According to the latest Nokia Threat Intelligence Report 2019, Android devices are the most commonly targeted by malware. In mobile networks, Android devices were responsible for 47.15% of the observed malware infections, Windows©/ PCs for 35.82%, IoT for 16.17% and Apple’s iPhones for less than 1%.
In the smartphone sector, the vast majority of malware is currently distributed as trojanized applications. The user is tricked by phishing, advertising or other social engineering into downloading and installing the application. The main reason that the Android platform is targeted, is the fact that once side-loading is enabled, Android applications can be downloaded from just about anywhere. In contrast, iPhone applications are for the most part limited to one source, the Apple Store.
Report also noted that Windows/PCs continue to be a target for malware infection. These Windows/PCs are connected to the mobile network using USB dongles and mobile Wi-Fi devices or simply tethered through smartphones. They are responsible for 36% of the malware infections observed. This is because these devices are still a popular target for professional cybercriminals who have a huge investment in the Windows malware ecosystem.
According to the report, IoT devices now make up 16% of the infected devices observed. This is mostly the result of IoT botnet activity. These bots actively scan for vulnerable victims using an increasingly rich suite of attacks. In networks where devices are routinely assigned public facing internet IP addresses we find a high IoT infection rate. This is unsurprising considering security issues within IoT devices remain everpresent. In networks where carrier grade NAT is used, the infection rate is considerably reduced, because the vulnerable devices are not visible to network scanning.
The report also found that Android malware samples continue to grow in 2018. Nokia Threat Intelligence Lab now has close to 20 million Android malware samples. This is an increase of 31% since last year.
Of the top 20 malware infections detected in fixed residential networks in 2018, the majority still focus on the traditional Windows/PC platform, however 5 of the top 20 target IoT and 3 target Android.
In 2018 the average percentage of devices infected each month was 0.31%. The peak month was Junewith 0.46% due to an increase in activity of Android.Adware.Adultswine, malware that displays ads from the web that are often highly inappropriate and pornographic, attempts to trick users into installing fake “security apps” that also serve ads and entices users to register for premium services with hiddenexpenses. It is very persistent and difficult to uninstall.
The report also stessed the emergence of new IoT botnet variants in 2018. In particular – Fbot, which is a Satori related botnet that has two major distinguishing features. It spreads by scanning for devices that have the default Android Debug Bridge (ADB) port open. Very few Androids phones have this port open, but apparently some smart TVs and other Android based IoT devices have been deployed accidentally with this debug port open.