2015 mobile threats: Ransomware and data leaks run rampant

It's far from just adult sites which harbor threats to your mobile devices and personal security.
Written by Charlie Osborne, Contributing Writer

The mobile threat landscape is becoming more active and users are at increasing risk of ransomware, unwanted software and data theft, researchers say.

If you're browsing through adult websites and downloading content, you take on the risk that malware might be hidden within. Pornography, adware and spyware have been connected for years, and while adult sites aren't always laden with malicious code, the risk of infection is generally higher than on generic websites.

A new report released by security firm Blue Coat acknowledges that porn remains the top dog when it comes to threats to mobile users, but fresh tactics designed to steal your data, load ransomware onto your device or install potentially unwanted software (PUS) are also on the uptick.

"The underground market around mobile malware is growing," Felix Leder, Director of Advance Malware Defense at Blue Coat told ZDNet.

"We have seen more and more services popping up around mobile malware, like repackaging services to patch malware into existing apps. The creation of new malware is not enough for criminals. They need to "get it out" to the masses. With using ad networks they have the perfect platform to distribute it. We have seen the same relationships for traditional malware."

Cyberattackers are looking beyond traditional PCs and to mobile devices to find victims. According to StatCounter, mobile usage for Web activity surged by 67 percent last year, and as smartphones and mobiles continue to replace PCs, this trend is likely to continue. As a result, our mobile devices will become the focus of new cyberthreats.

Blue Coat researchers say that pornography returned as the top attack vector for mobile users after losing its place to malicious ad networks last year. Adult websites accounted for 36 percent of threats to mobile device users, often in the form of malicious websites and downloads linked from pornography sources.

Malicious advertising networks -- which download malware through ad-based lures in a tactic known as "malvertising" -- accounted for less than five percent of threats this year, in comparison to almost 20 percent in 2014.

This statistic includes malvertising threats and websites which host apps designed to appeal to adult website visitors -- but also contain Trojan malware which can then steal financial and sensitive data from handsets.

See also:How to protect your connected home and Internet of Things devices

Unfortunately for users, beyond PUS, ransomware is now being tailored to take on tablets and smartphones. If this particular variant of malware finds its way onto your system, your files are encrypted and screen locked.

If you do not pay a fee -- usually required in virtual currency -- then your system remains lost and your data is lost. Those who pay up may be issued a cryptographic key to release their files, but this isn't guaranteed.

In addition, "junk" apps downloaded through malicious websites, adware and spyware are being found in the wild in increasing numbers. While often only deemed suspicious or annoying, these apps can end up resulting in information leaks and the theft of data including the phone's identification number, operating system, the app or browser being used and user data.

"Unlike for PCs, mobile infections usually require user interaction," Leder says. "The user is "tricked" into installing the malicious app, e.g. by suggesting that the user has visited a bad webpage and that the offered app is the cure for removing all evil from his phone. Another type of such "social engineering" is to pretend the app contains a popular movie or is a cracked version of a paid app."

In order to protect yourself against mobile threats, staying vigilance is critical. Unless you completely trust the source, you should not download applications while surfing the Internet unless they are from official stores -- and never through clicking an advert. If you choose to jailbreak your device, you are also breaking your smartphone or tablet's security, which will likely place you at more risk of being exploited by security vulnerabilities as security features will inevitably become disabled.

10 steps to erase your digital footprint

Read on: Top picks

Editorial standards