Compromised or malicious adverts are now the main source of mobile malware, according to security firm Blue Coat.
The threat relies on the user's own gullibility to make changes to the security profile of their mobile devices
Researchers from Blue Coat Security Labs found fake anti-virus scams are becoming increasingly prolific on smartphones and tablets, to the extent they are now the main source of infection.
These use social engineering techniques to persuade a user their device is already infected with malware, prompting them to change their security settings in order to cure' it, only for the real embedded malware to use this opportunity to infect.
"The threat relies on the user's own gullibility to follow fairly complex instructions and make changes to the security profile of their mobile devices that are detrimental to their device," the researchers said, in their annual mobile malware report.
The team claimed the increasing number of ads served to mobile users, which now outstrips the number for PCs and laptops, increases the likelihood of malware infection.
"The increased frequency of mobile ads conditions users to see them as normal, which makes users more vulnerable to the attacks that are launched through ads," they said.
The report advises people to avoid clicking on ads while using their mobile devices.
Blue Coat said Android devices were the most commonly targeted a finding backed up by Kaspersky Lab's most recent mobile malware report, published six days before Blue Coat's.
Kaspersky also noted the exponential increase in mobile malware, however its research found the majority of malware was delivered not through advertising but banking apps and websites.
"At the beginning of the year we knew only 67 banking Trojans, but by the end of the year there were already 1,321 unique samples," said Kaspersky's researchers, adding they expect to see this type of malware continue to grow over the course of 2014.
-
RSAC Conference 2025: The front line of cyber innovationITPro Podcast Ransomware, quantum computing, and an unsurprising focus on AI were highlights of this year's event
-
Anthropic CEO Dario Amodei thinks we're burying our heads in the sand on AI job lossesNews With AI set to hit entry-level jobs especially, some industry execs say clear warning signs are being ignored
-
The FBI says hackers are using AI voice clones to impersonate US government officialsNews The campaign uses AI voice generation to send messages pretending to be from high-ranking figures
-
Employee phishing training is working – but don’t get complacentNews Educating staff on how to avoid phishing attacks can cut the rate by 80%
-
Russian hackers tried to lure diplomats with wine tasting – sound familiar? It’s an update to a previous campaign by the notorious Midnight Blizzard groupNews The Midnight Blizzard threat group has been targeting European diplomats with malicious emails offering an invite to wine tasting events, according to Check Point.
-
This hacker group is posing as IT helpdesk workers to target enterprises – and researchers warn its social engineering techniques are exceptionally hard to spotNews The Luna Moth hacker group is ramping up attacks on firms across a range of industries with its 'callback phishing' campaign, according to security researchers.
-
Hackers are using Zoom’s remote control feature to infect devices with malwareNews Security experts have issued an alert over a new social engineering campaign using Zoom’s remote control features to take over victim devices.
-
State-sponsored cyber groups are flocking to the 'ClickFix' social engineering techniqueNews State-sponsored hackers from North Korea, Iran, and Russia are exploiting the ‘ClickFix’ social engineering technique for the first time – and to great success.
-
Have I Been Pwned owner Troy Hunt’s mailing list compromised in phishing attackTroy Hunt, the security blogger behind data-breach site Have I Been Pwned, has fallen victim to a phishing attack targeting his email subscriber list.
-
LinkedIn has become a prime hunting ground for cyber criminals – here’s what you need to knowNews Cyber criminals are flocking to LinkedIn to conduct social engineering campaigns, research shows.
