Mobile malware is on the rise in the U.S. and around the world, according to a new study from security firm Lookout, in a trend that neatly coincides with the shift from desktop to mobile computing. The survey, based on data from 60 million mobile users around the world, tracked the incidence of various types of threat from 2013-2014. These include ransomware, which as its name indicates holds your mobile device for ransom; Trojan malware, including a download that masquerades as an innocuous app in order to collect sensitive personal information; spyware that monitors personal messages; and even apps that surreptitiously exploit a device’s computing power to “mine” cryptocurrency (yes, bitcoins).
On the positive side there was a marked decrease in adware, which Lookout attributes to increased policing by Google. The report also covers chargeware, which charges users for services without informing them or giving them a chance to grant or withhold consent.
Lookout noted that different types of malware are more likely to appear in different regions. For example, ransomware is especially prevalent in the U.S., U.K., and Germany, while chargeware and fake “premium rate” SMS billing fell in the U.K. and France, but surged in Germany. One especially disturbing finding: The distribution of some malware attacks leads Lookout to hypothesize that the mobile supply chain has sometimes been compromised, allowing malware to be preloaded onto mobile devices in the factory.
Focusing on the U.S., Lookout found that the volume of Android malware attacks increased 75%, from 4% in 2013 to 7% in 2014. As noted, adware actually decreased sharply over this period, but ransomware posted big gains, with over four million U.S. Android users paying ransoms ranging from $300-$500 in order to free their devices. Doing the math, that suggests ransomware alone is a $1.2 billion-$2 billion industry in the U.S. (Maybe those jerkfaces are onto something after all.)