The menace on your mobile – six times as much malware found in 2011

29 Feb
Virus News

Kaspersky Lab data shows that the number of malicious programs targeting mobile devices increased 6.4 times in 2011 with a total of 5,255 new modifications and 178 new families identified throughout the year.

In December 2011 alone Kaspersky Lab uncovered more new malicious programs targeting mobile devices than over the entire 2004-2010 period.

The numbers of modifications and families of mobile malicious programs in Kaspersky Lab’s records as of 1 January 2012 are shown in the table below:

Platform Modifications Families
Android 4139 126
J2ME 1682 63
Symbian 435 111
Windows Mobile 81 23
Others 19 8

As well as the dramatic growth in the number of mobile threats, 2011 also saw some qualitative changes. While unsophisticated SMS Trojans are still the dominant behavior among all detected mobile threats, their share of all mobile threats has fallen from 44.2% in 2010 to 36.6% in 2011. Backdoors, which were barely used by cyber criminals in 2010, accounted for the second most prevalent behavior in 2011. The surge in interest in backdoors has been sparked by virus writers’ growing interest in the Android OS, and the overwhelming majority of detected mobile backdoors target Android smartphones. The third most common mobile threat behavior is spyware. These programs steal personal user data and/or data about the infected mobile device.

When it came to platforms, a steady rise in the number of threats targeting Android was observed during the last six months of 2011. By mid-summer, the number of malicious programs for Android had surpassed the number of threats targeting Symbian, and by autumn, J2ME was trailing behind as well. At present Android is the undisputed leader among targeted platforms.

Man-in-the-Mobile technology, in particular, deserves a mention. The first attack using this method took place in 2010. However, the attacks were enhanced in 2011. The ZitMo (ZeuS-in-the-Mobile) and SpitMo (SpyEye-in-the-Mobile) Trojans work in conjunction with the regular ZeuS and SpyEye programs and are some of the most complex mobile threats detected recently. These Trojans help malicious users to confirm financial operations using hacked bank accounts. These Trojans also stand out due to their cross-platform nature – versions of ZitMo have been detected for Symbian, Windows Mobile, Blackberry and Android, while SpitMo has been detected for Symbian and Android.

One of the main events of 2011 was the first case of malware being spread with the help of QR codes. Because of their ease of use, cyber criminals have started to use malicious QR codes with an encrypted link leading to the same threats that other traditional URLs lead to. Malicious QR codes are used not only by virus writers (or groups of virus writers) but are becoming more common among the infamous affiliate programs, which will soon ensure that they become popular among cyber criminals.

More information about these new methods of spreading mobile malware, the dominant trends in this sphere, forecasts for 2012 as well as more detailed statistical data can be found in the article ‘Mobile Malware Evolution, Part 5’ by Denis Maslennikov, Senior Malware Analyst, Global Research and Analysis Team, Kaspersky Lab at: