SlideShare ist ein Scribd-Unternehmen logo
1 von 27
Downloaden Sie, um offline zu lesen
MOBILE THREATS, MADE TO MEASURE
THE SPECIALIZATION OF MOBILE THREATS

AROUND THE WORLD
What global trends and patterns defined mobile security threats in 2013? To answer this
question, Lookout analyzed the threats encountered by more than 50 million Lookout users
around the world. We categorized mobile threats into three distinct app-based threat categories:
adware, chargeware, and malware.
2013 stood out as the year when mobile threat campaigns became increasingly targeted by
region as the criminals adapted their practices to maximize profit and minimize detectability. In
regions where regulation is stringent, attackers favored alternate ways to operate, often dropping
traditional monetization strategies like premium rate SMS fraud in favor of “grey area” tactics like
deceptive, if legal, in-app billing practices.
We also examined how user behavior impacts their exposure to mobile threats. If a mobile user
has rooted their phone, for example, how might that affect their chance of encountering a trojan
in the future? In short, this report contains a comprehensive overview of the current, global state
of app-based threats. We hope the security insights presented in this report may serve to help
educate individuals and businesses on how to better protect their mobile devices from threats in
a highly networked, globalized age.

1
To prepare this report Lookout analyzed security detections from its dataset of more than 50
million users around the world who were active from January 1, 2013 - December 31, 2013. The
encounter rate calculation referenced in this report measures how many devices encounter a
given threat, and it is a weighted calculation that normalizes the differences between the life
cycles of users.

It should be noted that encounter rates are not additive since devices may be counted multiple
times. Lookout excluded countries from this report where representative sample sets of users
could not be achieved. Lastly, app-based threats in this analysis were separated into three
categories: (a) Adware (b) Malware (c) Chargeware. These app-based threat categories are
defined in the glossary at the end of the report.

2

© 2014 Lookout
●

●

●

●
●

3

The diversification of app-based threats by region is readily apparent. 2013 stood out as
the year when mobile threat campaigns became increasingly targeted by geographic
region as the criminals adapted their practices to maximize profit and minimize
detectability.
Financial gain continues to dominate the mobile threat landscape, with premium rate SMS
fraud being the primary type of malware affecting people across the globe.
○ In 2013, hundreds of thousands of Lookout users encountered chargeware - apps
with hard-to-read EULAs that deceptively bill victims, often after luring them in with
racy photos (porn). The encounter rate of chargeware is 13% in France, 20% in the
UK and 5% in the U.S.
○ In Russia and China, premium rate SMS fraud continues to be a massive problem
where regulation isn’t as stringent.
Adware is the most prevalent threat facing consumers. People are five times more likely to
encounter adware than malware. Allowed to spread largely unchecked, adware reached a
pinnacle in 2013, and reached every corner of the globe. (The average encounter rate
ranges from 20-30% depending on the country: U.S. 25%, UK 23%, Germany 27%,
France 31%, Spain 30%).
The encounter rate of malware drastically changes depending on the region. Specifically,
in the U.S. it is only 4%, while in Russia and China it is 63% and 28% respectively.
Risky behavior begets other risky behavior. Having a trojan on your phone means you’re
seven times more likely to download another app with a trojan.

© 2014 Lookout
GLOBAL THREATS
In 2013 mobile threats were clearly a global problem, but Asia, Russia and parts of Eastern
Europe and Africa continue to stand out with higher levels of risk.
5

© 2014 Lookout
In 2013 encounter rates remained low in the US and Western Europe, while regions such as Asia
and Eastern Europe continued to be “hot zones” for mobile malware, largely due to the popularity
of unregulated 3rd party app stores and low risk monetization paths like premium rate SMS fraud
(a prime example being ActSpat, a premium SMS trojan). Also, Lookout’s 2013 ‘Dragon Lady’
investigation uncovered an entire mobile malware industry in Russia.
6

© 2014 Lookout
In the first half of 2013 very little curbed the spread of adware and so it was evenly distributed,
with fairly similar encounter rates in almost every country. Lookout called out adware in June
2013 and Google started taking steps that September to remove adware that violated its policies.
One of the primary adware SDKs was operated by a company called Leadbolt, which has since
changed their ad SDK to comply with Google policies.
7

© 2014 Lookout
In 2013, chargeware (apps that charge users without clear notification) was especially prevalent
in Western & Eastern Europe and South East Asia. Pornograhic apps with deceptive charging
practices made up the most prevalent forms of chargeware in 2013, with one campaign “SMS
Capers” representing more than 50% of the risk in the UK.
8

© 2014 Lookout
NORTH AMERICA
The United States and Canada have comparable threat encounter rates while mobile users
in Mexico have an elevated risk of encountering adware.

10

© 2014 Lookout
The mobile malware encounter rate is low and consistent across North American countries:
mobile users in these countries tend to download apps from trusted app stores where the
likelihood of encountering malware is much lower. Encounters occur nonetheless and the
threats are real: NotCompatible, a trojan that turns devices into proxies for 3rd party traffic,
was the most prevalent threat in the U.S.
11

© 2014 Lookout
EUROPE
The total encounter rate is relatively even across Europe and comparable to the US.
Germany has lower levels of risk in all categories, but especially chargeware and adware,
while Spain has an elevated risk of chargeware and malware.
13

© 2014 Lookout
The encounter rates of UK and France are elevated due to the large volume of chargeware
in both regions. The UK is especially high to due to the emergence of one chargeware
campaign - SMScapers, a pornographic app which makes up more than 50% of the total
encounter risk in the UK.
14

© 2014 Lookout
ASIA
Japan has the lowest encounter rates in all categories, while China and Russia have the
highest malware encounter rates out of any country in the world. The bulk of the threats in
this part of the world are made up from malware rather than adware (like in the US and
Western Europe).
16

© 2014 Lookout
17

Japan has the lowest malware encounter rate due to its strict regulatory environment, while
China and Russia have the highest malware encounter rates in the world. Russia is
particularly high as the ease with which malware authors are able to monetize drives the
creation of new families. RuPaidMarket, a premium SMS fraud trojan, was the most
prevalent family in Russia in 2013.

