Sophisticated Mobile Malware Compromises 16Mn Devices

About 16 million mobile devices are infected by malicious software that is secretly spying on users, stealing confidential information and pilfering data plans.

That’s the word from Alcatel-Lucent’s Motive Security Labs, which in a study found that malware infections in mobile devices rose a full 25% in 2014, compared to a 20% increase in 2013. In fact, the uptick is so spectacular that Android devices have now caught up with Windows laptops, which had been the primary workhorse of cybercrime, with infection rates between Android and Windows devices split an even 50/50 in 2014.

“With one billion Android devices shipped in 2014, the platform is a favorite target of cybercriminals who can have lots of infection success without a lot of work,” said Kevin McNamee, director of Motive, in a blog. “Android is more exposed than rivals because of its open platform and by allowing users to download apps from third-party stores where apps are not always well-vetted.”

The mobile infection rate in 2014 was 0.68%. Fewer than 1% of infections come from iPhone and Blackberry smartphones.

Malware growth continues to be aided by the fact that a vast majority of mobile device owners do not take proper device security precautions. But here, service providers can be the hero. The survey found that 65% of subscribers instead expect their service provider to protect both their mobile and home devices. Fifty-five percent indicated they would be willing to pay for such a service. And of course, service providers have a vested interest in ensuring malware doesn’t invade their network or sour the subscriber service experience.

“With malware attacks on devices steadily rising with consumer ultra-broadband usage, the impact on customer experience becomes a primary concern for service providers,” said Patrick Tan, GM of network intelligence at Alcatel-Lucent, in a statement. “As a result, we’re seeing more operators take a proactive approach to this problem, by providing services that alert subscribers to malware on their devices along with self-help instructions for removing it.”

Motive also said that mobile malware is increasing in sophistication with more robust command and control protocols. For instance, mobile spyware is on the rise. It tracks the phone’s location, monitors ingoing and outgoing calls, text messages and email, and tracks web browsing. Additionally, the first distributed denial of service (DDoS) attacks launched from mobile phones took place last year, suggesting how so-called ‘hactivism’ movements against the mobile infrastructure might be launched in the future.

“The rise of mobile malware threats isn’t unexpected. But as Google Wallet, Apple Pay and others rush to bring us mobile payment systems, security has to be a top focus,” McNamee noted. “And malware concerns become even more acute in the workplace, where more than 90% of workers admit to using their personal smartphones for work purposes.”

When it comes to residential networks, Motive’s malware report also concluded that infection rates also rose significantly in 2014, with malware found in 13.6% of residences. That’s an increase of 5% over the previous year.

The report found that the rise is mostly attributable to an increase in infections by moderate threat level adware. High-level threats such as bots, rootkits, and banking trojans remain steady at around 5%.

The Motive report also noted that 2014 saw an increase in DDoS attacks using network infrastructure components such as home routers, DSL modems, cable modems, mobile Wi-Fi hotspots, DNS servers and NTP servers. And, it looked at the digital commerce channel and found that consumers who avoid shopping online out of fear that their credit or debit card information may be stolen are actually exposing themselves to greater risk.

Motive pointed out that the rash of retail cybersecurity breaches in 2014 were all the result of malware infections on cash registers or point-of-sale terminals, not online stores, largely because stolen cards from online retailers are not as valuable to criminals because they can only be used for online purchases.

Mobility however is the next big threat bubble to keep an eye on.

“By the end of 2015, the number of smartphone users worldwide will surpass 2 billion, representing more than a quarter of the global population,” McNamee said. “There’s no reason to believe malware threats won’t be even more intrusive this year and the foreseeable future.”

What’s Hot on Infosecurity Magazine?