History and future of mobile malware

Panda Security released a report on the history, current state and future of mobile malware which aims to raise awareness of the threats affecting mobile devices as well as provide tips individuals can follow to avoid falling victim to mobile threats.

“One of the major challenges security vendors face is user mobility,” said Luis Corrons, technical director of PandaLabs. “Enhancing the security of cell phones — through anti-malware, data protection, management and security audit functions — is a major challenge for any security department, and we must tackle this threat as soon as possible in order to help protect users’ information and businesses. Even though cell phone malware is not a priority for cyber-crooks yet, we are starting to see the first major attacks on these platforms. We predict that the next few months will see significant growth in cell phone attacks, especially on Google’s Android operating system.

Lack of security awareness among cell phone users and carelessness are two of the most important risk factors for smartphones. It is extremely important to understand that a smartphone is far more than just a phone and should be treated more like a computer due to the valuable information it stores.

To protect your mobile device, the CNCCS offers a series of best practices. These include:

  • Enable access protection measures such as a PIN or password
  • Configure the smartphone to automatically lock after a minute or so being idle
  • Disable features not in use such Bluetooth, infrared or WiFi
  • Before installing or using new smartphone apps or services, check their reputation and only install applications from trusted sources
  • Keep your operating system and software applications up to date
  • Be wary of any files, links or numbers received from unsolicited email or SMS messages
  • Avoid using untrusted WiFi networks.

Key topics covered in the report include:

  • The history of mobile devices, and the evolution of the smartphone market from its onset to the present day
  • Mobile device security issues and threat vectors
  • The history of threats targeted the platform, including Cabir, WinCE.Brador.A , Skulls, Pbstealer, CxOver, Ikee.A and Ikee.B, Droid09 and modern Man-in-the-Mobile attacks
  • Predictions for the future, including schemes that target mobile banking applications and capture sensitive information, programs that track users’ locations through GPS, advanced social engineering attacks, and mobile worms that scan all devices connected to WiFi networks and exploit vulnerabilities to transmit malicious code to other systems.

The complete report is available here.