In recent years, computing has become commoditized to the extent that mobile devices are increasingly prevalent and have become a key part of their owner’s daily lives, supporting both business and personal activities — including email access, banking and authentication. The adoption of these devices is particularly high in geographic regions such as Latin America, where they provide a more convenient and cost-effective route to obtaining this functionality versus desktop computing. The traditional computing landscape has also changed during this time; significant adoption of cloud-based services has decentralized data storage, and a drive towards securing mobile devices against misuse has resulted in a marked increase in the deployment of traditional and next-generation antivirus solutions to combat malware-based threats. This approach to defensive security has also been augmented by the introduction of endpoint solutions that provide granular insight into malicious activity through the generation and investigation of high-resolution device telemetry.
As a result of changes in the way people use and protect their devices, malicious actors have increasingly sought to diversify the way they attempt to compromise their targets and achieve their objectives. This diversification includes the development of malware for mobile devices, which often do not have access to the same level of security monitoring as desktop computers and servers. In fact, the successful compromise of mobile devices provides more extensive access to large amounts of personal data, as they often aggregate multiple data sources (such as email accounts) along with mechanisms for authenticating with other services as part of two-factor authentication (2FA) capability. Furthermore, many devices can also provide the geographic location of their owners through access to global positioning service (GPS) hardware and cell tower information. This density of personal information offers an attractive target to a range of adversaries, leading to an uptick in both targeted and commercial mobile malware families.
This report provides an overview of the key types of mobile malware observed so far in 2019, along with their typical deployment mechanisms. It also identifies how and why certain adversary groups and unaffiliated criminal actors are targeting mobile devices for intelligence and financial gain, and assesses the potential for future changes in this threat landscape.