Mobile malware on the rise worldwide, ransomware hits the spotlight

Mobile malware has been talked about as a natural progression in cybercrime trends, but is yet to truly make its mark on devices. However, research from Lookout claims that mobile malware is on the rise, especially in terms of chargeware and ransomware.

The mobile security firm's new research is based on the analysis of security detections from a dataset of more than 60 million global users. Measurements given are based upon the percentage of unique devices that encountered particular threats across the last year.

The report says that while mobile malware is on the increase across the globe, an interesting facet of this trend is the geographical separation of different kinds of mobile malware. For example, chargeware and premium-rate SMS billing are more commonly found in Western Europe, whereas these kinds of billing mechanisms are often banned in the United States.

In 2014, however, new mobile threat tactics -- such as ransomware -- have become prevalent, as well as an increase in threat sophistication.

The security firm says that across 2014, there was an increase in mobile malware spotting of 75 percent in comparison to 2013, and this was often due to ransomware finding its way onto mobile devices through malicious apps. Ransomware packages such as ScareMeNot and ScarePakage finished in the top five most prevalent mobile threats in countries including the US, UK and Germany.

It is worth noting that mobile malware is still pretty rare, but any increase in these types of tactics to steal data or force the general public to part with their money is of note.

Another interesting facet of the report is that cybercriminals are experimenting with mobile device-based schemes. In one instance, the security researchers discovered a cyberattacker attempting to use compromised mobile devices for cryptocurrency mining.

Adware fell dramatically in 2014, according to Lookout. The company places this drop at the feet of Google, which has been cracking down on adware through search and the Google Play store.

Lookout detected a number of different types of mobile malware, including:

• ScarePackage | Ransomware: Distributed as a drive-by download, this malicious code masquerades as an Adobe Flash update or anti-virus app before displaying a fake FBI message.
• DeathRing | Trojan: Posing as a ringtone app, DeathRing downloads fake SMS content before trying to capture login credentials by impersonating trusted entities like banks.
• CoinKrypt | Trojan: CoinKrypt infects mobile devices and uses their processing power to mine cryptocurrency.
• ShrewdCKSpy | Spyware: Pretending to be an app marketplace, the malware runs in the background, intercepts and records SMS messages and phone calls, and then uploads them to a remote server.

In the US, ransomware such as ScarePakage, ScareMeNot, ColdBrother, and Koler dominated the mobile threat list in 2014, but we're likely to see more of the same in the year to come -- and with increased levels of sophistication.

Read on: In the world of security

• Botnets in 2014: ZeuS surge, lax policies place Web users at risk
• FTC finalizes charges against Snapchat over user privacy
• Bluster, bravado and breaches: Today's 'terrorist' players in cybersecurity
• Hackers infiltrate White House network
• FireEye predictions for cybersecurity in 2015
• Analysis casts doubt on FBI claims over Tor website seizures
• High volume DDoS attacks rise in Q3 2014
• Apple iOS Masque flaw dangers: Communication app infiltration discovered
• UK hires hackers, convicts to defend corporate networks
• ZeuS variant strikes 150 banks worldwide