The Mobile Device Threat Evolution
October 13, 2011
By Jack Walsh

It’s no surprise that the use of mobile devices continues to accelerate.  As adoption increases it’s been interesting to observe the evolution of mobile security threats.  

The mobile market had been dominated for years by the Symbian mobile operating system, which runs on Nokia phones. Because of that the preponderance of security threats were initially focused on Symbian.  

Just a year ago F-Secure’s Jarno Niemelä and Kaspersky’s Tim Armstrong gave a joint presentation on mobile malware at the Messaging Anti-Abuse Working Group (MAAWG) meeting.  They reported that 70 percent of mobile malware targeted Symbian.  Given Symbian’s early dominance in the mobile market (especially outside the U.S.) their finding largely reflects what one might expect: the bad guys targeted the more popular platform. 

In terms of the specific kinds of malware, the most common malware initially targeted premium short message service (SMS) numbers.  Trying to make a buck, the bad guys inserted Trojans into apps that, once on a user’s phone, would send unsolicited text messages to premium-rate numbers. By sending the text messages in the wee hours of the morning and doing so infrequently, the malware writers hoped to fly under the radar of the unsuspecting mobile device owner.  While we don’t have premium SMS numbers in the U.S. they do in Russia.  So the affected users were largely in the former Soviet Union.   

As far as how things have evolved, today Symbian is losing ground to Apple’s iOS and especially to Google’s Android. In fact, Android appears to be pulling away from the other platforms. Android’s market share in the US has risen to almost 44 percent according to a recent study by comScore.  That’s up 5 percent from the previous quarter.  With the exception of iOS that saw a meager 0.7 percent increase in market share, the other platforms lost ground here in the U.S. 

Just as how Symbian previously led the way in marketshare and associated malware, it’s probably no surprise then that Android spyware and malware are increasing today. 

Lookout Mobile Security’s threat report from August 2011 reported that, “Android users are two and a half times as likely to encounter malware today [compared to] 6 months ago.”  It went on to report that “Android apps infected with malware went from 80 apps in January to over 400 apps cumulative in June 2011.”  Android is pretty clearly increasingly under attack.   

A final point about the mobile threat evolution has to do with the fact that mobile phones are increasingly smart phones. Because of this, the threats are no longer just web (e.g., drive-by downloads) and network-based threats. Today’s threats are increasingly application based.  This too makes sense as users increasingly use apps on their phones and make less use of the mobile device’s built-in browsers. 

As mobile devices, and especially smart devices, are still a relatively new technology, we’ll keep watching as both the technology and threats continue to evolve. 


The month of October is National Cyber Security Awareness Month (NCSAM), which focuses on cybersecurity awareness and education for all digital citizens.  As a champion of NCSAM, ICSA Labs is committed to making the web a safer place to work and play.  This month, ICSA Labs has been sharing daily cybersecurity tips, which people can easily implement to better protect themselves and their information.  Visit our Facebook and Twitter pages to learn more.



Post new comment

  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
  • Allowed HTML tags: <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd>

More information about formatting options

This question is for testing whether you are a human visitor to prevent automated spam submissions.
Enter the characters shown in the image.