More than 99 percent of new mobile threats discovered by F-Secure Labs in the first quarter targeted Android users, according to a new report from F-Secure. Among threats discovered, 277 were new threat families and variants, 275 of which targeted Android, one iPhone and one Symbian. In comparison, the same quarter in 2013 brought 149 new threat families and variants, 91 of which targeted Android.
The first quarter also saw a number of firsts for Android malware. This indicates the mobile threadscape is continuing to develop in sophistication and complexity. The quarter saw the first cryptocurrency miner, which hijacks the device to mine for virtual currencies such as Litecoin. It saw the first bootkit, which affects the earliest stages of the device’s bootup routine and is extremely difficult to detect and remove. It saw the first Tor trojan and the first Windows banking trojan hopping over to Android.
Great Britain experienced the highest level of mobile malware measured by F-Secure in the first quarter, with fifteen to twenty malware files blocked per 10000 users there, or about one in 500 users. The US, India and Germany all had five to ten malware blocked for every 10,000 users. And in Saudi Arabia and the Netherlands, two to five malware were blocked per 10,000 users.
The report found that 83 percent of mobile trojans send SMS messages to premium numbers or SMS-based subscription services, by far the most common malicious activity. Additional common malicious activities that mobile trojans engage in include: downloading or installing unsolicited files or apps onto the device, silently tracking device location or audio or video to monitor the user, pretending to be a mobile AV solution but actually having no useful functionality, silently connecting to websites to inflate the site’s visit counters, silently monitoring and delivering banking-related SMS messages for fraud, stealing personal data and charging a “fee” for use, update or installation of legitimate and usually free applications.