The number of mobile security threats is increasing, according to a recent security report issued by Kaspersky Labs, one of the leading providers of anti-virus software. The company has just released its threat evolution report for Q3, which details a significant increase in new malware and installation packages.
The number of new installation packages was 1.5 times higher than the corresponding period in 2015. The malicious software is designed to load malicious programs onto mobile devices, and 1,583,094 new installation packages were discovered over the 3-month period.
Malware is evolving too. Hackers are developing brand new malware, as well as tweaking existing malicious software. Kaspersky Labs detected, on average, more than 100,000 new malware programs per month in Q3. 323,374 new malicious programs were discovered in total, a 3.1-fold increase from the first three months of the year, and a 1.1-fold increase on Q2, 2015.
Adware Accounts for more than Half of New Mobile Security Threats
The majority of new mobile security threats are adware. Over half of the new programs discovered were responsible for displaying adverts, which is how the creators of computer viruses are now making money. In fact, adware now accounts for over half of all mobile objects now being discovered.
New advertising malware may not be seen as a major threat by many people; however, the malicious software does more than just display annoying adverts. Some of the latest malware, Kemoge for example, is capable of totally taking over an infected device. Initially the adware is harmless enough, albeit annoying. It spies on the user, sends data to its command and control center, and then serves adverts. Banner adverts are displayed from time to time: Nothing particularly invasive at first. Then the ads become more frequent, which can be annoying for users.
Adware-Serving Malware are Serious Mobile Security Threats
The malware then starts to get particularly nasty, using up to 8 different root exploits on the device. The malware is particularly difficult to detect, as it does not continuously communicate with its command center. The malware has also been discovered to uninstall AV software, preparing the mobile for future attacks. Healthcare IT security professionals should take note, especially if their employer has a BYOD policy that permits the use of personal devices at work.
Adware may have been created not to serve adverts, but to take control of the device, remove security controls, and ultimately be used to gain access to the network to which the device connects. Many of the new types of malware are simply infecting devices, service adware, and waiting to be used to launch future attacks.
The Kaspersky Labs report also highlights the rise in malware targeting mobile banking apps. Kaspersky has discovered 2,516 new Trojans during Q3. The AV provider recorded approximately 5 million attempted hacks by these Trojans in Q3. These are one of the biggest threats, especially in the United States, UK, and other countries where mobile banking applications are popular.
Protections Must be Put in Place to Deal with New Mobile Security Threats
The sheer volume of mobile malware is astonishing. Over 38 million unique malware objects were found in Q3. The number of potentially unwanted objects discovered by the company’s file antivirus stood at well over 145 million for the quarter.
The threat landscape is constantly changing, and any organization that fails to implement the appropriate protections to deal with the new mobile security threats is likely to see many devices infected. The real security threat may come weeks or months later, when hackers change the purpose of the malware and move onto their real end game.