© 2014 Lookout
MOBILE THREAT

CORRELATIONS
19

© 2014 Lookout
QUARTERLY
MOBILE THREAT ANALYSIS
Apart from a slight dip in Q2, malware maintained a constant presence in China but overall
was dwarfed by the volume of malware in Russia. The apparent drop in malware in Russia
actually represents the tail-end of a couple of incredibly prolific malware campaigns in the
RuPaidMarket family (a family of trojans that commit premium SMS fraud).
21

© 2014 Lookout
22

Prior to June 2013 no industry guidelines defined adware. In June 2013 Lookout published
its own guidelines and in September 2013 Google updated its policies and removed as
many as 36,000 infringing apps from the Play Store. The increase from Q2 to Q3 reflects
Lookout’s implementation of more comprehensive adware detection policies. The drop
from Q3 to Q4 reflects apps removing offending ad networks or getting removed
themselves.

© 2014 Lookout
Chargeware is highly geographic and campaign-based and this slide shows this clearly.
What we see here is the rise and fall of the pornographic chargeware campaigns “SMS
Capers” and “Plus TV” which primarily hit the UK and France.

23

© 2014 Lookout
The diversification of app-based threats by region is readily apparent. Regulation varies by country
and a criminal enterprise that might be highly profitable and difficult to prosecute in one part of the
world is often explicitly forbidden and easy to prosecute in another. This regulatory variation
produces a state of natural selection in which criminals evolve to exhibit attack strategies that are
best suited for their environment.
When it comes to malware, people who use trusted, mainstream app stores (as the bulk of users in
the US and Western Europe do) are less likely to encounter malware. By contrast, users in Eastern
Europe, Russia and Asia face a risk of encountering malware that is as much as 20 times higher due
to the widespread use of high-risk third-party stores. This increased risk is also driven in part by more
robust malware development activities in these regions as evidenced by Lookout’s 2013 Dragon
Lady investigation, which uncovered organized groups of Android malware developers in Russia who
operated like startups, with real organizational structures and affiliate programs.

Chargeware too is a highly country specific threat because it relies on mobile charging practices,
which can vary on a per country (or even per carrier) basis. In 2013 chargeware emerged as the
most lucrative method of monetizing in Western Europe for this reason, where country encounter
rates (13% - France, 20% - UK, 23% - Spain) are two to four times higher than those seen in North
America and up to twenty times higher than those seen in Asia. Most of these chargeware threats
are pornographic in nature, as was the case with SMSCapers in the UK and PlusTV in France (the
two most prolific instances of chargeware in each country).

24
Adware went largely unchecked for the first half of 2013 and encounter rates were high, ranging from
20-30% globally. In Q3 2013 companies such as Lookout and Google implemented detection policies
that flagged the presence of adware to developers and adware encounter rates began to fall. These
policy changes forced apps to remove adware and forced adware developers to modify their
advertising SDKs to bring their practices in line.
Risky mobile behavior begets risky behavior - a rather self-evident, but nonetheless sobering
observation when you consider that risky activities like downloading malware once increases your
likelihood of encountering another piece of malware by seven times.
Moving into 2014 we expect criminals and shady actors to continue to take advantage of the “Grey
area” and use people (and their devices) as a means to an end to pull off their schemes. New
monetization methods may appear, but as long as premium rate SMS fraud continues to be a
successful business model in certain regions around the world, we don’t expect it to go away.
As BYOD becomes more common in the workplace, rather than attacking traditional, heavily
monitored network services, we expect criminals to evolve once again and turn to mobile devices as
an easier way to get into the enterprise and access valuable data. With the recent news of both ad
SDKs and mobile apps leaking device data, businesses are more aware than ever of the need to
implement solutions that minimize mobile data leakage and loss.
The strongest defence against app-based threats comes from a three part strategy of (1) only
downloading apps from trusted marketplaces, (2) exercising common sense and avoiding risky
behavior (like rooting a mobile device), and (3) downloading a mobile security application like
Lookout that can flag and protect against these threats in real time.
25
ADWARE
Adware is an SDK whose primary purpose is to serve obtrusive or unexpected ads on compromised
devices.
CHARGEWARE
Chargeware is an app where the user is charged for a service without clear notification and the
opportunity to provide informed consent.
ENCOUNTER RATE
Encounter rates in this report measure how many devices encounter a given mobile threat during a
specific time period, as a percentage of all devices that have connected to Lookout during that
period.
With this calculation we are measuring how many devices encounter a threat and it should be noted
that encounter rates are not additive since devices may be counted multiple times. Additionally,
encounter rates do not necessarily mean that that percentage of users were actually infected or
would be infected without Lookout.
MALWARE
For the purposes of this report malware includes viruses, trojans, worms, and spyware and excludes
chargeware.
MOBILE THREATS
Mobile threats in this report describe the composite threat of malware, chargeware, and adware.

26

Weitere ähnliche Inhalte

Was ist angesagt?

Intelligence report-06-2015.en-us[1]
Intelligence report-06-2015.en-us[1]Intelligence report-06-2015.en-us[1]
Intelligence report-06-2015.en-us[1]Sergey Ulankin
 
ISTR Volume 18
ISTR Volume 18ISTR Volume 18
ISTR Volume 18Symantec
 
RSA - Behind the scenes of a fake token mobile app operation
RSA - Behind the scenes of a fake token mobile app operationRSA - Behind the scenes of a fake token mobile app operation
RSA - Behind the scenes of a fake token mobile app operationjuan_h
 
Symantec Internet Security Threat Report 2011 Trends Volume 17 April 2012
Symantec Internet Security Threat Report 2011 Trends Volume 17 April 2012Symantec Internet Security Threat Report 2011 Trends Volume 17 April 2012
Symantec Internet Security Threat Report 2011 Trends Volume 17 April 2012Symantec
 
Security Trends to Watch in 2010 - A Mid-Year Status Check
Security Trends to Watch in 2010 - A Mid-Year Status Check Security Trends to Watch in 2010 - A Mid-Year Status Check
Security Trends to Watch in 2010 - A Mid-Year Status Check Symantec
 
MALWARE DETECTION TECHNIQUES FOR MOBILE DEVICES
MALWARE DETECTION TECHNIQUES FOR MOBILE DEVICESMALWARE DETECTION TECHNIQUES FOR MOBILE DEVICES
MALWARE DETECTION TECHNIQUES FOR MOBILE DEVICESijmnct
 
Malware detection techniques for mobile devices
Malware detection techniques for mobile devicesMalware detection techniques for mobile devices
Malware detection techniques for mobile devicesijmnct
 
Symantec Cyber Security Intelligence Report
Symantec Cyber Security Intelligence ReportSymantec Cyber Security Intelligence Report
Symantec Cyber Security Intelligence ReportSymantec
 
