Vast Majority of Mobile Malware Infections Comes from Windows PCs
According to a report released last week, 80 percent of all mobile malware originated from Windows PCs.
That may offer little consolation if you're an iPhone or iPad user that has just learned about a malware program called XcodeGhost, a corrupted version of Apple's Xcode language that was embedded in a slew of apps, most notably the popular WeChat, representing the first time an exploit has gotten into the Apple Store.
The rise in spyware and continued attacks on Windows PCs, as well as continued rise in vulnerabilities in Android, are the latest findings from Alcatel-Lucent's Motive Security Labs, the company's malware analysis lab. The Motive Security Labs H1 2015 Malware Report found that after a 0.5 percent decline in infections hitting Android-based devices in the first quarter a surge in attacks led to a 0.75 percent rise in the second quarter, resulting from increased adware infections running on Windows-based PCs connected to mobile networks.
Windows PCs connected on mobile networks, particularly via dongles, mobile Wi-Fi devices or tethered to smartphones, are the most vulnerable. "They are responsible for a large percentage of the malware infections observed," according to the report. "This is because these devices are still the favorite of hardcore professional cybercriminals who have a huge investment in the Windows malware ecosystem. As the mobile network becomes the access network of choice for many Windows/ PCs, the malware moves with them."
Two years ago malware hitting mobile devices was evenly (50-50) split among Windows PCs and Android devices, according to Alcatel-Lucent. The fact that 80 percent now strike Windows machines and only 20 percent on Android devices (the amount on iOS and BlackBerry is negligible) is likely the result of Google's efforts to eliminate malware from Google Play and the company's new Verify Apps feature introduced to Android and available on nearly 80 percent of devices running Android 4.2 (Jelly Bean) or higher. Yet despite accounting for a smaller proportion of devices attacked, the number of Android malware samples doubled in the first half of this year, according to the report.
Despite the release of Verify Apps, most malware distributed to Android devices are delivered as Trojans, by which Android remains the easiest target because it is open, available on third party app stores and Web sites and they're self-signed, meaning it's difficult to trace malware to its developer, the report added. The study also noted that attackers can easily hijack Android apps, inject code and resign them.
As for the proportional shift to Windows, the period covered precedes the release of Windows 10. With this upgrade, Microsoft has made Windows a much more difficult target. These findings could embolden the case for people to upgrade to Windows 10, which adds a number of key new security features including multifactor authentication and biometric identity management.
It'll be interesting to see what the stats look like next year. Who knows where iOS will be in the mix.
About the Author
Jeffrey Schwartz is editor of Redmond magazine and also covers cloud computing for Virtualization Review's Cloud Report. In addition, he writes the Channeling the Cloud column for Redmond Channel Partner. Follow him on Twitter @JeffreySchwartz.