• United States



john_mello jr

Malware detections surge from “COVID Bounce”

News Analysis
Mar 28, 20223 mins
MalwareMobile Security

A year after pandemic peak, malicious threats to businesses and consumers rose above pre-virus levels, especially for mobile devices.

mobile security / threat detection / traffic analysis
Credit: Thinkstock

After a pandemic lull in 2020, malware aimed at individuals and organizations surged in 2021, according to a report released last week by cybersecurity software maker Malwarebytes. Year-over-year, overall malware detections jumped 77%, the report noted, with business-focused threats rising 143% and consumer threats climbing 65%, to more than 152 million.

The report also noted that spyware detections on Android phones surged 1,600% at the beginning of the pandemic, but growth tapered off in 2021, with 54,677 detections of Android monitoring apps discovered during the period, a 7.2% increase, and 1,106 detections of spyware apps, a 4.2% increase. However, the report found that while overall numbers for monitoring and spyware apps were up, detections have declined since their peak in 2021.

Concern about stalkerware isn’t limited to Android phones, the report added. In 2021, Pegasus spyware infected iPhones used by journalists and government officials, enabling surveillance of their locations and data. Average users also began struggling with the pros and cons of Apple-developed location trackers—AirTags—that enabled potential victims to be silently monitored by perpetrators, the report added.

Sophisticated adware cripples devices

Adware, though, dominates the Android malware landscape, with nearly 80% of detections related to it. While adware is often considered more of a nuisance than a threat, that isn’t always the case. “Adware can be a catalyst to install additional threats on a phone,” Malwarebytes Labs Head of Thought Leadership Adam Kuwaja said.

“More sophisticated adware can cripple devices, requiring full device factory resets or preventing users from accessing corporate accounts and applications,” says Kristina Balaam, a senior threat researcher at Lookout, a mobile cybersecurity company. “Some adware can exfiltrate more sensitive data about the user and their device as part of their campaigns. While it’s less likely that an adware family will severely compromise an enterprise in the same way that a surveillance application or ransomware sample could, they can disrupt devices or collect more data than is necessary about an enterprise’s employees.”

Phones as unmanaged devices and risk to the enterprise

Balaam says that mobile malware is becoming an increasingly common threat to the enterprise. “We’ve seen a significant increase in the number of threat actors who have diversified their tooling to include mobile targets alongside desktops,” she says.

“With the modern, hybrid workforce and everything moving to the cloud, people are working from many devices, including their smartphones, and most of these phones are not managed devices, so the risk to the enterprise is real,” says Patrick Harr, CEO of SlashNext, a network security company.

A compromised mobile device can perform any number of nasty acts that threaten an enterprise. “Once malware gets onto a device, it can sniff network traffic before it’s encrypted, install a keystroke logger or a command and control node, then all passwords you type on your phone, be they personal or business, for any SaaS app or website you go to, can be intercepted and sent out,” says Gartner Vice President Analyst Patrick Hevesi. “The risk is definitely there.”

“We’ve been theorizing for a long time that someday we’re going to see mobile Armageddon,” Kuwaja says. “The devices are getting more secure, but because we’re relying on them more and more, it’s making them a larger target. Who knows? In 10 years, we might be dealing with mostly mobile threats.”