Smartphones have pulled ahead of Windows-based computers and laptops, now accounting for 60% of the malware activity observed.
A Nokia Threat Intelligence Report released yesterday reveals an increase in iOS-based malware, growing sophistication of Android malware and the rising threat of mobile ransomware.
The report examines general trends and statistics for malware infections in devices connected through mobile and fixed networks. Data is aggregated where Nokia malware detection technology is deployed, with more than 100 million devices covered.
Findings of the Nokia Threat Intelligence Report include:
- Due to a decrease in adware activity, the overall infection rate in mobile networks declined from .75% to .49% on Windows-based PCs connected to the Internet via a mobile network in the second half of 2015. Adware is a software that automatically displays or downloads advertising material (often unwanted) when a user is online.
- In the same time period, smartphone infection rates increased and now account for 60% of infections detected in the mobile networks.
- Android continues to be the main mobile platform targeted.
- For the first time since the report began, iOS-based malware – including XcodeGhost and FlexiSpy – is on the top 20 list. In October 2015 alone, iPhone malware represented 6% of total infections.
- The XcodeGhost malware was injected into apps through a compromised software development kit that was used by Chinese developers to create legitimate apps distributed via the Apple App Store. Apple has removed these apps from the Apple Store, but some malware remains active.
- Ransomware – malware that effectively holds a device hostage by encrypting data and then locking it – like CryptoLocker has been around for a while on Windows PCs, but 2015 saw several varieties attacking Android, as well. Recovery can only be achieved by paying the attacker a ransom fee via a prepaid cash voucher or with bitcoins.
- Mobile malware is becoming more sophisticated in the techniques it uses to persist on the device. It is becoming very difficult to uninstall and can even survive a factory reset.
Kevin McNamee, head of the Nokia Threat Intelligence Lab, comments: “Security is a very real concern for any device with an IP address, be it Android, iPhone or even a Windows PC connected to the mobile network.
“While Android infections continue to rise and become more sophisticated, the report (from late 2015) is the first time we’ve seen iOS malware make our top 20 list, with XcodeGhost being the fourth most prevalent malware detected.”
So What can you do to protect your phone?
To guard against mobile malware and protect yourself and your data, here are five things you should keep in mind when buying or downloading apps for your mobile devices:
Malware on mobile devices is nowhere near the threat that it is on PCs–particularly Windows-based PCs…yet. Malware developers aren’t looking for a challenge. They will develop malware for the platforms and devices that have the largest pool(s) of potential victims, and those that are easiest to exploit. Step one in protecting yourself is to simply be aware that the threat exists.
Do Your Homework
Think before you download. Just as it makes sense to read some Amazon reviews before buying a book, or some Yelp reviews before testing out a new restaurant, it makes sense to read some reviews of an app before you jump off the cliff. General word of mouth support for an app is good, but it is even better if you can get input from your social networks–friends and family you trust–before downloading an app.
Check Your Sources
Not all third-party sources of apps are bad, but the odds are much higher. For a platform like iOS, you have to go out of your way to jailbreak the device in order to use apps that aren’t approved by Apple. If you have taken such drastic measures, you are hopefully already aware of the risks involved as well.
Android users may not be as conscious of the threat because third-party app repositories are normal for that platform. Still, the safest source of Android apps is the official Google Android Market, or at least an app store from a trusted source like the Amazon App Store. To avoid shady apps, you should deselect the “Unknown sources” option in the Android Applications Settings.
Watch the Permissions
Mobile operating systems have enough security in place that apps generally have to request permission to access core functions and services of the device. Think about the permissions you are granting before you just tap and blindly accept them. Does that Sudoku app really need access to your contacts, camera function, and location information?
As the mobile market grows, and the malware developers take notice and begin to target it, the security vendors–like McAfee–are working to try and stay a step ahead of the malware attacks with security tools and software.
Following the first four tips will help you avoid a majority of potential threats, but antimalware software can help detect and identify any threats that slip past your defenses.