Mobile
9/9/2014
04:35 PM
Sara Peters
Sara Peters
Quick Hits
Connect Directly
Twitter
RSS
E-Mail
50%
50%

Study: 15 Million Devices Infected With Mobile Malware

Sixty percent of the infected devices run Android.

Fifteen million mobile devices are infected with malware, and most of those run Android, according to a new report by Alcatel-Lucent's Kindsight Security Labs.

Researchers found that "increasingly applications are spying on device owners, stealing their personal information and pirating their data minutes, causing bill shock." Mobile spyware, in particular, is on the rise. Four of the 10 top threats are spyware, including SMSTracker, which allows the attacker to remotely track and monitor all calls, SMS/MMS messages, GPS locations, and browser histories of an Android device.

Mobile infections increased by 17 percent in the first half of 2014, raising the overall infection rate to 0.65 percent.

About sixty percent of the infected devices are Android smartphones. About 40 percent are Windows PCs connecting through mobile networks. Windows Mobile, iPhones, Blackberrys, and Symbian devices combine for less than 1 percent.

The good news for Android users, according to the report, is that "the quality and sophistication of most Android malware is still a long way behind the more mature Windows PC varieties. The command-and-control mechanisms (C&C) are primitive and often don’t work. Configurations are hard coded and inflexible. The malware makes no serious effort to conceal itself, and attack vectors are limited to hoping someone installs the infected app."

Sara Peters is Senior Editor at Dark Reading and formerly the editor-in-chief of Enterprise Efficiency. Prior that she was senior editor for the Computer Security Institute, writing and speaking about virtualization, identity management, cybersecurity law, and a myriad ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
ENewsMan
50%
50%
ENewsMan,
User Rank: Apprentice
9/25/2014 | 2:42:58 PM
This is GOOD news
This is actually a lot better than what I was expecting. These numbers would probably be horrible if not the progress made in the last few years in the war on malware waged by Google, Airpush, and other top players, primarily in the Android ecosystem.
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Five Emerging Security Threats - And What You Can Learn From Them
At Black Hat USA, researchers unveiled some nasty vulnerabilities. Is your organization ready?
Flash Poll
Containing Corporate Data on Mobile Devices
Containing Corporate Data on Mobile Devices
If youre still focused on securing endpoints, youve got your work cut out for you. WiFi network provider iPass surveyed 1,600 mobile workers and found that the average US employee carries three devices -- a smartphone, a computer, and a tablet or e-reader -- with more than 80% of them doing work on personal devices.
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-7445
Published: 2015-10-15
The Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager (GEM) objects, which allows context-dependent attackers to cause a denial of service (memory consumption) via an application that processes graphics data, as demonstrated b...

CVE-2015-4948
Published: 2015-10-15
netstat in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.x, when a fibre channel adapter is used, allows local users to gain privileges via unspecified vectors.

CVE-2015-5660
Published: 2015-10-15
Cross-site request forgery (CSRF) vulnerability in eXtplorer before 2.1.8 allows remote attackers to hijack the authentication of arbitrary users for requests that execute PHP code.

CVE-2015-6003
Published: 2015-10-15
Directory traversal vulnerability in QNAP QTS before 4.1.4 build 0910 and 4.2.x before 4.2.0 RC2 build 0910, when AFP is enabled, allows remote attackers to read or write to arbitrary files by leveraging access to an OS X (1) user or (2) guest account.

CVE-2015-6333
Published: 2015-10-15
Cisco Application Policy Infrastructure Controller (APIC) 1.1j allows local users to gain privileges via vectors involving addition of an SSH key, aka Bug ID CSCuw46076.

Dark Reading Radio
Archived Dark Reading Radio
Join Dark Reading community editor Marilyn Cohodas and her guest, David Shearer, (ISC)2 Chief Executive Officer, as they discuss issues that keep IT security professionals up at night, including results from the recent 2016 Black Hat Attendee Survey.