Where Has All The Mobile Malware Gone?

Remember when everyone used to run Windows? Hardly a week went by when a friend or colleague lobotomized their machine with a virus. Some of this may have been a matter of Microsoft's architecture, but much of it came down to Windows being a massive, juicy target. Given how much of our computing has moved to mobile, why aren't we seeing mobile malware overwhelm us?

Source: F-Secure, Threat Report H2 2012 Source: F-Secure, Threat Report H2 2012

Mobile malware is out there, after all. Security software vendor ESET predicts "exponential growth of mobile malware" in 2013, coming on the heels of a 17X boom in mobile malware in 2012. Security company F-Secure finds that 79% of this new malware is focused squarely on the market leader, Android.

So why haven't you been hacked?

After all, Android now commands over 50% of the global smartphone market, and took a whopping 69.7% of the market in Q4 2012, according to Gartner. Apple dominated the smartphone market for years with nary a scent of malware, perhaps due to its end-to-end control of its devices. Android is apparently getting slammed, according to the security firms, but I've yet to meet anyone that has experienced mobile malware, and I bet you haven't, either. Why?

Hacks Vs. Mischief

It's also possible that you have been attacked, but didn't recognize it. According to BlueCoat Systems, "Mobile threats are still largely mischiefware – they have not yet broken the device’s security model but are instead more focused on for-pay texting scams or stealing personal information." This jibes with ESET's finding that of the types of malware being created, the most common today are SMS Trojans (40%), followed by malware apps that the devices they infect into zombies (32%), and malicious apps that pilfer information from one's phone (28%). 

Heavy-duty exploits are still uncommon, but that may change. For desktop exploits, malicious hackers can purchase ready-made exploit kits. These are far less common in the mobile world. Instead hackers increasingly are turning to the web to create device-agnostic attacks, infecting a web server and then directing users via phishing emails to click through to the infected site. When the user visits the site, malware is downloaded to her device. Given that so many companies use third parties to develop and host their mobile applications (e.g., usablenet for some hotel properties), users are not as suspicious as they should be of "mislabeled" sites.

Still, this likely hasn't happened to you. Why?

Location, Location, Location

Geography.  If you're living in North America or Western Europe, you apparently aren't the target. Yet. According to ESET, China, Russia and Iran have the highest incidence of malware by far. Another hot spot, according to Trend Micro, is Asia-Pacific, where it found a 417% increase in mobile malware apps (25,000) between Q1 and Q2 2012.

While mobile security firm BitDefender expects attacks against devices in North America and Europe to increase in 2013, the people infected are largely those visiting the seedier side of the Web, be it porn sites or unofficial app marketplaces. 

Given how pervasive mobile computing has become, it's inevitable that hackers will find more sophisticated ways to break through existing security mechanisms. Android isn't the new Windows. Not yet.

Image courtesy of Shutterstock.