Mobile threats – myth or reality?

As regular readers of viruslist will have noticed, we’ve been tracking the evolution of mobile malware with interest. This, naturally, includes collecting statistical data on the prevalence of individual threats. Of course, malicious code for mobile devices is relatively new, and there’s been a lot of discussion about whether or not it poses a real threat.

Data we’ve collected shows some interesting trends. For instance, the number of infected MMS messages is already close to the amount of malicious code found in mail traffic: 0.5% – 1.5% of MMS traffic is made up of infected messages.

Of course, it’s difficult to monitor mail traffic for malicious code across the whole web. In contrast, scanning mobile traffic for malicious content can make a real difference.

Six months ago, BeeLine, the biggest Russian mobile network operator, implemented protection for MMS messages. Since then, the number of infected messages has fallen from 1.46% of MMS traffic to a record low of 0.46% at the end of October.

It’s also been interesting to track the ups and downs in the number of infected MMSs – for instance, at the end of the summer holidays, there was a sharp, though shortlived, rise in the number of infected messages to 1.72%, following by an equally sharp drop.

The vast majority of infected messages are due to Worm.SymbOS.Comwar.a and Worm.SymbOS.Comwar.c, although of course there are quite a lot of other programs circulating as well.

It’s clear from these statistics that mobile malware is a real threat. It’s equally clear that it’s a threat that can be tackled successfully.

Mobile threats – myth or reality?

Your email address will not be published. Required fields are marked *



MoonBounce: the dark side of UEFI firmware

At the end of 2021, we inspected UEFI firmware that was tampered with to embed a malicious code we dub MoonBounce. In this report we describe how the MoonBounce implant works and how it is connected to APT41.

Subscribe to our weekly e-mails

The hottest research right in your inbox