The number of attacks using malicious mobile software nearly doubled in just one year, with 116.5 million attacks observed in 2018, compared to 66.4 million in 2017, a new report said.
However, despite more devices suffering from attacks, the number of unique malware files has decreased, leading researchers at Kaspersky Lab to conclude the quality of mobile malware has become more impactful and precise.
The channels through which malware is delivered is a key component of the success of modern threat campaigns. As dependence on mobile devices grows, for business users and consumers, cybercriminals are paying more attention to mobile as an attack vector. Cybercriminals have steadily been increasing their use of mobile malware, aiming to take advantage of those who do not have security solutions installed on their phones.
The success of mobile distribution strategies is not only evidenced by an increase in attacks, but also by the number of unique users that have encountered this kind of malware.
In 2018, the number of unique users facing mobile malware rose to 9,895,774 affected, an increase of 774,000 over the previous year.
Among the threats encountered, the most significant growth was in the use of Trojan-Droppers, whose share almost doubled, rising from 8.6 percent of malware observed in 2017 to more than 17 percent in 2018. This type of malware is designed to bypass system protection and from there, deliver all kinds of malicious files, from banking Trojans to ransomware.
“In 2018, mobile device users faced what could have been the fiercest cybercriminal onslaught ever seen,” said Viсtor Chebyshev, security expert at Kaspersky Lab. “Over the course of the year, we observed both new mobile device infection techniques, such as DNS hijacking, along with an increased focus on enhanced distribution schemes, like SMS spam. This trend demonstrates the growing need for mobile security solutions to be installed on smartphones – to protect users from device infection attempts, regardless of the source.”
Kaspersky Lab security experts recommend the following tips for protecting mobile devices:
• Only install mobile applications from official app stores, such as Google Play for Android devices or the App Store on iOS.
• Block the installation of programs from unknown sources in your smartphone’s settings.
• Do not bypass device restrictions, as this could provide cybercriminals with unlimited capabilities to carry out attacks.
• Install system and application updates as soon as they are available, as they often include patches for recently discovered vulnerabilities. Never download mobile OS system updates from external resources (unless you are participating in official Beta testing). Application updates should only be installed through official app stores.