The rise in mobile malware with every passing year is not a new phenomenon. As the attack surface grows, cybercriminals are attempting to maximize their profits through any means necessary. These malicious pieces of code offer extreme functionalities, and hence, are adopted by threat actors across the world.
Diving into details
Zimperium published its annual mobile threats report that states some horrific statistics. Let’s visit them.
- In 2021, 30% of known zero-day vulnerabilities targeted mobile devices, while there was a 466% rise in exploited zero-day vulnerabilities against mobile endpoints.
- Seventy-five percent of the phishing sites solely targeted mobile devices.
- More than two million new malware variants were found in the wild.
- More than 10 million mobile devices were afflicted by threats in 214 countries.
- Based on the firm’s analysis of over a million iOS and Android apps, 14% of the apps used public cloud backends, whose misconfigurations resulted in security incidents.
- The most affected regions are Asia Pacific, Africa, Europe, and the Americas.
What does this imply?
The data above indicates that threat actors are finding ways to abuse conventionally strong software ecosystems related to mobile devices. Malware authors are focusing more on these devices as the global workforce was pushed to remote working. This resulted in greater volumes of malware propagation, phishing and smishing attacks, and heightened efforts into discovering and abusing zero-days.
What else?
- Proofpoint witnessed a 500% increase in mobile malware submissions in Europe, since early February.
- Last year, various malware packages were detected, which were capable of recording audio and video calls, destroying content and data, and tracking location.
- The most common mobile malware used include FluBot, TeaBot, TangleBot, MoqHao, BRATA, TianySpy, and KeepSpy.
Android vs iOS
- Android allows its users to install content from multiple app stores, while iOS does not allow sideloading.
- While Android seems to be more vulnerable than iOS, the latter tends to have more severe flaws.
- Last year, Android had 574 flaws, the number was 367 for iOS. However, in the case of the latter, only 24% were rated low complexity. Out of 367, 45 vulnerabilities were rated critical, signifying that exploiting them could lead to critical damage.
- Therefore, although iOS is challenging, it makes for a lucrative target.
Stay safe
Whether you use Android or iOS, both have their own sets of threats that can cause considerable damage to the targets. Mobile malware strains have evolved throughout the years and now possess advanced espionage functionalities. The best way to stay safe is to avoid installing content from unknown sources. Furthermore, keep the number of installed apps to a minimum and apply available security patches.
Publisher
/https://cyware-ent.s3.amazonaws.com/image_bank/shutterstock_452067163.jpg)
/https://cyware-ent.s3.amazonaws.com/image_bank/shutterstock_349413722.jpg)
