IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Businesses on alert as mobile malware surges 500%

Researchers say hackers are deploying new tactics that put Android and iOS at equal risk

Researchers have said they observed a 500% increase in mobile malware infections across Europe since the start of February 2022.

The majority of malware was observed on Android devices, with six of the most serious strains targeting Google's operating system compared to just one targeting iOS, according to Proofpoint researchers.

Following an uptick in mobile malware infections back in April 2021, researchers told IT Pro that detections had largely tapered off and remained low until February 2022, although they were unable to pinpoint a reason for the sudden surge.

Proofpoint said most mobile malware is still downloaded via app stores and is especially prevalent on Android devices given the platform’s openness to multiple different app stores.

Side-loading – the practice of allowing apps to be installed via third-party app stores or directly onto the device – is also prohibited on iOS, helping to limit the spread of infections.

However, Proofpoint said it has noticed a distinct rise in attacks using mobile messaging, including SMS-based phishing attacks known as smishing. Given Android’s support for side-loading, it means this technique is more effective on that platform compared to iOS.

The finding is especially important for businesses that distribute Android-based company devices to their workforce. Many businesses install security measures that prevent access to third-party app stores but smishing may bypass some of these provisions.

“Mobile messaging is a highly trusted communication channel and users are much more apt to read and access links/URLs contained in mobile messages than those in email,” said Jacinta Tobin, vice president of Cloudmark operations at Proofpoint to IT Pro.

Related Resource

Introducing the zero trust edge model for security and network services

Get a better understanding of emerging zero trust solutions

Whitepaper cover with black block across the top and yellow, green and black pipe graphics with title and copyFree Download

“This level of trust combined with the reach of mobile devices in the general public, where nine in ten possess a mobile device, makes mobile messaging a very attractive platform for commercial and marketing activity. This makes the mobile channel ripe for fraud and identity theft both now and in the future through this expansion.”

The most common types of malware found were those that used malicious apps to record phone calls, or those that take audio from the device outside of phone calls.

Data wipers, which have been especially common in the recent cyber attacks on Ukraine emanating from Russia, were also increasing in popularity.

This differs from the traditional purpose of malware, Proofpoint said, which typically involves gaining access to a system and potentially stealing data or account credentials.

Of the most common malware types, all had a financial impersonation component and all had a credential-stealing function.

For example, the long-feared FluBot malware, which installs an invisible overlay on mobiles to steal login credentials, activated when banking apps are used, was found to be one of the most common types of malware affecting Android users in Europe.

TangleBot was first observed in North America but has recently been found in Turkey. It typically spreads via fraudulent package-delivery notifications and may have links to the FluBot campaign. Notably, it is one of the few malware strains that combine financial impersonation with the newer audio-recording thefts.

“In both cases, the malware uses similar distribution methodologies, landing pages, language and SMS lures,” Proofpoint said. “One enticing lure that TangleBot has been known to use is a software update notification.”

Proofpoint said “awareness is critical” when keeping safe online, and more needs to be known about the dangers of mobile malware.

Users have been advised to be extra vigilant when it comes to reviewing emails and texts, especially for Android users, and consider installing a mobile antivirus app from a trusted source.

“Consumers need to be very sceptical of mobile messages that come from unknown sources,” said Tobin. “And it’s important to never click on links in text messages, no matter how realistic they look.

“If you want to contact the purported vendor sending you a link, do so directly through their website and always manually enter the web address/URL. For offer codes, type them directly into the site as well. It’s also vital that you don’t respond to strange texts or texts from unknown sources. Doing so will often confirm you’re a real person to future scammers.”

Featured Resources

The 3D skills report

Add 3D skills to your creative toolkits and play a sizeable role in the digital future

Free Download

The increasing need for environmental intelligence solutions

How sustainability has become a major business priority and is continuing to grow in importance

Free Download

2022 State of the multi-cloud report

What are the biggest multi-cloud motivations for decision-makers, and what are the leading challenges

Free Download

Solve global challenges with machine learning

Tackling our word's hardest problems with ML

Free Download


How to unroot Android
Google Android

How to unroot Android

24 Nov 2022
Best business smartphones 2022: The top handsets from Apple, Samsung, Google and more

Best business smartphones 2022: The top handsets from Apple, Samsung, Google and more

11 Nov 2022
Satellite internet support heading to Android 14
Network & Internet

Satellite internet support heading to Android 14

2 Sep 2022
Microsoft releases 5MB Outlook Lite app for Android
Microsoft Office

Microsoft releases 5MB Outlook Lite app for Android

3 Aug 2022

Most Popular

Yandex data breach reveals source code littered with racist language
data breaches

Yandex data breach reveals source code littered with racist language

30 Jan 2023
European partners expect growth this year, here are three ways they will achieve it

European partners expect growth this year, here are three ways they will achieve it

17 Jan 2023
Dutch hacker steals data from virtually entire population of Austria
data breaches

Dutch hacker steals data from virtually entire population of Austria

26 Jan 2023