Sophos Senior Tech Consultant Graham Cluley sees Facebook as a growing conduit for smart phone malware infections. Sophos Senior Technology Consultant Graham Cluley agrees somewhat with a BitDefender study showing Facebook as a growing attack vector for smartphone malware. Sophos has seen a similar pattern, and Android phones are potentially a big target, Cluley said in a sit-down interview Tuesday.“The iPhone operates in a more controlled environment and the BlackBerry security model is fairly strong. Because Android operates in a more open environment, it’s more open to infections,” Cluley said during a visit to the offices of IDG Enterprise, home of CSO. Given the growing popularity of Android phones in the enterprise, Cluley said this is something IT security shops must be more aware of.The malware being sent to the phones via Facebook messages are the garden-variety spam messages that rely heavily on social engineering tactics. A Sophos threat report due out next week will dive more into the social networking threat, but the company’s just-released “Dirty Dozen” spam list also mentions it. “Spam is certainly here to stay, however the motivations and the methods are continuing to change in order to reap the greatest rewards for the spammers,” Cluley said.Earlier, BitDefender came out with a report warning that Facebook has become the biggest mobile malware threat. Spam links on social networks are infecting mobile devices via bad links on Facebook because the worms and other malware are often platform-independent and are widely spread as malware that targets PCs, the report said. BitDefender pointed to Google statistics revealing almost a quarter of Facebook users falling for a recent scam on the social network from their mobile device. The URL that was studied was one that claimed to show users a girl’s Facebook status which got her expelled from school. It generated 28,672 clicks — 24 percent of which originated from mobile platforms. Users who clicked on the link — whether on their PC or mobile device — downloaded a Facebook worm and fall victim to an adword-based money grabbing scheme.Also read Social media risks: The basics“When data security researchers focus on finding malware specifically designed for mobile platforms, they lose sight of an important mobile platform threat source — the social network,” said George Petre, BitDefender Threat Intelligence Team Leader. Related content feature Top cybersecurity M&A deals for 2023 Fears of recession, rising interest rates, mass tech layoffs, and conservative spending trends are likely to make dealmakers cautious, but an ever-increasing need to defend against bigger and faster attacks will likely keep M&A activity steady in By CSO Staff Sep 22, 2023 24 mins Mergers and Acquisitions Mergers and Acquisitions Mergers and Acquisitions brandpost Unmasking ransomware threat clusters: Why it matters to defenders Similar patterns of behavior among ransomware treat groups can help security teams better understand and prepare for attacks By Joan Goodchild Sep 21, 2023 3 mins Cybercrime news analysis China’s offensive cyber operations support “soft power” agenda in Africa Researchers track Chinese cyber espionage intrusions targeting African industrial sectors. By Michael Hill Sep 21, 2023 5 mins Advanced Persistent Threats Cyberattacks Critical Infrastructure brandpost Proactive OT security requires visibility + prevention You cannot protect your operation by simply watching and waiting. It is essential to have a defense-in-depth approach. By Austen Byers Sep 21, 2023 4 mins Security Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe