A new report from cyber security firm Proofpoint has revealed that Android users willing downloaded over two billion malicious mobile applications last year.
The findings are from Proofpoint’s annual Human Factor Report, which looks at the latest cyber security trends cyber across email, social media and mobile apps.
Some of the key findings from the study showed:
- After the US, China is the number one destination for data from malicious applications.
- Dangerous mobile apps from rogue marketplaces affect two out of five enterprises. Proofpoint researchers identified rogue app stores from which users could download malicious apps onto iOS devices – even those not “jailbroken,” or configured to run apps not offered through Apple’s iTunes store. Lured in by “free” clones of popular games and banned apps, users who download apps from rogue marketplaces – and bypass multiple security warnings in the process – are four times more likely to download an app that is malicious. These apps will steal personal information, passwords or data. 40% of large enterprises sampled by Proofpoint TAP Mobile Defense researchers had malicious apps from DarkSideLoader marketplaces – that is, rogue app stores – on them.
- The fourth quarter of 2015 saw a surge of “riskware.” These are mobile apps that aren’t necessarily malicious but transmit sensitive data to servers that may be compromised or that reside in foreign countries. Malicious mobile apps alone communicate data to 57 countries, and 19% of these apps send data to China.
- People willingly downloaded more than 2 billion mobile apps that steal their personal data. Attackers used social media threats and mobile apps, not just email, to trick users into infecting their own systems. Proofpoint analysis of authorized Android app stores discovered more than 12,000 malicious mobile apps – apps capable of stealing information, creating backdoors, and other functions – accounting for more than 2 billion downloads.
Commenting on the findings from the study, Mark James, security specialist at ESET, said: “Most people still do not perceive the mobile phone or tablet as very real threat vector, it’s still seen as just a phone and not a very powerful computer which is also capable of making calls. The worrying trend is peoples lack of understanding of what’s actually stored on a phone, in most cases the data on a mobile phone can reveal a lot more about what you do on a day-to-day basis than your computer can, users will save information in contacts, notes, photos and videos that they may not even consider saving on a desktop computer.”
In addition to this, the study also highlighted the fact that 2015 was the year machine exploits were overtaken by human exploitation. Essentially, rather than opting to purchase expense technical exploits they sent emails with malicious attachments and relied on humans to carry out their dirty work.