14 cyber threats
14 cyber threats14 cyber threats
14 cyber threatsmahesh43211
 
H1 2011 E-Threat Landscape Report
H1 2011 E-Threat Landscape ReportH1 2011 E-Threat Landscape Report
H1 2011 E-Threat Landscape ReportBitdefender
 
E-threat landscape report H1 2012
E-threat landscape report H1 2012E-threat landscape report H1 2012
E-threat landscape report H1 2012BitDefenderRo
 
Internet Security Threat Report 2014 :: Volume 19 Appendices - The hardcore n...
Internet Security Threat Report 2014 :: Volume 19 Appendices - The hardcore n...Internet Security Threat Report 2014 :: Volume 19 Appendices - The hardcore n...
Internet Security Threat Report 2014 :: Volume 19 Appendices - The hardcore n...Symantec
 
Android mobile platform security and malware
Android mobile platform security and malwareAndroid mobile platform security and malware
Android mobile platform security and malwareeSAT Publishing House
 
Palo Alto Networks Application Usage and Risk Report - Key Findings for UK
Palo Alto Networks Application Usage and Risk Report - Key Findings for UKPalo Alto Networks Application Usage and Risk Report - Key Findings for UK
Palo Alto Networks Application Usage and Risk Report - Key Findings for UKPalo Alto Networks
 
China's Cyber Threat Landscape from the Perspective of CNCERT/CC by Zhu Yunqi...
China's Cyber Threat Landscape from the Perspective of CNCERT/CC by Zhu Yunqi...China's Cyber Threat Landscape from the Perspective of CNCERT/CC by Zhu Yunqi...
China's Cyber Threat Landscape from the Perspective of CNCERT/CC by Zhu Yunqi...APNIC
 
Symantec Intelligence Report - July 2014
Symantec Intelligence Report - July 2014Symantec Intelligence Report - July 2014
Symantec Intelligence Report - July 2014Symantec
 
Adaptive Mobile Malware Detection Model Based on CBR
Adaptive Mobile Malware Detection Model Based on CBRAdaptive Mobile Malware Detection Model Based on CBR
Adaptive Mobile Malware Detection Model Based on CBRijtsrd
 
Websense 2013 Threat Report
Websense 2013 Threat ReportWebsense 2013 Threat Report
Websense 2013 Threat ReportKim Jensen
 

Was ist angesagt? (20)

Intelligence report-06-2015.en-us[1]
Intelligence report-06-2015.en-us[1]Intelligence report-06-2015.en-us[1]
Intelligence report-06-2015.en-us[1]
 
ISTR Volume 18
ISTR Volume 18ISTR Volume 18
ISTR Volume 18
 
RSA - Behind the scenes of a fake token mobile app operation
RSA - Behind the scenes of a fake token mobile app operationRSA - Behind the scenes of a fake token mobile app operation
RSA - Behind the scenes of a fake token mobile app operation
 
Symantec Internet Security Threat Report 2011 Trends Volume 17 April 2012
Symantec Internet Security Threat Report 2011 Trends Volume 17 April 2012Symantec Internet Security Threat Report 2011 Trends Volume 17 April 2012
Symantec Internet Security Threat Report 2011 Trends Volume 17 April 2012
 
Security Trends to Watch in 2010 - A Mid-Year Status Check
Security Trends to Watch in 2010 - A Mid-Year Status Check Security Trends to Watch in 2010 - A Mid-Year Status Check
Security Trends to Watch in 2010 - A Mid-Year Status Check
 
MALWARE DETECTION TECHNIQUES FOR MOBILE DEVICES
MALWARE DETECTION TECHNIQUES FOR MOBILE DEVICESMALWARE DETECTION TECHNIQUES FOR MOBILE DEVICES
MALWARE DETECTION TECHNIQUES FOR MOBILE DEVICES
 
Malware detection techniques for mobile devices
Malware detection techniques for mobile devicesMalware detection techniques for mobile devices
Malware detection techniques for mobile devices
 
Symantec Cyber Security Intelligence Report
Symantec Cyber Security Intelligence ReportSymantec Cyber Security Intelligence Report
Symantec Cyber Security Intelligence Report
 
Rp quarterly-threat-q1-2012
Rp quarterly-threat-q1-2012Rp quarterly-threat-q1-2012
Rp quarterly-threat-q1-2012
 
14 cyber threats
14 cyber threats14 cyber threats
14 cyber threats
 
H1 2011 E-Threat Landscape Report
H1 2011 E-Threat Landscape ReportH1 2011 E-Threat Landscape Report
H1 2011 E-Threat Landscape Report
 
The Dangers of Lapto
The Dangers of LaptoThe Dangers of Lapto
The Dangers of Lapto
 
E-threat landscape report H1 2012
E-threat landscape report H1 2012E-threat landscape report H1 2012
E-threat landscape report H1 2012
 
Internet Security Threat Report 2014 :: Volume 19 Appendices - The hardcore n...
Internet Security Threat Report 2014 :: Volume 19 Appendices - The hardcore n...Internet Security Threat Report 2014 :: Volume 19 Appendices - The hardcore n...
Internet Security Threat Report 2014 :: Volume 19 Appendices - The hardcore n...
 
Android mobile platform security and malware
Android mobile platform security and malwareAndroid mobile platform security and malware
Android mobile platform security and malware
 
Palo Alto Networks Application Usage and Risk Report - Key Findings for UK
Palo Alto Networks Application Usage and Risk Report - Key Findings for UKPalo Alto Networks Application Usage and Risk Report - Key Findings for UK
Palo Alto Networks Application Usage and Risk Report - Key Findings for UK
 
China's Cyber Threat Landscape from the Perspective of CNCERT/CC by Zhu Yunqi...
China's Cyber Threat Landscape from the Perspective of CNCERT/CC by Zhu Yunqi...China's Cyber Threat Landscape from the Perspective of CNCERT/CC by Zhu Yunqi...
China's Cyber Threat Landscape from the Perspective of CNCERT/CC by Zhu Yunqi...
 
