No real surprise that F-Secure’s fourth quarter threat report further accentuated the all-but-definite-reality that there is a direct correlation between a platform’s market share and the volume of threats targeting it.
“As its market share declines,” F-Secure researchers reasoned, “so does malware authors’ interest in the platform as evidenced by the statistics seen in Q4 where only four new families and variants of Symbian malware were recorded.”
So it was good and bad news for the two most commonly targeted platforms. On the good side, Android’s market share climbed to from 49 to 68 percent in 2012 and the percentage of total threats targeting the Symbian platform, at one time higher than 60 percent, dropped from 29 to 19 percent. Of course, the decrease in Symbian’s share of threats was almost certainly precipitated by the platform’s fall from demanding 16 to a meager 3 percent of the market, a likely byproduct of Nokia’s decision to halt development on the platform in February of 2012. For its part, Google is probably more than happy to cash in on the nearly cornered mobile-market, but it does so while simultaneously facing 79 percent of all mobile threats.
Threats engineered to target the other platforms like Apple’s iOS, Windows Mobile, Blackberry and others are something of a novelty to the attackers that generally prefer to target these devices with multi-platform threats like FinSpy. The most illustrative element of F-Secure’s report is that the threat-relevance of Windows Mobile and J2ME, like that of Symbian, are disintegrating in a landscape increasingly dominated by Android.
On the whole, there were 96 new families of mobile malware in a fourth quarter that witnessed the emergence of more than 60,000 threats. Premium-rate SMS scams where the tell-tale, spammy messages are intercepted so that victims have no way of knowing what is going on and banking trojans that use stolen mobile transaction authentication numbers (mTANs) to dupe banks into thinking that fraudulent transactions are legitimate ones were the malwares of choice in Q4.
Trojans remain the most common type of threat, although that appeared to be changing in the fourth quarter when Trojans accounted for just 53 percent of threats, down from 66 percent on the year. Riskware, a term referring to threats, usually apps, that aren’t necessarily malicious by design but act in ways that F-Secure considers malicious, is now the second most common type of threat, accounting for 27 percent of threats in the fourth quarter of a year in which riskware-related threats averaged only an 11 percent share.
Popular strains of malware included the mobile varieties of Zeus (Zitmo), SpyEye (Spitmo), and Carberp (Citmo), all of which relied on mTAN theft, and the infamous Eurograbber, which reportedly heisted $47 million from 30,000 corporate and retail accounts. Eurograbber’s success, F-Secure claims, was largely due to the fact that it infected both the mobile devices and the personal computers of its victims, thus making it exceedingly difficult to spot for the banks and their clients.
In other news, profit motivated threats remain the most prevalent type and not-profit motivated threats are falling further and further behind.