Historically, cybercriminals simply did not have enough vulnerable mobile devices out there to make significant attacks worthwhile. That\u2019s changed. Cybercriminals are in it for the money; and they look for the most vulnerable targets, in the greatest quantity, that will take the least amount of effort to breach and have the highest potential for monetary gain.<\/p>\n
This building of mobile threat has been foreseen for some time. In 2006, roughly six months before the release of the first iPhone, Scientific American<\/a> warned about the perils of mobile malware and noted mobile malware growth at that time roughly paralleled that of computer viruses in the first two years after the first PC virus, \u201cBrain,\u201d was released in 1986.<\/p>\n In 1988, computer experts dismissed viruses as inconsequential, vastly underestimating how quickly malware could grow in prevalence, diversity and sophistication. In their 2006 article, Scientific American also warned about making the same mistakes with mobile, pointing out that the bigger the target, the greater the attraction for malicious programmers and that smartphones would soon make up most of the world\u2019s computers (now true).<\/p>\n Outdated Windows devices have proven to be a significant security risk. About 140 million<\/a> active Windows PCs are still running Windows XP, a 14-year-old operating system that Microsoft stopped updating in 2014. The massive WannaCry cyberattack last year exploited a security hole in the Windows XP operating system.<\/p>\n But in comparison, Android has about one billion of the 2.7 billion active devices running outdated operating systems. That\u2019s about seven times the amount of vulnerable XP devices.<\/p>\n Mobile devices do have had some advantages over Windows security-wise, so maybe that will help stall the pace of infection and attack going forward. Applications are more tightly controlled by OS leaders, like Apple and Google, and users must provide permission to allow access to core phone functions. There are fewer malicious actors adept in mobile software. But counter to that is the more casual attitude of subscribers towards security of their mobile devices and the fact that mobile devices have billing mechanisms built in, leading to SMS fraud.<\/p>\n Most mobile subscribers don\u2019t apply even the basic security passwords, and even fewer install device protection. Permissions in new apps are requested and granted broadly by impatient subscribers. The monetary incentives are also getting sweeter for cybercrime. Use of mobile for financial transactions is growing. The GSMA<\/a> estimated that the industry processed 22 billion financial transactions in 2016 and identifies mobile technology as key to transforming access to financial services in emerging markets for hundreds of millions of people.<\/p>\n Our Unit 42 threat intelligence team has been analyzing threat trends and reporting on the last four years of new Android malware evolution. Check out their latest research on Android threats.<\/p>\n\n
\n
\n
\n
![\"PAN_MWC-18_Social-Suite_blog_600x200\"](\"https:\/\/www.paloaltonetworks.com\/blog\/wp-content\/uploads\/2018\/02\/PAN_MWC-18_Social-Suite_blog_600x200.png\")
<\/span><\/div><\/a><\/p>\n