Symantec Intelligence Report - July 2014
Symantec Intelligence Report - July 2014Symantec Intelligence Report - July 2014
Symantec Intelligence Report - July 2014
 
Adaptive Mobile Malware Detection Model Based on CBR
Adaptive Mobile Malware Detection Model Based on CBRAdaptive Mobile Malware Detection Model Based on CBR
Adaptive Mobile Malware Detection Model Based on CBR
 
Websense 2013 Threat Report
Websense 2013 Threat ReportWebsense 2013 Threat Report
Websense 2013 Threat Report
 

Andere mochten auch

Hiring Hackers
Hiring HackersHiring Hackers
Hiring HackersLookout
 
5 Types of Shady Apps
5 Types of Shady Apps5 Types of Shady Apps
5 Types of Shady AppsLookout
 
Рositive Hack Days V. Противодействие платёжному фроду на сети оператора связи
Рositive Hack Days V. Противодействие платёжному фроду на сети оператора связиРositive Hack Days V. Противодействие платёжному фроду на сети оператора связи
Рositive Hack Days V. Противодействие платёжному фроду на сети оператора связиDenis Gorchakov
 
Current Threat Landscape, Global Trends and Best Practices within Financial F...
Current Threat Landscape, Global Trends and Best Practices within Financial F...Current Threat Landscape, Global Trends and Best Practices within Financial F...
Current Threat Landscape, Global Trends and Best Practices within Financial F...IBM Sverige
 
Using Hadoop to Drive Down Fraud for Telcos
Using Hadoop to Drive Down Fraud for TelcosUsing Hadoop to Drive Down Fraud for Telcos
Using Hadoop to Drive Down Fraud for TelcosCloudera, Inc.
 
Feds: You have a BYOD program whether you like it or not
Feds: You have a BYOD program whether you like it or notFeds: You have a BYOD program whether you like it or not
Feds: You have a BYOD program whether you like it or notLookout
 
Cybercrime Threat Landscape: Cyber Criminals Never Sleep
Cybercrime Threat Landscape: Cyber Criminals Never SleepCybercrime Threat Landscape: Cyber Criminals Never Sleep
Cybercrime Threat Landscape: Cyber Criminals Never SleepIBM Security
 

Andere mochten auch (8)

Hiring Hackers
Hiring HackersHiring Hackers
Hiring Hackers
 
Smart Mobile Apps
Smart Mobile AppsSmart Mobile Apps
Smart Mobile Apps
 
5 Types of Shady Apps
5 Types of Shady Apps5 Types of Shady Apps
5 Types of Shady Apps
 
Рositive Hack Days V. Противодействие платёжному фроду на сети оператора связи
Рositive Hack Days V. Противодействие платёжному фроду на сети оператора связиРositive Hack Days V. Противодействие платёжному фроду на сети оператора связи
Рositive Hack Days V. Противодействие платёжному фроду на сети оператора связи
 
Current Threat Landscape, Global Trends and Best Practices within Financial F...
Current Threat Landscape, Global Trends and Best Practices within Financial F...Current Threat Landscape, Global Trends and Best Practices within Financial F...
Current Threat Landscape, Global Trends and Best Practices within Financial F...
 
Using Hadoop to Drive Down Fraud for Telcos
Using Hadoop to Drive Down Fraud for TelcosUsing Hadoop to Drive Down Fraud for Telcos
Using Hadoop to Drive Down Fraud for Telcos
 
Feds: You have a BYOD program whether you like it or not
Feds: You have a BYOD program whether you like it or notFeds: You have a BYOD program whether you like it or not
Feds: You have a BYOD program whether you like it or not
 
Cybercrime Threat Landscape: Cyber Criminals Never Sleep
Cybercrime Threat Landscape: Cyber Criminals Never SleepCybercrime Threat Landscape: Cyber Criminals Never Sleep
Cybercrime Threat Landscape: Cyber Criminals Never Sleep
 

Ähnlich wie Mobile Threats, Made to Measure

2012 nq mobile_security_report
2012 nq mobile_security_report2012 nq mobile_security_report
2012 nq mobile_security_reportIsnur Rochmad
 
Third Annual Mobile Threats Report
Third Annual Mobile Threats ReportThird Annual Mobile Threats Report
Third Annual Mobile Threats ReportJuniper Networks
 
Mobile threatreport q1_2012
Mobile threatreport q1_2012Mobile threatreport q1_2012
Mobile threatreport q1_2012Shivmohan Yadav
 
Malwarebytes labs 2019 - state of malware report 2
Malwarebytes labs 2019 - state of malware report 2Malwarebytes labs 2019 - state of malware report 2
Malwarebytes labs 2019 - state of malware report 2Felipe Prado
 
G data mobile_mwr_q2_2015_us
G data mobile_mwr_q2_2015_usG data mobile_mwr_q2_2015_us
G data mobile_mwr_q2_2015_uslinkedinbeam
 
Blue Coat 2013 Systems Mobile Malware Report
Blue Coat 2013 Systems Mobile Malware ReportBlue Coat 2013 Systems Mobile Malware Report
Blue Coat 2013 Systems Mobile Malware ReportContent Rules, Inc.
 
F-Secure Mobile Threat Report Quarter 1 2012
F-Secure Mobile Threat Report Quarter 1 2012F-Secure Mobile Threat Report Quarter 1 2012
F-Secure Mobile Threat Report Quarter 1 2012F-Secure Corporation
 
CYREN 2013년 인터넷 위협 보고서_영문
CYREN 2013년 인터넷 위협 보고서_영문CYREN 2013년 인터넷 위협 보고서_영문
CYREN 2013년 인터넷 위협 보고서_영문Jiransoft Korea
 
The Current State of Cybercrime 2013
The Current State of Cybercrime 2013The Current State of Cybercrime 2013
The Current State of Cybercrime 2013EMC
 
Gemalto Building Trust in Mobile Apps The Consumer Perspecti.docx
Gemalto Building Trust in  Mobile Apps The Consumer Perspecti.docxGemalto Building Trust in  Mobile Apps The Consumer Perspecti.docx
Gemalto Building Trust in Mobile Apps The Consumer Perspecti.docxhanneloremccaffery
 
proofpoint-blindspots-visibility-white-paper
proofpoint-blindspots-visibility-white-paperproofpoint-blindspots-visibility-white-paper
proofpoint-blindspots-visibility-white-paperKen Spencer Brown
 
Detecting Malicious Facebook Applications
Detecting Malicious Facebook ApplicationsDetecting Malicious Facebook Applications
Detecting Malicious Facebook Applications1crore projects
 
AndRadar: Fast Discovery of Android Applications in Alternative Markets
AndRadar: Fast Discovery of Android Applications in Alternative MarketsAndRadar: Fast Discovery of Android Applications in Alternative Markets
AndRadar: Fast Discovery of Android Applications in Alternative MarketsFACE
 
The Current State of Cybercrime 2014
The Current State of Cybercrime 2014The Current State of Cybercrime 2014
The Current State of Cybercrime 2014EMC
 
