggressive advertising networks, can track devices and locations, and may even capture contact data.

Some PUAs are little more than scams designed to trick users into paying for services they don’t need. For example, SophosLabs recently spotted apps mimicking the popular (and now defunct) Flappy Bird game in third-party Android app stores. Some malicious versions of the Flappy Bird game will send SMS text messages to premium rate phone numbers, charged to your bill.

As we look ahead to the next 10 years, it is hard to predict what kind of new devices we will be carrying—or wearing on our wrists and faces. Nevertheless, our Mobile Security Threat Report sets out to analyze the trends we see emerging, and offers best practices to keep your devices and the valuable data on them secure from the criminals who increasingly target them.

The future may be murky, but one thing is certain: the mobile threat is not going away. So download a copy of the report at sophos.com/mobilethreatreport. And rest assured that we at Sophos are doing our jobs every day, monitoring these threats, and keeping an eye on what’s coming next.