Mobile malware is still growing significantly: the number of unique samples of malware has been growing almost continuously throughout the year. By the end of 2016, over 19 million unique samples of malicious Android apps had been collected and analyzed, almost twice as much as in 2015. The number and diversity of mobile threats increases along with the number of devices and the advances in technologie that power these mobile devices. That is the most important conclusion from Trend Micro’s Mobile Threat Landscape Report.
Enterprises not (specifically) targeted
But there are many other interesting findings in this report. For instance: it is striking that the increasing risk of mobile malware to the companies, fueled by the upward trend of BYOD (Bring Your Own Device), has not led to mobile malware that specifically targets enterprises. Most infections caused harm that targets users in general, such as a subscription to premium SMS services, leading to extravagant phone bill charges, or even less harmful malware such as adware or spyware.
Legitimate marketplaces become less reliable
Traditionally the malware was downloaded from third-party app stores that provide less control over the apps that are being offered. But last year we saw a surge of the percentage of malicious apps in the Google Play app store. The percentage is still relatively low, only 1.02% of all apps was malicious, but it could mean the start of a new worrying trend.
Mobile ransomware growing faster than ever
Mobile ransomware boomed in 2016. The samples we analyzed in the fourth quarter of 2016, for instance, were thrice as many compared to the same period in 2015. Despite the growth, these malware shared a common modus operandi: abuse, bait, intimidate, extort. Most were screen lockers that abused Android OS’s features, and employed social lures such as fake system updates, popular games, and pornography. Unwitting users were also conned into granting them administrator privileges that allowed them to change the device’s lock screen password and ensure they weren’t uninstalled.
Banking Trojans can be very versatile
In 2016, most of the mobile banking Trojans we’ve seen targeted mobile users in Russia; in fact, it accounted for 74% of our global detections. China, Australia, Japan, Romania, Germany, Ukraine, and Taiwan rounded out the countries most affected by these malware. Based on the samples we uncovered and analyzed, their distribution was most active during the last quarter.
The most ‘popular’ banking Trojan in 2016 was Svpeng, a combination of banking trojan and ransomware, which accounted for around 67% of infections in this domain. Svpeng steals SMS messages, contacts, call logs and browser history, as well as phish for credit card data, and lock the device’s screen and demand ransom. Fortunately, this malware is less versatile in languages and mainly targets Russian-speaking victims.
Nibbling at Apple
Apple is renowned for exercising firm control over their App Store, thus eliminating almost every opportunity to distribute malware through this platform. Nevertheless, due to Apple’s continuing popularity as a mobile platform, cybercriminals become more and more creative, e.g. by absuing Apple’s enterprise certificate to sneak malicious content into iOS devices. We can expect an even more intense and more diverse wave of attacks in the coming year, probably as long as the popularity op the iOs devices keeps growing.