Growing mobile malware threat swirls (mostly) around Android

Attacks on mobile devices are rising just as PC malware soared with the Web, Kaspersky Lab says

Chris Doggett, senior vice president, North America, at Kaspersky Lab, spoke on Tuesday at CTIA Wireless.

Chris Doggett, senior vice president, North America, at Kaspersky Lab, spoke on Tuesday at CTIA Wireless.

Mobile devices are getting hit by a boom in malware similar to the one that hit PCs starting with the rise of the Web, a security software executive said Tuesday.

"Mobile platforms, for a lot of attackers, represent a new target-rich environment," said Chris Doggett, senior vice president, North America, at Kaspersky Lab. He was addressing a panel discussion at the CTIA Wireless trade show in Las Vegas at which officials from government and industry laid out the dangers of mobile malware and steps being taken to fight it.

The creators and exploiters of malware are attracted to mobile because smartphones and tablets are increasingly powerful and most have no protection, Doggett said. (Kaspersky sells mobile security software.) The threats to mobile users are numerous: Attackers can often find credentials for various accounts by looking at incoming and outgoing text messages, they can get contact information for work associates as well as family and friends, and they may be able to compromise bank accounts if users do mobile banking, he said.

Malware on the wired Internet has risen from one new sample discovered per hour in 1994 to 200,000 new samples per day now, and a similar trend is taking shape on mobile devices, Doggett said. In 2011, Kaspersky discovered just over 6,000 mobile malware samples, and in 2012, there were more than 30,000.

U.S. mobile users have been left relatively unscathed, according to a white paper released on Tuesday by CTIA, the mobile industry group that sponsors the show. Fewer than 2 percent of smartphones in the U.S. are infected with malware, compared with more than 40 percent in some other countries, said John Marinho, CTIA's vice president of technology and cybersecurity. There are more than 100 million infected smartphones in China, he said.

As attackers seek that easy target in mobile, they overwhelmingly are looking to Android, Doggett said. Kaspersky estimates that 94 percent of all mobile malware is written for Android. Google's mobile OS is easier for them to use because it's more open than Apple's iOS and apps don't have to go through the Apple security review required for the iTunes App Store. Also, Android users can download apps from any number of places, though some Android malware has come in software downloaded from sources that are supposed to be trusted, including Google Play, Doggett said.

Apple isn't foolproof, as some malware has gotten through the company's scrutiny, such as the spam-producing "Find and Call" app discovered last year, he said. But because the bar is higher with iOS, most attackers look elsewhere, he said.

Mobile is one target of a U.S. government effort to close cybersecurity holes in the nation's critical infrastructure, according to Ari Schwartz, a senior policy advisor in the Commerce Department's Office of Policy and Strategic Planning. Following an executive order by President Barack Obama earlier this year, the Department of Homeland Security and other agencies are working toward creating a program for companies to take a set of voluntary steps to protect their infrastructure from attacks, Schwartz said.

Meanwhile, the National Cyber Security Alliance is aiming at ordinary users with an education campaign using the slogan, "Stop. Think. Connect." The campaign aims to teach consumers about online safety in the same way children are taught to look both ways before crossing the street, said Michael Kaiser, executive director of NCSA.

Any individual user who falls prey to malware can pose a threat to everyone's phones, Kaiser said. But just raising alarms about the dangers of cyberthreats can make people feel too helpless to even take action, he said.

"What I think comes across often to the consumers is just this haze of threat. ... And that makes it difficult," Kaiser said.

Education is important, but service providers and others also have to keep developing new tools to fight cyberthreats, said Chris Boyer, AT&T's executive vice president for public policy. AT&T monitors its traffic flows around the clock and has a team in its lab dedicated to wireless security. It also regularly shares threat information with other carriers and the government. Malware is a moving target, Boyer said.

"At the end of the day, it's going to require long-term innovation around this problem. The threat's not going to go away. There is no magic bullet."

Stephen Lawson covers mobile, storage and networking technologies for The IDG News Service. Follow Stephen on Twitter at @sdlawsonmedia. Stephen's e-mail address is

Join the CSO newsletter!

Error: Please check your email address.

Tags at&tsecurityU.S. Department of CommerceNational Cyber Security Alliancectiamobilekaspersky lab

More about AppleCTIAGoogleIDGKasperskyKasperskyLawsonNCSA

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Stephen Lawson

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place