Tide of mobile malware rising and diversifying
Sophos security reports more than 300 mobile malware 'families' with Boxer-D the most prevalent
Massive expansion in the smart device market has spurred the development of mobile phone malware, especially when it comes to Android-based gadgets.
The news is from Sophos' mobile security threat report released at Mobile World Congress in Barcelona this week.
According to SophosLabs principal researcher Vanja Svajcer, in the past 12 months the amount of Android malware seen by SophosLabs has increased sixfold to well over 650,000 individual pieces of malware.
"It's a tiny fraction of the number of pieces of malware out there for the traditional PC, but the fastest-growing threat landscape," Svajcer wrote.
"In some countries – Russia, Austria and Sweden – mobile malware has overtaken desktop malware, while in others – Spain and Great Britain – the playing field is levelling out."
The first mobile malware was seen 10 years ago, he noted, but it is only in the past few years that it has become a serious threat to end users, with the number of incidences exploding from about May 2013.
"The rapid growth in smartphone and tablet use over the past two years has led to the inevitable rise of cybercriminals targeting these devices.
"The exponential growth in Android devices – and the buoyant and largely unregulated Android app market – produced a sharp rise in malware targeting that platform," he said.
Malware usually finds its way on to phones piggybacking on an app that is downloaded by the user. Apple has a "walled garden" in the form of its app store, which deters mobile malware writers, unlike Google Android which also has 79 per cent of the mobile market.
The most widespread Android malware families found so far by Sophos are Boxer-D (25 per cent of malware found), Opfake-C (eight per cent), and FakeIns-B (eight per cent).
"Since we first detected Android malware in August 2010, we have recorded well over 300 malware families," Svajcer wrote.
"The Android malware ecosystem is in many ways following the paths first established years ago by Windows malware."
And the malware writers targeting Android are becoming better at countering detection, he said.
"Ginmaster is a case in point. First discovered in China in August 2011, this Trojanised program is injected into many legitimate apps that are also distributed through third-party markets," he said.
"In 2012, Ginmaster began resisting detection by obfuscating class names, encrypting URLs and C&C instructions, and moving toward the polymorphism techniques that have become commonplace in Windows malware."