Mobile threats in Symantec Study-1 million Malware Apps identified

The Symantec study on Internet threats has some interesting findings on the threats arising out of Mobile devices which needs some deep analysis.

The first alarming aspect thrown open by the study is that of the 6.3 million apps observed by the study, about 1 million apps have been classified as “Malware Apps” . (we shall call this MalApps). These are Programs and files that are created to do harm and includes  viruses, worms, and Trojan horses. 2014 is considered the 10th anniversary of the MalApps since the first worm on a Mobile App is said to be SymbOS.Cabir found in 2004. The 1 million new MalApps found in 2014 consists of 46 new families of Android malware. The study says that this 1 million MalApps does not include about 2.3 million “grayware” which represents Apps that display undesirable behaviour such as advertising.

Symantec expects the growth in mobile malware to continue in 2015, becoming more aggressive in targeting a user’s money. It is estimated that 51 percent of U.S. adults bank online and 35 percent use mobile phones and hence are prime targets for MalApps writers. The study records that  malware can intercept text messages with authentication codes from the bank and forward them to attackers. Fake versions of legitimate banks’ mobile applications also exist, hoping to trick users into giving up account details.

The study notes what it calls as “MadWare” which use aggressive techniques to place advertising in  mobile device’s photo albums and calendar entries and to push messages to the  notification bar.Madware can even go so far as to replace a ringtone with an ad.

An analysis of threats by platform indicates that out of the total of 48 threats (by families ignoring the variants), 45/46 were identified on Android platform and 3 on iOS.

As regards vulnerabilities, 168 mobile vulnerabilities were disclosed in 2014 compared to 127 in the previous year. It is surprising to note that 84% of these vulnerabilities are from iOS system and only 11% are from Android systems. Blackberry counts for 4% and windows 1%.

Probably the documentation of vulnerabilities in Apple could be better organized than the Android and hence there could be a skewed finding about the security of IOS phones vs Android phones. This is an interesting observation and leaves both equally vulnerable to risks.

As of today, Android appears to have a lead in market share of around 51.2 % as against iOS which is around 43.5% Cumulative global shipment of Android phones was around 1644 million units from 2010 to 2014 while the cumulative sales of Apple iOS devices since its launch in 2007 is around 600 million.

This indicates that relatively there were more vulnerabilities in iOS systems than the Android though  there are more threats on Android platform than in iOS.

The type of threats that the MalApps pose is reflected in the following chart.

mobile_malware_behaviour

It may be expected that in the coming years these mobile threats would increase and create more risks for the users since the App Ecosystem is difficult to monitor. The security industry needs to do some thing specific to improve the reliability of mobile platforms so that it can support the market developments in the coming days.

Naavi

About Vijayashankar Na

Naavi is a veteran Cyber Law specialist in India and is presently working from Bangalore as an Information Assurance Consultant. Pioneered concepts such as ITA 2008 compliance, Naavi is also the founder of Cyber Law College, a virtual Cyber Law Education institution. He now has been focusing on the projects such as Secure Digital India and Cyber Insurance
This entry was posted in Cyber Law. Bookmark the permalink.

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.