Mobile Malware and Phishing Surge in 2022

Written by

The volume of mobile malware, phishing sites dedicated to mobiles and mobile vulnerabilities increased significantly in 2022, according to a new report from Zimperium.

The mobile security vendor compiled its Global Mobile Threat Report 2023 from in-house zLabs research alongside third-party industry data and partner insights.

It claimed the percentage of phishing sites targeting mobile devices increased from 75% to 80% year-on-year in 2022. The average user is between six and 10 times more likely to fall for an SMS phishing attack than an email-based one, the report added.

Zimperium detected an average of four malicious or phishing links clicked for every device protected with its anti-phishing technology.

Read more on mobile threats: Conversational Attacks Fastest Growing Mobile Threat

Phishing is not the only threat facing BYOD and corporate devices. Zimperium detected a 51% increase in mobile malware variants between 2021 and 2022, reaching 920,000 unique samples. It claimed to have protected customers from 2000 previously unseen malware variants each week last year.

From 2021 to 2022, the share of Android devices with malware detected rose from one in 50 to one in 20, the report claimed.

As part of this haul, Zimperium detected over 3000 unique spyware samples. EMEA (35%) and North America (25%) had the highest percentage of devices impacted by spyware last year.

Mobile vulnerabilities are also surging. There was a 138% increase in detected bugs on the Android ecosystem in 2022, while Apple’s iOS accounted for 80% of zero-days actively exploited in the wild last year, the report noted.

Zimperium said that 43% of devices detected as compromised were not jailbroken or rooted – that is they were fully exploited by threat actors. This figure is a 187% year-on-year increase.

Zimperium detected over 3000 unique spyware samples. EMEA and North America have the highest percentage of devices being impacted by spyware, with EMEA at 35% and North America at 25%.

All of this matters, because at least 60% of endpoints accessing enterprise assets are believed to be mobile devices, according to Zimperium.

“It is clear that mobile threats are becoming more frequent and dangerous, as bad actors increasingly target smartphones as high-value targets,” said Phil Hochmuth, IDC program VP for enterprise mobility. “This should be a wake-up call for enterprises to increase focus and investment in mobile security tools and practices.”

What’s hot on Infosecurity Magazine?