A recently released Kaspersky Lab and INTERPOL survey found that 60 percent of the attacks on Android devices involve financial malware.
In the report, Mobile Cyber Threats, the researchers provide a very simple reason for why this is: Smartphones and tablets are being used more and more frequently for financial transactions. And, as the survey also showed, the vast majority of international mobile-device users use an Android device. Malware developers are literally following the money trail.
Another interesting tidbit in that study: Over the time period examined, between August 2013 and July 2014, the amount of malware modifications sharply increased. As explained in a release, even a small change makes it difficult for AV software to detect. Again, advantage bad guys:
The high level of modification growth found during this study shows that cybercriminals were creating multiple variations of their malware in attempts to go undetected by antivirus solutions and infect as many devices as possible. Typically, antivirus companies will create a new signature within the software to defend against this type of tactic.
The Kaspersky Lab and INTERPOL report echoes what other recent studies have found, that financial mobile malware is a growing problem. A study released a couple of months ago by NQ Mobile found that 62 percent of malware is designed for direct financial gain. Zeus is making a comeback with a focus on mobile attacks. This summer, we saw the arrival of HijackRAT, mobile banking malware, which highlights the other problem of financial malware: Not only will it steal banking information, it digs into the depths of the mobile device to grab whatever information it can get. For companies that encourage BYOD use, this all means putting sensitive company data at risk, as well as financial theft if the employee handles accounting, banking or other financial-related duties.
This report highlights what any security observer sees as an increasing concern. The more mobile users there are, the more mobile malware will be downloaded. And, as we’ve seen with other forms of malware, developers are getting more sophisticated. It is just another warning that the time has come for businesses and consumers alike to become more serious about mobile security efforts.
Sue Marquette Poremba has been writing about network security since 2008. In addition to her coverage of security issues for IT Business Edge, her security articles have been published at various sites such as Forbes, Midsize Insider and Tom’s Guide. You can reach Sue via Twitter: @sueporemba