Last year saw the discovery of nearly one million malicious mobile apps – a rise of over 390% from 2013, although the majority were distributed in the Middle East and Asia, according to Pulse Secure.
The enterprise access and mobile security firm’s 2015 Mobile Threat Report once again pegged Android as the worst offender, contributing 97% of all newly found malware last year.
The variety of Android malware also appears to be growing, with 1268 families of malicious software found in 2014, an increase of 464 from the previous year.
Making money seems to be the primary motive for most mobile malware authors, with each one of the top 10 malware threats identified in 2014 featuring some kind of means to extort the victim – whether via SMS premium services or ad networks, according to the report.
On the one hand there was good news for mobile users in that the majority of global malware can be seen to emanate from third party app stores in the Middle East and Asia. Sticking to the official Google Play is therefore a simple and effective way to stay safe for Android users.
However, there was still cause for concern for enterprise IT leaders trying to manage BYOD risk, according to Pulse Secure.
It claimed that in corporations where IT has tried to embrace BYOD by implementing MDM suites they’ve been met with resistance from employees not keen to see their personal devices effectively fall under the control of the IT department.
“There is an increased focus from mobile malware developers who are actively attempting to exploit mobile devices as the weak link in enterprise security, and there is an absolute requirement for enterprises to implement similar controls for mobility as they do on the enterprise networks. With the increasing BYOD push coming from employees, the enterprise’s employees become the new perimeter,” Pulse Secure EMEA partner director John Mitchell told Infosecurity.
“Android-developed malware continues to bring increased risk and threats to the enterprise and the advice from Pulse Secure is enterprises should move away from trying to manage and secure an entire mobile device via MDM to one of employing workspaces to secure only portions of the device that access and store corporate data.”