Study reveals a massive 92% rise of 0-day malware on mobile devices

There are two big families of malware: The one that has a viral signature and is known to most virus databases, and the 0-day one featuring unknown behaviors that are not classified yet. 0-day malware are only detected by solutions performing real-time behavioral analysis, as standard mobile security solutions relying on virus databases do not cover them.

In the last 6 months, Pradeo Lab observed a massive 92% rise of 0-day malware on mobile devices, demonstrating that hackers are strongly focusing their attention on enterprise mobility and constantly innovating to overcome security fences.

Data exfiltration through mobile applications is organizationsbiggest threat

Hackers access mobile devices and sensitive data through three potential vectors: Applications (malware, spyware, adware), the network (Phishing, Man-In-The-Middle attack) and the device (OS vulnerabilities exploitation), explains the Mobile Threat Report released by Pradeo Labs.

The most common threat the study observe for the last 2 years is data exfiltration through mobile applications, with 59% of apps sending data out of the device. However, mobile malwares are far less numerous but hit faster and do more damages.

While the number of assaults through the network remain constant, there has been in the last 6 months a 100% growth of device compromise, illustrating that the threat landscape is constantly shifting.

Mobile applications are at the center of operations for employees, partners and clients. They handle more sensitive data than any other media and yet, a lot of them silently leak users’ personal data toward remote servers.

The study noted that the most leaked data are location coordinates, contact lists, users profile information (credentials), users files (photo, video, document…) and SMS.

As governments and authorities urge organizations around the world to protect personal data from leakage and theft, mobile applications are a big risk for compliance and their behaviors must be scrutinized.

Application vulnerabilities

Mobile applications can be vulnerable because of some errors in their source code or in the libraries they host. These vulnerabilities highly expose them to attacks.

Hundred of vulnerabilities are referenced by the US National Vulnerability Database, the OWASP mobile security project, US- CERT, etc. to help developers building and maintaining secure mobile applications.

Three applications out of 5 feature vulnerabilities that make them prone to data leakage, Denial of Service (DoS) attacks, Man-In-The-Middle attacks and show encryption weaknesses.

Top network threats

The most common network threats that study detected during the last 6 months are:

Public WiFi exploits: The amount of unsecured public hotspots and users who get connected to them is continuously increasing. As a result, mobile attacks through this vector are growing and currently represent the most detected network threat.

Phishing attacks: Mostly targeting computers until a year ago, phishing attacks have made it directly to the second position of the most detected network exploit on mobile devices. They trap mobile owners using malicious links included in emails or SMS.

Man-In-The-Middle attacks: A MITM attack happens when a communication between two parties is intercepted or altered by an outside entity. Hackers perpetrate this attack through WiFi hotspots or by using IP, ARP or DNS spoofing.

Top device threats

Mobile devices are often exploited by hackers to access and steal sensitive data from organizations, making them the second vector of threats. Here are the most detected threats operating at the device level.

Vulnerable OS compromise: Mobile devices operating systems have vulnerabilities that are discovered and patched with security udpates on a regular basis. Although, most mobile users don’t update their device as soon as a new OS version is available, letting it run on a vulnerable version for weeks. As a result, this is the most common device threat.

Modified settings exploit: Some users customize their mobile device settings by deactivating security options to grant themselves more rights. As a consequence, the altered mobile device becomes easily hackable.

Root / jailbreak exploit: Only a small amount of users jailbreak or root their mobile device, but when they do, it totally shatters its security fences, opening the front door to malwares and hackers.