Mobile Malware Surges In The US, Mainly On Android

Mobile users encountered malware nearly twice as often in 2014 than during 2013 — up from 4 percent to 7 percent, CSO Online reported.

The jump was largely to the proliferation of new ransomware campaigns such as ScarePakage, ScareMeNot, ColdBrother, and Koler, according to a new report from mobile security company Lookout. “We were expecting an increase, but not of this magnitude,” said Lookout VP Aaron Cockerill.

The report, based on aggregated data from more than 60 million users worldwide, also said that more than 4 million Android users in the U.S. encountered ransomware, with some victims forced to pay as much as $500 to unlock their devices. Ransomware also landed among the Top 5 mobile-malware threats in the U.K. and Germany.

On the other hand, adware — apps displaying ads that actually make it hard to use a smartphone, or collect unreasonable amounts of user information — dropped dramatically, in part because of Google’s increased policing of its Play app market.

But mobile malware is also growing increasingly sophisticated. The current generation appears to be aimed at collecting corporate information, but the next round could specifically aim at personal information, including payment-card numbers and banking information — something that has already happened in South Korea with mobile malware that pretended to be a download of the movie “The Interview.”

Malware typically gets onto devices through drive-by downloads from infected websites, and through malicious links in spam emails, said Jeremy Linden, Lookout’s senior security product manager. For the most part, the infections target Android devices.

Windows phones? It’s just not one of the cool kids yet. “Anecdotally, the word is that [Windows Phone] isn’t popular enough to inspire any malware creators to write stuff for it, but that might change in the future,” Linden said. “Just like BlackBerry.”

Apple’s iOS is also less attractive to malware writers, but that’s because of Apple’s testing and curation of its app store and iOS’s walled-garden architecture, Linden said. While his company has seen some iOS-based mobile threats, they’re typically limited to specific geographies — such as WireLurker, which popped up in China — and only on jailbroken devices.

While the rate of malware encounters jumped in the U.S. and was flat in Germany, France and Japan, there’s some hope of getting it under control. In the U.K., the rate plunged from 5 percent in 2013 to 2 percent in 2014, largely due to a crackdown and follow-up prosecutions mobile rate regulator PhonepayPlus, Computerworld UK reported.