Symantec's Internet Security Threat Report for the Government Sector
Symantec's Internet Security Threat Report for the Government SectorSymantec's Internet Security Threat Report for the Government Sector
Symantec's Internet Security Threat Report for the Government SectorSymantec
 
Avast Q1 Security Report 2015
Avast Q1 Security Report 2015Avast Q1 Security Report 2015
Avast Q1 Security Report 2015Avast
 
Cscu module 13 securing mobile devices
Cscu module 13 securing mobile devicesCscu module 13 securing mobile devices
Cscu module 13 securing mobile devicesSejahtera Affif
 

Ähnlich wie Mobile Threats, Made to Measure (20)

Mobile Security
Mobile SecurityMobile Security
Mobile Security
 
2012 nq mobile_security_report
2012 nq mobile_security_report2012 nq mobile_security_report
2012 nq mobile_security_report
 
Third Annual Mobile Threats Report
Third Annual Mobile Threats ReportThird Annual Mobile Threats Report
Third Annual Mobile Threats Report
 
Mobile threatreport q1_2012
Mobile threatreport q1_2012Mobile threatreport q1_2012
Mobile threatreport q1_2012
 
Mobile threat report_q3_2013
Mobile threat report_q3_2013Mobile threat report_q3_2013
Mobile threat report_q3_2013
 
Malwarebytes labs 2019 - state of malware report 2
Malwarebytes labs 2019 - state of malware report 2Malwarebytes labs 2019 - state of malware report 2
Malwarebytes labs 2019 - state of malware report 2
 
G data mobile_mwr_q2_2015_us
G data mobile_mwr_q2_2015_usG data mobile_mwr_q2_2015_us
G data mobile_mwr_q2_2015_us
 
Blue Coat 2013 Systems Mobile Malware Report
Blue Coat 2013 Systems Mobile Malware ReportBlue Coat 2013 Systems Mobile Malware Report
Blue Coat 2013 Systems Mobile Malware Report
 
F-Secure Mobile Threat Report Quarter 1 2012
F-Secure Mobile Threat Report Quarter 1 2012F-Secure Mobile Threat Report Quarter 1 2012
F-Secure Mobile Threat Report Quarter 1 2012
 
CYREN 2013년 인터넷 위협 보고서_영문
CYREN 2013년 인터넷 위협 보고서_영문CYREN 2013년 인터넷 위협 보고서_영문
CYREN 2013년 인터넷 위협 보고서_영문
 
The Current State of Cybercrime 2013
The Current State of Cybercrime 2013The Current State of Cybercrime 2013
The Current State of Cybercrime 2013
 
Gemalto Building Trust in Mobile Apps The Consumer Perspecti.docx
Gemalto Building Trust in  Mobile Apps The Consumer Perspecti.docxGemalto Building Trust in  Mobile Apps The Consumer Perspecti.docx
Gemalto Building Trust in Mobile Apps The Consumer Perspecti.docx
 
proofpoint-blindspots-visibility-white-paper
proofpoint-blindspots-visibility-white-paperproofpoint-blindspots-visibility-white-paper
proofpoint-blindspots-visibility-white-paper
 
Detecting Malicious Facebook Applications
Detecting Malicious Facebook ApplicationsDetecting Malicious Facebook Applications
Detecting Malicious Facebook Applications
 
AndRadar: Fast Discovery of Android Applications in Alternative Markets
AndRadar: Fast Discovery of Android Applications in Alternative MarketsAndRadar: Fast Discovery of Android Applications in Alternative Markets
AndRadar: Fast Discovery of Android Applications in Alternative Markets
 
The Current State of Cybercrime 2014
The Current State of Cybercrime 2014The Current State of Cybercrime 2014
The Current State of Cybercrime 2014
 
Symantec's Internet Security Threat Report for the Government Sector
Symantec's Internet Security Threat Report for the Government SectorSymantec's Internet Security Threat Report for the Government Sector
Symantec's Internet Security Threat Report for the Government Sector
 
Avast Q1 Security Report 2015
Avast Q1 Security Report 2015Avast Q1 Security Report 2015
Avast Q1 Security Report 2015
 
AVG Threat Report Q4 2012
AVG Threat Report Q4 2012AVG Threat Report Q4 2012
AVG Threat Report Q4 2012
 
Cscu module 13 securing mobile devices
Cscu module 13 securing mobile devicesCscu module 13 securing mobile devices
Cscu module 13 securing mobile devices
 

Mehr von Lookout

The New Assembly Line: 3 Best Practices for Building (Secure) Connected Cars
The New Assembly Line: 3 Best Practices for Building (Secure) Connected CarsThe New Assembly Line: 3 Best Practices for Building (Secure) Connected Cars
The New Assembly Line: 3 Best Practices for Building (Secure) Connected CarsLookout
 
Looking Forward and Looking Back: Lookout's Cybersecurity Predictions
Looking Forward and Looking Back: Lookout's Cybersecurity PredictionsLooking Forward and Looking Back: Lookout's Cybersecurity Predictions
Looking Forward and Looking Back: Lookout's Cybersecurity PredictionsLookout
 
5 Ways to Protect your Mobile Security
5 Ways to Protect your Mobile Security5 Ways to Protect your Mobile Security
5 Ways to Protect your Mobile SecurityLookout
 
What Is Spyware?
What Is Spyware?What Is Spyware?
What Is Spyware?Lookout
 
Mobile Security: The 5 Questions Modern Organizations Are Asking
Mobile Security: The 5 Questions Modern Organizations Are AskingMobile Security: The 5 Questions Modern Organizations Are Asking
Mobile Security: The 5 Questions Modern Organizations Are AskingLookout
 
2015 Cybersecurity Predictions
2015 Cybersecurity Predictions2015 Cybersecurity Predictions
2015 Cybersecurity PredictionsLookout
 
The New NotCompatible
The New NotCompatibleThe New NotCompatible
The New NotCompatibleLookout
 
Relentless Mobile Threats to Avoid
Relentless Mobile Threats to AvoidRelentless Mobile Threats to Avoid
Relentless Mobile Threats to AvoidLookout
 
When Android Apps Go Evil
When Android Apps Go EvilWhen Android Apps Go Evil
When Android Apps Go EvilLookout
 
Scaling Mobile Development
Scaling Mobile DevelopmentScaling Mobile Development
Scaling Mobile DevelopmentLookout
 
Visualizing Privacy
Visualizing PrivacyVisualizing Privacy
Visualizing PrivacyLookout
 
