Malware detections surge from 'COVID bounce'

After a pandemic lull in 2020, malware aimed at individuals and organisations surged in 2021, according to a report released by cyber security software maker Malwarebytes. 

Year-over-year, overall malware detections jumped 77 per cent, the report noted, with business-focused threats rising 143 per cent and consumer threats climbing 65 per cent, to more than 152 million.

The report also noted that spyware detections on Android phones surged 1,600 per cent at the beginning of the pandemic, but growth tapered off in 2021, with 54,677 detections of Android monitoring apps discovered during the period, a 7.2 per cent increase, and 1,106 detections of spyware apps, a 4.2 per cent increase. 

However, the report found that while overall numbers for monitoring and spyware apps were up, detections have declined since their peak in 2021.

Concern about stalkerware isn't limited to Android phones, the report added. In 2021, Pegasus spyware infected iPhones used by journalists and government officials, enabling surveillance of their locations and data. Average users also began struggling with the pros and cons of Apple-developed location trackers—AirTags—that enabled potential victims to be silently monitored by perpetrators, the report added.

Sophisticated adware cripples devices

Adware, though, dominates the Android malware landscape, with nearly 80 per cent of detections related to it. While adware is often considered more of a nuisance than a threat, that isn't always the case. "Adware can be a catalyst to install additional threats on a phone," Malwarebytes Labs Head of Thought Leadership Adam Kujawa said.

"More sophisticated adware can cripple devices, requiring full device factory resets or preventing users from accessing corporate accounts and applications," added Kristina Balaam, a senior threat researcher at Lookout, a mobile cyber security company. 

"Some adware can exfiltrate more sensitive data about the user and their device as part of their campaigns. While it’s less likely that an adware family will severely compromise an enterprise in the same way that a surveillance application or ransomware sample could, they can disrupt devices or collect more data than is necessary about an enterprise’s employees."

Phones as unmanaged devices and risk to the enterprise

Balaam said that mobile malware is becoming an increasingly common threat to the enterprise. "We’ve seen a significant increase in the number of threat actors who have diversified their tooling to include mobile targets alongside desktops," she said.

"With the modern, hybrid workforce and everything moving to the cloud, people are working from many devices, including their smartphones, and most of these phones are not managed devices, so the risk to the enterprise is real," noted Patrick Harr, CEO of SlashNext, a network security company.

A compromised mobile device can perform any number of nasty acts that threaten an enterprise. 

"Once malware gets onto a device, it can sniff network traffic before it's encrypted, install a keystroke logger or a command and control node, then all passwords you type on your phone, be they personal or business, for any SaaS app or website you go to, can be intercepted and sent out," said Gartner vice president analyst Patrick Hevesi. "The risk is definitely there."

"We've been theorising for a long time that someday we're going to see mobile Armageddon," Kujawa added. "The devices are getting more secure, but because we're relying on them more and more, it's making them a larger target. Who knows? In 10 years, we might be dealing with mostly mobile threats."