By Berk Veral, Senior Product Marketing Manager, RSA FraudAction and CyberCrime Intelligence
I have written about the mobile based threats, specifically mobile app-based threats before and I am writing again, because I want to highlight a couple of proof points that we have seen in the last couple of months.
In December 2012, SC Magazine published an article titled Android botnet detected on all major mobile networks . This article confirmed the previously suspected existence of mobile botnets; the first-known Android botnet, which infected mobile devices believed to be around 1,000. Note that these devices were running on all major U.S. mobile networks, so whichever network you are on did not really matter. According to the article, the botnet was primitive compared to PC-based botnets, but remember, this is the first-known Android botnet; emphasis on the first. Well, how did these mobile devices get infected? The devices were infected when the end users unwittingly installed a malicious game app that contained the SpamSoldier Trojan. This malware variant was sending SMS messages to more than 100 phone numbers.
Now, you may think that this was expected; we know that everything and everyone is moving to mobile and the botnet is very primitive; only 1,000 devices were infected, and I would agree with you, but let’s try to see the big picture here:
A recent report issued by TrendMicro (TrendLabs 2012 Mobile Threat and Security Report) stated that in 2012, the number of malicious and high-risk Android app samples detected were 350,000, showing a significant increase from the 1,000 samples seen in 2011. It took less than three years for malicious and high-risk Android apps to reach this number. Now, here is the punch line: It took Windows-based malware 14 years to reach that level. Wait! There is more; TrendMicro is predicting 1 million malicious and high-risk app samples in 2013.
Mobile is the new PC, on steroids… and this is just the beginning!
Berk is Senior Product Marketing Manager at RSA responsible for RSA FraudAction Anti-Phishing, Anti-Pharming, Anti-Trojan, and Anti Rogue App services as well as RSA FraudAction Intelligence and Cyber Crime Intelligence. Prior to joining RSA, Berk served as a senior member of product marketing teams at global technology companies where he worked closely with global financial institutions on technology solutions.