Fortinet announced the findings of its FortiGuard threat landscape research for the period of January 1, 2013 – December 31, 2013. 2013 was a bumper crop for malware targeting mobile devices. Looking back at the entire year FortiGuard Labs observed Android was the dominant platform of choice for malware developers, representing 96.5% of all mobile malware infections detected by FortiGuard Labs. Symbian was a distant second at 3.45% and iOS, BlackBerry, PalmOS and Windows together don’t even warrant 1%.
“The rapid growth of malware targeting Android continues to be of concern to system administrators who have implemented a mobile device strategy on their networks,” said Axelle Apvrille, senior mobile antivirus researcher with Fortinet’s FortiGuard Labs. “FortiGuard Labs detected over 1,800 new distinct families of viruses in the past year, and the majority of those are targeting Google’s Android platform. Looking at the growth of Android malware, we can see that there is much to be concerned about in 2014. The growth shows no signs of slowing; in fact, the growth seems to be accelerating. As more Android-based devices are purchased and taken online, the opportunities for attackers to infect increases as well.”
While attacks on platforms such as Symbian wane, attackers have made Android the number one mobile target. The NewyearL.B Android malware, which was bundled inside seemingly harmless downloads like a flashlight application, continued to target millions of devices and was the number one mobile malware family seen all year. Unwitting or unaware users looking to try out the latest games or apps find themselves unknowingly sharing a wealth of personal information with an attacker, leading to obtrusive advertisements and other negative effects, such as allowing NewyearL.B permission to add and remove system icons and modify and delete the contents of any external storage. And the distribution of Android malware continues to accelerate.
“Clearly cybercriminals are putting a substantial amount of effort into churning out hundreds of thousands of new variants daily in the hopes that some of them will be successfully implanted on a target device,” Apvrille concluded.
Earlier in 2013, FortiGuard Labs reported on the ZeroAccess botnet and how its controllers were systematically adding about 100,000 new infections weekly, leading researchers to believe that the person or persons behind it were not only paying a substantial amount of money weekly to generate new affiliate infections, but that they were able to make a significant amount of money doing so.
“Like other cybercriminals, ZeroAccess’s owners have taken pages from the playbooks of legitimate businesses and made successful attempts to diversify their income generation,” said Richard Henderson, security strategist with Fortinet’s FortiGuard Labs. “We saw 32- and 64-bit versions of ZeroAccess being used to commit click fraud, search engine poisoning and to mine Bitcoin. With the dramatic rise in Bitcoin value over 2013, it’s likely that the owners of ZeroAccess have profited substantially on the backs of their victims.”
