According to the latest malware report published by NQ Mobile, mobile malware increased by 163% in 2012 – but infections rose by 200% to an estimated 32.8%. There is no direct correlation to these figures, but clearly users’ security practices are not improving – indeed, the need for a change in user behavior is one of the conclusions of the report.
“While consumers who have lost a smartphone or had one stolen in the past are significantly more likely to be taking basic protective measures with their current device,” notes the report, “nearly one-third have still not learned their lesson.” Specifically in the US, 48% of users do not require a passcode or other authentication method to access their device.
NQ Mobile estimates that 32.8 million Android devices were infected in 2012 – up from 10.8 million in 2011. Just over a quarter of these are in China (25.5%), 19.4% in India, 17.9% in Russia, 9.8% in the US, and 9.6% in Saudi Arabia. Within individual countries, 26.4% of Chinese handsets, 20.9% of Russian handsets, 18.8% of Indian, 9.6% US, and 8.2% of handsets in Thailand are infected. NQ estimates that more than 10 million handsets have been infected this year already.
95% of malware discovered in 2012, unsurprisingly, attacks the open Android system. The primary attack vectors are app repackaging (malicious code concealed in an apparently legitimate app); malicious URLs; and smishing (SMS phishing). 65,227 new threats were discovered in 2012, up from 24,794 in 2011. 25,140 new threats were discovered in the first three months of 2013.
NQ Mobile also points to the increasing professionalization of mobile criminality. Traditionally, the primary method of monetizing mobile malware has been through premium rate fraud. Now, however, there is increasing collaboration between mobile hackers and cybercriminals: mobile hackers are using malware to capture consumers' private information and then selling this information to cybercriminals who are in turn using social engineering tactics to gain access to the consumers' finances. “Additionally,” says the report, “cybercriminals continued to expand beyond China and Eastern Europe, focusing their efforts on consumers in the United States, Saudi Arabia and other markets.”
Clearly, the malware threat to the mobile market is increasing, and something needs to change. “The security industry's 'discover-first-and-inoculate-second' strategy is no longer enough,” said Omar Khan , co-CEO at NQ Mobile. "We need smarter systems that can discover threats before they infect consumers as well as more education so consumers can better spot and avoid these new mobile scams.”