Advertisements with embedded malware have outpaced pornographic Web content as the biggest threat to the security of mobile devices, new figures from security firm Blue Coat suggest.
The company's 2014 Mobile Malware Report relayed the reports of the Blue Coat Security Labs (BCSL), which found that what it called 'malvertising' had more than tripled in frequency over the past year. One in every five Web ads directing mobile Web users to malware, on average.
The figures were based on traffic analysis that found pornography was still a significant source of malware infection, with visits to pornographic sites accounting for less than one percent of all requested content but 16 percent of all malware attacks.
Web ads, however, comprised 12 per cent of requested content and 20 per cent of mobile device infections. This was up substantially from the company's November 2012 figures, which found that just 5.69 per cent of content was Web advertisements and 22.16 per cent was pornography.
"What a difference a year makes," the company's analysis noted. "Last year, pornography was the leading threat vector for mobile users. This year, it had dropped nearly six points and is the third leading threat vector. Yet while users don't access pornography that frequently, when they do, they are very vulnerable to malware."
Blue Coat's analysis found that changes in consumer behaviour were largely to blame, with mobile users far more likely to consume "recreational" content. Such content comprised 11.74 per cent of content requested by mobile users, compared with jut 6.69 per cent of content requested by desktop users.
While Web advertisements had gained currency as vectors for mobile malware infection, BCSL failed to find "any real commitment to mobile malware" within the malware networks it is tracking. The Shnakule malnet "dabbles in" the delivery of mobile malware but prefers premium SMS scams, but overall the report said the profile of mobile malware remains low.
"It could be that the behaviour we are seeing among malnets is an attempt to find vulnerabilities and adapt the infrastructures to these mobile environments," the report notes, adding that most malware currently targeting mobiles is "still pretty basic" and confined to potentially unwanted applications (PUAs) and SMS scams.
PUAs generally disguise themselves as legitimate games or other apps, then collect information about the user and the infected device as well as potentially harvesting aggregate data about mobile users' habits, interests, or Web searches using built-in analytics tools.
The pervasiveness of such apps and their lack of transparency "sets users up to fail by putting them at greater risk for privacy violations," the report notes. "It also makes it impossible for users to make risk-based decisions about the apps they want to use and the information they want to share."
Mobile malware is expected to play an ongoing and growing threat into the future, the company notes. "Blue Coat predicts that mobile malware will continue to present a threat to users both in the corporate and home environment," the report notes.
"The makers of mobile phone operating systems would do well to help users better manage how, when, and with whom mobile applications can communicate with the outside world."
This article is brought to you by Enex TestLab, content directors for CSO Australia.