Lookout Mobile Security, a provider of mobile security, announced
the results of its Mobile Threat Report, based on threat data from its
Mobile Threat Network, which includes data collected from more than
700,000 apps and 10 million devices worldwide. The report found that
mobile malware has increased significantly, with Android users
two-and-a-half times as likely to encounter malware today than just six
months ago.
The Lookout report estimated that between a half million and one
million users were affected by mobile malware in the first half of
2011. At the same time, Web-based threats which operate across
platforms, have emerged as a significant part of the threat landscape
with three out of 10 mobile users likely to click on an unsafe link,
including malicious and phishing links, over the course of a year.
During the first half of 2011, Lookout found that attackers
repackage legitimate applications with malware, creating Trojan
applications that appear to be legitimate, but in fact are malicious,
and post them to app stores and download sites. More recently, malware
writers are using new techniques to secure wide distribution. Attackers
employ a tactic called malvertising, whereby they use mobile ads to direct users to a
malicious Website that triggers an automatic download of malware.
Additionally, Lookout saw the first Update Attack, in which an attacker
first publishes a legitimate application with no malware, and once they
have a large user base, they release an update that includes malware so
the entire user base gets the updated infected application.
“As mobile devices grow in popularity, so do the incentives for
attackers,” says Kevin Mahaffey, CTO and co-founder of Lookout Mobile
Security. “We’ve seen the prevalence and the level of sophistication of
mobile malware attacks evolve significantly in the first six months of
2011. We expect this trend to continue as more and more people adopt
mobile devices.”
As the frequency of mobile threats increase, Mahaffey said mobile
users can take measures to stay safe, including only downloading apps
from trusted sources, such as reputable app stores and download sites
and remembering to look at the developer name, reviews and star
ratings. After clicking on a Web link, pay close attention to the
address to make sure it matches the Website it claimed to be, he said,
and download a mobile security tool that scans every app you download
for malware and spyware, and can help you locate a lost or stolen
device. For extra protection, make sure your security app can also
protect from unsafe Websites.
The company also recommends being on alert for unusual behavior on a
phone, as this behavior could be a sign that the phone is infected.
These behaviors may include unusual text messages, strange charges to
the phone bill and suddenly decreased battery life, the Lookout report
noted.