Estimated 15 million mobile devices infected with malware, led by Android smartphones
Security threats to mobile and residential devices jumped sharply during the first half of 2014, putting device owners at increased risk of being spied on, having personal information stolen, or experiencing ‘bill shock’ as result of pirated data usage.
Figures for the first half of 2014 from Alcatel-Lucent’s Kindsight Security Labs has revealed that malicious software used by hackers to gain access to devices has continued to rise with consumer use of fast broadband.
The report found that mobile malware infections increased 17% during the first six months of 2014, growing at nearly double the rate seen for the entirety of 2013. Similarly, residential infections in fixed networks jumped to 18% at the end of June, after being 9% in December 2013.
The mobile infection rate was 0.65% during the first half of 2014, compared to 0.55% at the end of 2013. Based on this, Kindsight Security Labs estimates that 15 million mobile devices are infected with malware, up from 11.3 million at the end of 2013.
Android devices accounted for 60% of total mobile network infections. Altogether, 40% of mobile malware originated from Windows laptops connected to a phone or connected directly through a mobile USB stick or MiFi hub. Infections on iPhone devices and BlackBerry devices made up less than 1%.
‘Android smartphones are the easiest malware target, but Windows laptops are still the favourite of hard core professional cybercriminals,’ said Kevin McNamee, security architect and director of Alcatel-Lucent’s Kindsight Security Labs. ‘The quality and sophistication of most Android malware is still behind the more mature Windows PC varieties. Android malware makes no serious effort to conceal itself and relies on unsuspecting people to install an infected app.’
Mobile network infections frequently took the form of trojanised applications which look fine on the surface but contain hidden malware that when downloaded by Android owners from third party app stores, Google Play Store or by phishing scams can steal personal information on one’s phone or send SMS messages and browse the web.
The rise in 2014 residential infection rates is primarily attributed to moderate threat level adware, which primarily poses an annoyance for device owners such as unwanted ads or sub par device performance. However, high level malware threats that can do serious damage by stealing personal information, passwords and credit card information also experienced a modest gain. Altogether, 7% of broadband residential customers were infected with high level threats, up from 5% at the end of 2013.
The Kindsight Security Labs report also includes the top 20 home and Internet malware threats in the first six months of 2014, as well as analysis of malware developments, including ZeroAccess, iBryte, Carberp, Uapush, Coogos, NotCompatible, SMS Tracker and others. High level malware threats comprised 85% of the threats found on the Top 20 Android List, where four instances are mobile spyware used by an attacker to remotely track and monitor a device owner’s location, communications and browser history. Five of the seven new malware entries in the Residential Top 20 List are adware which can redirect a victim’s browser to undesirable web sites and create unwanted pop-up ads.
‘The best defence against infection is network-based malware detection,’ added McNamee. ‘People frequently don’t take appropriate security precautions for their devices, and even when they do a malicious app can easily evade detection by device-based anti-virus. Network based anti-virus embedded on an operator’s network cannot be disabled by cybercriminals, is always on and up to date.’