Believe it or not, but it has been 10 years since the first mobile malware was created! On the infographic below, you can see a brief overview of the most important malware events in the past 10 years, with a short description of each of them.

When I read the headline "The World’s First Mobile Malware Celebrates its 10th Birthday" on Fortinet's whitepaper, my first thought was - how is it possible that mobile malware is already celebrating 10 years of existence, when the first iPhone was released in 2007. and the first Android based phone in 2008? (it was HTC Dream, just for the record)

But when I saw info-graphic above, I realized that I have already forgotten about Symbian and that first mobile malware ever released was actually for that operating system (at that time probably the most popular mobile OS), like it was few decades ago.

Off the topic - this is just to emphasize how dynamic changes in technology world are - once leading Symbian almost vanished from the market and HTC is not even nearly popular as it used to be. And don't forget about Blackberry troubles too!

Threats gone mobile

According to the Q4 report from McAfee, there have been more than 2.47 million new mobile malware samples in 2013, with 744.000 of new samples in Q4 only, which represents a growth of 197% in comparison to 2012, meaning that mobile malware has almost tripled in 1 year!

Most of that malware is delivered by visiting a malicious web site or downloading rogue applications. And if you remember the slides from my last presentation - there is currently more than 1 MILLION applications available on Google Play with more than 50 BILLION application downloads.

As you can see on the diagram above (taken from the F-Secure Mobile Threat Report Q3 2013), Android is the most targeted OS (which is not any news, as Android is holding more than 70% of the market share) and imagine what a gold jar for attackers Google play can be!

The most targeted OS, Android, is responsible for almost 99% of all mobile malware, as published by both Cisco and Kaspersky Labs.

So, what can attacker do in case that he gets access to your mobile device?

Sophos labs published a great graphic in their last report, called "Anatomy of Hacked Device", which is showing brief details of what attacker can do with your phone. Let's emphasize some of them:

Sending premium rate SMS messages or making expensive calls , probably charging your account with few hundreds of dollars

, probably charging your account with few hundreds of dollars Stealing mobile TAN numbers , which enables the attacker to gain control over your bank account and transactions

, which enables the attacker to gain control over your bank account and transactions Stealing personal data - account, phone number, contact list, call logs, etc.

- account, phone number, contact list, call logs, etc. Performing surveillance - audio, video (camera), location, sms, calls and more

- audio, video (camera), location, sms, calls and more Propagating to your contacts - post to social media, apps, send phishing emails...

Pretty serious list we have there. If we take a closer look at already mentioned McAfee report, this is what happens in most of the cases:

The biggest percentage of attacks/malware/trojans are stealing your personal data/handset info, followed closely by spyware and not to forget the premium SMS and Botnet activities, which are on the rise.

Top Threat of 2013: Mobile Banking Trojan

There has been a HUGE growth of mobile banking Trojans. Kaspersky Labs discovered that at the beginning of the year, the number of known Trojans was only 67 but by the end of the year that number grew to amazing 1.321 unique samples!

This is of course logical, as most of the attackers are motivated by money. And when you add the fact that 72% of tablet owners are purchasing from their tablet at least once per week, this growth of the banking Trojans seems even more logical.

Where the threats are hiding?





Web Ads

Blue Coat 2014 Mobile Malware report shows that there has been a big rise of the threats lying in the mobile web ads and once in every five times a user is directed to mobile malware, it is through web ads.

Pornography pages

The second big issue on mobile device is pornography. It has an almost constant rate of malware infections during past years and there is a big chance that you will get infected in case you are browsing pornography pages via mobile device.

Applications

Android applications are particularly problematic, as almost every 6th application is malicious and about 1/3 of them are suspicious or unwanted. iOS users can have a sigh of relief, as the situation is much better for them and only 1% of applications require moderate attention, with no suspicious/malicious apps, as seen in the Webroot report.

These are the types of the Android applications that contain most of the discovered malware samples:

Arcade and Action Games: 7,211 infections

Communication: 4,428 infections

Entertainment: 3,397 infections

Health and Fitness: 2,752 infections

Music and Audio: 669 infections

News, Magazines, and Comics: 33 total infections

Shopping: 24 infections

Sports: 15 infections

Furthermore, don't forget a very important fact - 82% of the apps track you and they know:

when you use Wi-fi and data networks

when you turn on your device

your current and last location

Mobile threats are growing. Period. And mobile threats are becoming more sophisticated, evolving. There will be only more variants and more vulnerabilities:





How to protect yourself?

IDG Global Mobility Study says that more than 70% of employees access the corporate network using a personally owned smartphone or tablet with about 80% of them accessing their email on mobile device.

A devastating fact is that about 57% of mobile device users are not aware that mobile security solutions even exist! Moreover, nearly 1/2 of the mobile device users do not use the basic precautions such as passwords.

So, what can you do to make it better?

Use a password or PIN on your mobile device. You probably think: "Yeah, but my mobile device is always near me, I don't need that stuff". Let me give you one more statistical data: "27% of ADULTS have lost their mobile device or had it stolen" - that is about 1/3 of adult mobile device owners. So consider even setting-up an Anti-Theft solution.

Use a Mobile Security solution, it can be easily downloaded or installed from the store. If you are using business critical applications or you are having important data on your mobile device, consider buying advanced protection.

Be careful with downloading applications and download apps only from legitimate stores. Always check what kind of data is application asking you to share and if it seems suspicious - do not install it.

Keep your operating system and apps up to date. This sounds simple, but many of users forget to update their devices on time.

Do not log-in or run high-risk apps while on public (unsecured) WiFi network. This can be highly dangerous, especially if you are performing any kind of payment or similar activity. I would advise that you wait until you have secure connection or use VPN!

Block web ads or avoid clicking on them. If it seems interesting, do the same search in search engine and you'll probably get a similar result.

Do not root the device. Of course you know that you will lose warranty if you do so, but it can also open other security holes, which you don't want to see open.

Back-up your data. It's not so hard and it's quite fast.

Educate yourself and/or your employees. Your behavior is very important. Don't be too curious, don't connect with unknown people, don't click on suspicious links. If you get an email from colleague or boss asking you to open some archive, link or enter credentials - call them and check if they really sent that. Always double check if you are suspicious - it is much cheaper than repairing potential damage!

And last, avoid browsing pornography web pages from mobile device. Especially pay attention if your kid is always going to toilette with tablet or phone, it can be suspicious :)

If you are interested in some facts about how mobile changed our life, checkout my last presentation "Generation Mobile" on Slide Share:

Thank you for reading and stay mobile-safe!

Be sure to connect on Twitter @appnetsecurity to get the latest updates or join the Security Breaches group on LinkedIn.