Mobile malware triples in just three months

Data from Kaspersky Lab’s IT threat evolution Q2 2015 report highlights how cyber criminals are increasingly targeting mobile devices. The report found that there were 291,800 new pieces of mobile malware in the second quarter of 2015, 2.8 times more than in Q1. It also discovered that there were one million more mobile malware installation packages in Q2, a sevenfold increase on Q1.

Kaspersky’s report also found an increased appetite for targeting banking apps. The updated trojan-SMS.AndroidOS.OpFake.cc – designed to steal login credentials – is now capable of attacking up to 114 banking apps, up from just 29 in Q1.

It’s no surprise that cyber criminals are targeting mobile devices, with users now spending more time on mobile devices than on desktops (Smart Insights: Mobile Marketing Statics 2015).

What I found particularly interesting is the distribution of mobile malware by type – in other words, the method by which it’s deployed:

Mobile Malware

Source: Kaspersky Lab’s IT threat evolution Q2 2015

The majority of malware was delivered by RiskTool (44.6 %), which Kaspersky describes as “legitimate applications that are potentially dangerous for users – if used carelessly or manipulated by a cybercriminal, they could lead to financial losses.”

This raises huge questions about how we use our mobile devices. For example, when downloading a new app, how many of us bother to look at the permissions that the app is requesting? Or what data this app can access?

2584

Mobile technology develops at a breakneck speed, with phone manufacturers producing new handsets every year and developers rapidly developing apps to meet the needs of an all-consuming public. The concern is that questions about security and how we use our mobile devices are taking a back seat in the name of progress.

This also has implications for how individuals use their devices in the workplace. Use of bring your own device (BYOD) means increased cyber risks and potential data leaks for the organisation. Mobile security needs to be taken as seriously as any other cyber security.

Find out more about mobile security in Mobile Security – A Pocket Guide.