How to (Safely) Cut the Cord With Your Old iPhone
How to (Safely) Cut the Cord With Your Old iPhoneHow to (Safely) Cut the Cord With Your Old iPhone
How to (Safely) Cut the Cord With Your Old iPhoneLookout
 
3 Ways to Protect the Data in Your Google Account
3 Ways to Protect the Data in Your Google Account3 Ways to Protect the Data in Your Google Account
3 Ways to Protect the Data in Your Google AccountLookout
 
3 Ways to Protect the Data in Your Apple Account
3 Ways to Protect the Data in Your Apple Account3 Ways to Protect the Data in Your Apple Account
3 Ways to Protect the Data in Your Apple AccountLookout
 
The Back to School Smartphone Guide
The Back to School Smartphone GuideThe Back to School Smartphone Guide
The Back to School Smartphone GuideLookout
 
Mobile Security at the World Cup
Mobile Security at the World CupMobile Security at the World Cup
Mobile Security at the World CupLookout
 
Spring Cleaning for Your Smartphone
Spring Cleaning for Your SmartphoneSpring Cleaning for Your Smartphone
Spring Cleaning for Your SmartphoneLookout
 
Security & Privacy at the Olympics
Security & Privacy at the OlympicsSecurity & Privacy at the Olympics
Security & Privacy at the OlympicsLookout
 
10 Beautiful Enterprise Products
10 Beautiful Enterprise Products10 Beautiful Enterprise Products
10 Beautiful Enterprise ProductsLookout
 
Hacking the Internet of Things for Good
Hacking the Internet of Things for GoodHacking the Internet of Things for Good
Hacking the Internet of Things for GoodLookout
 

Mehr von Lookout (20)

The New Assembly Line: 3 Best Practices for Building (Secure) Connected Cars
The New Assembly Line: 3 Best Practices for Building (Secure) Connected CarsThe New Assembly Line: 3 Best Practices for Building (Secure) Connected Cars
The New Assembly Line: 3 Best Practices for Building (Secure) Connected Cars
 
Looking Forward and Looking Back: Lookout's Cybersecurity Predictions
Looking Forward and Looking Back: Lookout's Cybersecurity PredictionsLooking Forward and Looking Back: Lookout's Cybersecurity Predictions
Looking Forward and Looking Back: Lookout's Cybersecurity Predictions
 
5 Ways to Protect your Mobile Security
5 Ways to Protect your Mobile Security5 Ways to Protect your Mobile Security
5 Ways to Protect your Mobile Security
 
What Is Spyware?
What Is Spyware?What Is Spyware?
What Is Spyware?
 
Mobile Security: The 5 Questions Modern Organizations Are Asking
Mobile Security: The 5 Questions Modern Organizations Are AskingMobile Security: The 5 Questions Modern Organizations Are Asking
Mobile Security: The 5 Questions Modern Organizations Are Asking
 
2015 Cybersecurity Predictions
2015 Cybersecurity Predictions2015 Cybersecurity Predictions
2015 Cybersecurity Predictions
 
The New NotCompatible
The New NotCompatibleThe New NotCompatible
The New NotCompatible
 
Relentless Mobile Threats to Avoid
Relentless Mobile Threats to AvoidRelentless Mobile Threats to Avoid
Relentless Mobile Threats to Avoid
 
When Android Apps Go Evil
When Android Apps Go EvilWhen Android Apps Go Evil
When Android Apps Go Evil
 
Scaling Mobile Development
Scaling Mobile DevelopmentScaling Mobile Development
Scaling Mobile Development
 
Visualizing Privacy
Visualizing PrivacyVisualizing Privacy
Visualizing Privacy
 
How to (Safely) Cut the Cord With Your Old iPhone
How to (Safely) Cut the Cord With Your Old iPhoneHow to (Safely) Cut the Cord With Your Old iPhone
How to (Safely) Cut the Cord With Your Old iPhone
 
3 Ways to Protect the Data in Your Google Account
3 Ways to Protect the Data in Your Google Account3 Ways to Protect the Data in Your Google Account
3 Ways to Protect the Data in Your Google Account
 
3 Ways to Protect the Data in Your Apple Account
3 Ways to Protect the Data in Your Apple Account3 Ways to Protect the Data in Your Apple Account
3 Ways to Protect the Data in Your Apple Account
 
The Back to School Smartphone Guide
The Back to School Smartphone GuideThe Back to School Smartphone Guide
The Back to School Smartphone Guide
 
Mobile Security at the World Cup
Mobile Security at the World CupMobile Security at the World Cup
Mobile Security at the World Cup
 
Spring Cleaning for Your Smartphone
Spring Cleaning for Your SmartphoneSpring Cleaning for Your Smartphone
Spring Cleaning for Your Smartphone
 
Security & Privacy at the Olympics
Security & Privacy at the OlympicsSecurity & Privacy at the Olympics
Security & Privacy at the Olympics
 
10 Beautiful Enterprise Products
10 Beautiful Enterprise Products10 Beautiful Enterprise Products
10 Beautiful Enterprise Products
 
Hacking the Internet of Things for Good
Hacking the Internet of Things for GoodHacking the Internet of Things for Good
Hacking the Internet of Things for Good
 

Kürzlich hochgeladen

Introduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptxIntroduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptxMatsuo Lab
 
UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6DianaGray10
 
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPAAnypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPAshyamraj55
 
UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7DianaGray10
 
Machine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdfMachine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdfAijun Zhang
 
VoIP Service and Marketing using Odoo and Asterisk PBX
VoIP Service and Marketing using Odoo and Asterisk PBXVoIP Service and Marketing using Odoo and Asterisk PBX
VoIP Service and Marketing using Odoo and Asterisk PBXTarek Kalaji
 
Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024D Cloud Solutions
 
Computer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and HazardsComputer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and HazardsSeth Reyes
 
How Accurate are Carbon Emissions Projections?
How Accurate are Carbon Emissions Projections?How Accurate are Carbon Emissions Projections?
How Accurate are Carbon Emissions Projections?IES VE
 
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDEADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDELiveplex
 
Empowering Africa's Next Generation: The AI Leadership Blueprint
Empowering Africa's Next Generation: The AI Leadership BlueprintEmpowering Africa's Next Generation: The AI Leadership Blueprint
Empowering Africa's Next Generation: The AI Leadership BlueprintMahmoud Rabie
 
Comparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and IstioComparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and IstioChristian Posta
 
UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1DianaGray10
 
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...UbiTrack UK
 
Igniting Next Level Productivity with AI-Infused Data Integration Workflows
Igniting Next Level Productivity with AI-Infused Data Integration WorkflowsIgniting Next Level Productivity with AI-Infused Data Integration Workflows
Igniting Next Level Productivity with AI-Infused Data Integration WorkflowsSafe Software
 
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve DecarbonizationUsing IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve DecarbonizationIES VE
 
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...DianaGray10
 
Designing A Time bound resource download URL
Designing A Time bound resource download URLDesigning A Time bound resource download URL
Designing A Time bound resource download URLRuncy Oommen
 

Kürzlich hochgeladen (20)

Introduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptxIntroduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptx
 
20230104 - machine vision
20230104 - machine vision20230104 - machine vision
20230104 - machine vision
 
UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6
 
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPAAnypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPA
 
UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7
 
Machine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdfMachine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdf
 
VoIP Service and Marketing using Odoo and Asterisk PBX
VoIP Service and Marketing using Odoo and Asterisk PBXVoIP Service and Marketing using Odoo and Asterisk PBX
VoIP Service and Marketing using Odoo and Asterisk PBX
 
Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024
 
Computer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and HazardsComputer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and Hazards
 
How Accurate are Carbon Emissions Projections?
How Accurate are Carbon Emissions Projections?How Accurate are Carbon Emissions Projections?
How Accurate are Carbon Emissions Projections?
 
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDEADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
 
20150722 - AGV
20150722 - AGV20150722 - AGV
20150722 - AGV
 
Empowering Africa's Next Generation: The AI Leadership Blueprint
Empowering Africa's Next Generation: The AI Leadership BlueprintEmpowering Africa's Next Generation: The AI Leadership Blueprint
Empowering Africa's Next Generation: The AI Leadership Blueprint
 
Comparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and IstioComparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and Istio
 
UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1
 
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
 
Igniting Next Level Productivity with AI-Infused Data Integration Workflows
Igniting Next Level Productivity with AI-Infused Data Integration WorkflowsIgniting Next Level Productivity with AI-Infused Data Integration Workflows
Igniting Next Level Productivity with AI-Infused Data Integration Workflows
 
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve DecarbonizationUsing IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
 
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
 
Designing A Time bound resource download URL
Designing A Time bound resource download URLDesigning A Time bound resource download URL
Designing A Time bound resource download URL
 

