Lost Devices, Data Leakage Remain Top Mobile Threats


Mobile malware continues to trend upward, targeting Google Android devices in certain regions where third-party application stores are popular, and looser carrier restrictions enable the proliferation of premium text-messaging Trojans, according to a new threat report.

Lost and stolen mobile devices continue to be the biggest problem plaguing U.S.-based businesses, followed by the lack of control and visibility into the corporate data that may be stored on personally owned smartphones and tablets introduced into the workplace. The vast majority of mobile malware threats -- about three-quarters of attacks detected by Finnish antivirus vendor F-Secure -- were limited to devices in Saudi Arabia and India, the firm said in its threat report issued this week. About 5 percent of infections were detected in the U.S. and 2.8 percent in the U.K.

"The Android malware families most commonly reported in that period were GinMaster, Fakeinst and SmsSend, which either harvest data from the device or send premium-rate SMS messages," F-Secure said in its latest report.

[Related: Mobile Security: Shedding Light On A Topic Usually Shrouded In Dark]

F-Secure said 10 percent of the malware samples were traced back to the four most popular third-party mobile application stores. Most of the malware is embedded in malicious versions of popular Google Play Store apps. A majority of the malicious applications are gambling-related, slot machine or card game apps followed by weaponized versions of popular games.

F-Secure said 23 percent of the malware the firm examined masquerade as legitimate applications by using authentic-looking package names. Google Play, the official repository for Android apps, contained 0.1 percent of mobile malware. Any potential malicious apps that make it into the store have a short shelf life, F-Secure said.

F-Secure warned of the growing use of "silent" sources by attackers to infect user devices. Vendor customizations introduce vulnerabilities that can be targeted, the firm said. Malware being pushed by ads in mobile browsers is also increasing. A recent threat report issued by Sunnyvale, Calif.-based network security vendor Fortinet had similar findings. Fortinet said about 96 percent of malware targets Android devices.

CIOs and IT security teams that spoke recently with CRN said lost and stolen devices remains as one of their biggest concerns. Solution providers can help businesses understand how to strike the right balance between letting users bring their own mobile devices and finding the right mixture of controls to reduce the risks posed to corporate data, according to Jack Gold, principal analyst at J. Gold Associates, a Northborough, Mass.-based consulting firm, who spoke at this week's XChange Solution Provider conference in Los Angeles. Gold advocates ways to establish security by setting enforceable policies that don't impede on user productivity. 

NEXT: Web-Based Attacks Infiltrate Corporate Networks