2015 MOBILE THREAT REPORT

In 2014, mobile devices and the concept of “staying connected” permeated our personal and professional lives at nearly every level.. The proliferation of these mobile devices can be seen from consumers, professionals, white collar, blue collar, no-collar, teenagers and even adolescents. They’re everywhere, and they’re all accessing data, downloading apps, playing games, getting directions, banking, working, selling and buying, chatting with friends or even committing crimes. The advent of the mobile device and the connectivity it offers has changed each and every one of our lives, in some way, and has shifted the course of our future.

As long as there is progress and these devices continue to allow for more efficiency and productivity than ever, they will also remain prime targets for accessing sensitive information on individual’s lives, jobs and secrets. While mobile device manufacturers and application developers have been breaking new grounds with products, malware developers have been as well. Malware developers see the opportunity to ride the mobility of these devices, the data they access and the information they store, to gain access to not only our personal, but professional lives as well. Almost as soon as the first generation of mobile devices began accessing data, malware developers began developing and testing the tools and capabilities to look into those devices and steal the information that resides on them. That research and those tools have quickly evolved into legitimate threats to consumers and enterprises alike.

What began as mere proof of concept and research in the early days of iOS and Android, quickly evolved into startling increases in mobile malware development. In 2011, we saw a move from proof-of-concept to profitability and smarter malware. Early mobile malware development, for Android specifically, showed developers testing capabilities by attempting to develop outright spyware applications to allow a third parties to monitor the data, communications, location and even conversations of a smartphone user. Developers tested limits by creating highly complex malware that rivaled the abilities of PC malware with full command and control (C&C) functionality. While primitive in its beginning, several progressions in development showed developers getting smarter at masking their C&C communication with encryption and obfuscation in both transit and in their coding efforts. Step-by-step, malware developers got better at creating complex, feature rich Android malware.

“The mobile industry saw a maturing of mobile malware markets with the rapid expansion of threats that profit attackers, while mobile security research also grows exponentially.”

In the waning months of 2011, development and testing the limits of complex capabilities ceased, for a time, and the focus shifted to financial gain. Short message service (SMS) Trojans, that leveraged premium services, became more prevalent in Asian and Russian Markets. In fact, malware families such as Fake Installer and Opfake quickly became the leading actors in mobile malware, dwarfing early malware families in both count and reach. The simple purpose was to trick users into downloading seemingly legitimate applications that would then send SMS messages to premium services for a nominal, nonrefundable fee. In 2012 and 2013 the mobile industry saw a maturing of mobile malware markets with the rapid expansion of threats that profit attackers, while mobile security research also grows exponentially. During that time, the prevalence of Fake Installer and Opfake applications appeared in the form of one in twenty applications from third party app stores being infected with malware. Nearly all of those infected applications contained some type of SMS Trojan capability, with the sole purpose of siphoning off small premium service charges.

2014 saw Android malware development continuing to increase. While 2012 saw only 238 specific threat families, 2013 showed a 238 percent increase in threats to 804 known families of Android malware.1 2014 saw additional increases in threat families from 804 to 1,268 known malware families affecting Android platforms. The growth of mobile malware continues to remain staunchly entrenched in Android as 97percent of all mobile malware was developed for the Android platform with 931,620 unique samples of Android malware identified. 2014 also saw more mobile malware development in a single year than any year. With nearly a million unique malware samples identified, it is no wonder that the mobile security industry reports2 seeing year-over-year increases in actual detection rates encountered by Android users. 2015 is certainly going to be a year when mobile device users begin to take device security seriously, because the attackers already have been.
via https://www.pulsesecure.net/