- Nokia Threat Intelligence Lab report shows iOS-based malware appears on top 20 list for first time with XcodeGhost and FlexiSpy.
- Android malware more than doubled in last six months of 2015 and is becoming increasingly sophisticated and persistent.
- Report examines rising threats through mobile ransomware.
1 March, 2016
Espoo, Finland – Nokia Security Center Berlin, powered by Nokia Threat Intelligence Lab, today released research findings showing that in the mobile networks, smartphones pulled ahead of Windows™-based computers and laptops, now accounting for 60% of the malware activity observed in the mobile space. The Nokia Threat Intelligence Report also reveals an increase in iOS-based malware, growing sophistication of Android malware and the rising threat of mobile ransomware.
The report examines general trends and statistics for malware infections in devices connected through mobile and fixed networks. Data is aggregated where Nokia malware detection technology is deployed, with more than 100 million devices covered.
Nokia Threat Intelligence Report at a glance:
- Due to a decrease in adware activity, the overall infection rate in mobile networks declined from 0.75% to 0.49% on Windows-based PCs connected to the Internet via a mobile network in the second half of 2015. Adware is a software that automatically displays or downloads advertising material (often unwanted) when a user is online.
- In the same time period, smartphone infection rates increased and now account for 60% of infections detected in the mobile networks.
- Android continues to be the main mobile platform targeted
- For the first time since the report began, iOS-based malware – including XcodeGhost and FlexiSpy – is on the top 20 list. In October 2015 alone, iPhone malware represented 6% of total infections.
- The XcodeGhost malware was injected into apps through a compromised software development kit that was used by Chinese developers to create legitimate apps distributed via the Apple App Store. Apple has removed these apps from the Apple Store, but some malware remains active.
- Ransomware – malware that effectively holds a device hostage by encrypting data and then locking it – like CryptoLocker has been around for a while on Windows PCs, but 2015 saw several varieties attacking Android, as well. Recovery can only be achieved by paying the attacker a ransom fee via a prepaid cash voucher or with bitcoins.
- Mobile malware is becoming more sophisticated in the techniques it uses to persist on the device. It is becoming very difficult to uninstall and can even survive a factory reset.
Kevin McNamee, head of the Nokia Threat Intelligence Lab, said: “Security is a very real concern for any device with an IP address, be it Android, iPhone or even a Windows PC connected to the mobile network. While Android infections continue to rise and become more sophisticated, the Nokia Threat Intelligence Report from late 2015 was the first time we saw iOS malware make our top 20 list, with XcodeGhost being the fourth most prevalent malware detected. We also saw a rise in a variety of ransomware apps that try to extort money by claiming to have encrypted the phone’s data. Nokia’s security approach reaches into the network to stop malware before getting to the device itself and before damage can occur.”
Click here to download the full report, including malware list and methodologies.
Did you know?
The modern smartphone presents the perfect platform for corporate and personal espionage, information theft, denial of service attacks on businesses and governments, and banking and advertising scams. It can be used simply as a tool to photograph, film, record audio, scan networks and immediately transmit results to a safe site for analysis.
About the Nokia Threat Intelligence Lab
Between 2012 and 2015 this report was created by Alcatel-Lucent’s Motive Security Labs. With the recent acquisition by Nokia, this is now known as the Nokia Threat Intelligence Lab. The Nokia Threat Intelligence Lab focuses on the behavior of malware network communications to develop detection rules that identify malware infections based on the command and control communication and other network behavior. This approach enables the detection of malware in the service provider’s network and the detection rules developed form the foundation of Nokia´s network based malware detection product suite.
Nokia is a global leader in the technologies that connect people and things. Powered by the innovation of Bell Labs and Nokia Technologies, the company is at the forefront of creating and licensing the technologies that are increasingly at the heart of our connected lives.
With state-of-the-art software, hardware and services for any type of network, Nokia is uniquely positioned to help communication service providers, governments, and large enterprises deliver on the promise of 5G, the Cloud and the Internet of Things. http://nokia.com
Phone: +358 10 448 4900
– See more at: http://networks.nokia.com/news-events/press-room/press-releases/nokia-malware-report-shows-smartphones-now-account-for-60-of-infections-in-the-mobile-netw#sthash.Yw5l1M2L.dpuf