Mobile Threats, Made to Measure

  • 1. MOBILE THREATS, MADE TO MEASURE THE SPECIALIZATION OF MOBILE THREATS AROUND THE WORLD
  • 2. What global trends and patterns defined mobile security threats in 2013? To answer this question, Lookout analyzed the threats encountered by more than 50 million Lookout users around the world. We categorized mobile threats into three distinct app-based threat categories: adware, chargeware, and malware. 2013 stood out as the year when mobile threat campaigns became increasingly targeted by region as the criminals adapted their practices to maximize profit and minimize detectability. In regions where regulation is stringent, attackers favored alternate ways to operate, often dropping traditional monetization strategies like premium rate SMS fraud in favor of “grey area” tactics like deceptive, if legal, in-app billing practices. We also examined how user behavior impacts their exposure to mobile threats. If a mobile user has rooted their phone, for example, how might that affect their chance of encountering a trojan in the future? In short, this report contains a comprehensive overview of the current, global state of app-based threats. We hope the security insights presented in this report may serve to help educate individuals and businesses on how to better protect their mobile devices from threats in a highly networked, globalized age. 1
  • 3. To prepare this report Lookout analyzed security detections from its dataset of more than 50 million users around the world who were active from January 1, 2013 - December 31, 2013. The encounter rate calculation referenced in this report measures how many devices encounter a given threat, and it is a weighted calculation that normalizes the differences between the life cycles of users. It should be noted that encounter rates are not additive since devices may be counted multiple times. Lookout excluded countries from this report where representative sample sets of users could not be achieved. Lastly, app-based threats in this analysis were separated into three categories: (a) Adware (b) Malware (c) Chargeware. These app-based threat categories are defined in the glossary at the end of the report. 2 © 2014 Lookout
  • 4. ● ● ● ● ● 3 The diversification of app-based threats by region is readily apparent. 2013 stood out as the year when mobile threat campaigns became increasingly targeted by geographic region as the criminals adapted their practices to maximize profit and minimize detectability. Financial gain continues to dominate the mobile threat landscape, with premium rate SMS fraud being the primary type of malware affecting people across the globe. ○ In 2013, hundreds of thousands of Lookout users encountered chargeware - apps with hard-to-read EULAs that deceptively bill victims, often after luring them in with racy photos (porn). The encounter rate of chargeware is 13% in France, 20% in the UK and 5% in the U.S. ○ In Russia and China, premium rate SMS fraud continues to be a massive problem where regulation isn’t as stringent. Adware is the most prevalent threat facing consumers. People are five times more likely to encounter adware than malware. Allowed to spread largely unchecked, adware reached a pinnacle in 2013, and reached every corner of the globe. (The average encounter rate ranges from 20-30% depending on the country: U.S. 25%, UK 23%, Germany 27%, France 31%, Spain 30%). The encounter rate of malware drastically changes depending on the region. Specifically, in the U.S. it is only 4%, while in Russia and China it is 63% and 28% respectively. Risky behavior begets other risky behavior. Having a trojan on your phone means you’re seven times more likely to download another app with a trojan. © 2014 Lookout
  • 6. In 2013 mobile threats were clearly a global problem, but Asia, Russia and parts of Eastern Europe and Africa continue to stand out with higher levels of risk. 5 © 2014 Lookout
  • 7. In 2013 encounter rates remained low in the US and Western Europe, while regions such as Asia and Eastern Europe continued to be “hot zones” for mobile malware, largely due to the popularity of unregulated 3rd party app stores and low risk monetization paths like premium rate SMS fraud (a prime example being ActSpat, a premium SMS trojan). Also, Lookout’s 2013 ‘Dragon Lady’ investigation uncovered an entire mobile malware industry in Russia. 6 © 2014 Lookout
  • 8. In the first half of 2013 very little curbed the spread of adware and so it was evenly distributed, with fairly similar encounter rates in almost every country. Lookout called out adware in June 2013 and Google started taking steps that September to remove adware that violated its policies. One of the primary adware SDKs was operated by a company called Leadbolt, which has since changed their ad SDK to comply with Google policies. 7 © 2014 Lookout
  • 9. In 2013, chargeware (apps that charge users without clear notification) was especially prevalent in Western & Eastern Europe and South East Asia. Pornograhic apps with deceptive charging practices made up the most prevalent forms of chargeware in 2013, with one campaign “SMS Capers” representing more than 50% of the risk in the UK. 8 © 2014 Lookout
  • 11. The United States and Canada have comparable threat encounter rates while mobile users in Mexico have an elevated risk of encountering adware. 10 © 2014 Lookout
  • 12. The mobile malware encounter rate is low and consistent across North American countries: mobile users in these countries tend to download apps from trusted app stores where the likelihood of encountering malware is much lower. Encounters occur nonetheless and the threats are real: NotCompatible, a trojan that turns devices into proxies for 3rd party traffic, was the most prevalent threat in the U.S. 11 © 2014 Lookout
  • 14. The total encounter rate is relatively even across Europe and comparable to the US. Germany has lower levels of risk in all categories, but especially chargeware and adware, while Spain has an elevated risk of chargeware and malware. 13 © 2014 Lookout
  • 15. The encounter rates of UK and France are elevated due to the large volume of chargeware in both regions. The UK is especially high to due to the emergence of one chargeware campaign - SMScapers, a pornographic app which makes up more than 50% of the total encounter risk in the UK. 14 © 2014 Lookout
  • 16. ASIA
  • 17. Japan has the lowest encounter rates in all categories, while China and Russia have the highest malware encounter rates out of any country in the world. The bulk of the threats in this part of the world are made up from malware rather than adware (like in the US and Western Europe). 16 © 2014 Lookout
  • 18. 17 Japan has the lowest malware encounter rate due to its strict regulatory environment, while China and Russia have the highest malware encounter rates in the world. Russia is particularly high as the ease with which malware authors are able to monetize drives the creation of new families. RuPaidMarket, a premium SMS fraud trojan, was the most prevalent family in Russia in 2013. © 2014 Lookout
  • 22. Apart from a slight dip in Q2, malware maintained a constant presence in China but overall was dwarfed by the volume of malware in Russia. The apparent drop in malware in Russia actually represents the tail-end of a couple of incredibly prolific malware campaigns in the RuPaidMarket family (a family of trojans that commit premium SMS fraud). 21 © 2014 Lookout
  • 23. 22 Prior to June 2013 no industry guidelines defined adware. In June 2013 Lookout published its own guidelines and in September 2013 Google updated its policies and removed as many as 36,000 infringing apps from the Play Store. The increase from Q2 to Q3 reflects Lookout’s implementation of more comprehensive adware detection policies. The drop from Q3 to Q4 reflects apps removing offending ad networks or getting removed themselves. © 2014 Lookout
  • 24. Chargeware is highly geographic and campaign-based and this slide shows this clearly. What we see here is the rise and fall of the pornographic chargeware campaigns “SMS Capers” and “Plus TV” which primarily hit the UK and France. 23 © 2014 Lookout
  • 25. The diversification of app-based threats by region is readily apparent. Regulation varies by country and a criminal enterprise that might be highly profitable and difficult to prosecute in one part of the world is often explicitly forbidden and easy to prosecute in another. This regulatory variation produces a state of natural selection in which criminals evolve to exhibit attack strategies that are best suited for their environment. When it comes to malware, people who use trusted, mainstream app stores (as the bulk of users in the US and Western Europe do) are less likely to encounter malware. By contrast, users in Eastern Europe, Russia and Asia face a risk of encountering malware that is as much as 20 times higher due to the widespread use of high-risk third-party stores. This increased risk is also driven in part by more robust malware development activities in these regions as evidenced by Lookout’s 2013 Dragon Lady investigation, which uncovered organized groups of Android malware developers in Russia who operated like startups, with real organizational structures and affiliate programs. Chargeware too is a highly country specific threat because it relies on mobile charging practices, which can vary on a per country (or even per carrier) basis. In 2013 chargeware emerged as the most lucrative method of monetizing in Western Europe for this reason, where country encounter rates (13% - France, 20% - UK, 23% - Spain) are two to four times higher than those seen in North America and up to twenty times higher than those seen in Asia. Most of these chargeware threats are pornographic in nature, as was the case with SMSCapers in the UK and PlusTV in France (the two most prolific instances of chargeware in each country). 24
  • 26. Adware went largely unchecked for the first half of 2013 and encounter rates were high, ranging from 20-30% globally. In Q3 2013 companies such as Lookout and Google implemented detection policies that flagged the presence of adware to developers and adware encounter rates began to fall. These policy changes forced apps to remove adware and forced adware developers to modify their advertising SDKs to bring their practices in line. Risky mobile behavior begets risky behavior - a rather self-evident, but nonetheless sobering observation when you consider that risky activities like downloading malware once increases your likelihood of encountering another piece of malware by seven times. Moving into 2014 we expect criminals and shady actors to continue to take advantage of the “Grey area” and use people (and their devices) as a means to an end to pull off their schemes. New monetization methods may appear, but as long as premium rate SMS fraud continues to be a successful business model in certain regions around the world, we don’t expect it to go away. As BYOD becomes more common in the workplace, rather than attacking traditional, heavily monitored network services, we expect criminals to evolve once again and turn to mobile devices as an easier way to get into the enterprise and access valuable data. With the recent news of both ad SDKs and mobile apps leaking device data, businesses are more aware than ever of the need to implement solutions that minimize mobile data leakage and loss. The strongest defence against app-based threats comes from a three part strategy of (1) only downloading apps from trusted marketplaces, (2) exercising common sense and avoiding risky behavior (like rooting a mobile device), and (3) downloading a mobile security application like Lookout that can flag and protect against these threats in real time. 25
  • 27. ADWARE Adware is an SDK whose primary purpose is to serve obtrusive or unexpected ads on compromised devices. CHARGEWARE Chargeware is an app where the user is charged for a service without clear notification and the opportunity to provide informed consent. ENCOUNTER RATE Encounter rates in this report measure how many devices encounter a given mobile threat during a specific time period, as a percentage of all devices that have connected to Lookout during that period. With this calculation we are measuring how many devices encounter a threat and it should be noted that encounter rates are not additive since devices may be counted multiple times. Additionally, encounter rates do not necessarily mean that that percentage of users were actually infected or would be infected without Lookout. MALWARE For the purposes of this report malware includes viruses, trojans, worms, and spyware and excludes chargeware. MOBILE THREATS Mobile threats in this report describe the composite threat of malware, chargeware, and adware. 26