Mobile malware, unpatched Android devices are increasing problems say studies

Allowing staff and partners to use their own mobile devices to access enterprise networks continues to be a source of risk for CISOs, according to a study from a security vendor that found that four per cent of devices of customers using its mobile threat defence solution had malware, whether they were managed  by an enterprise or an individual.

The study by California-based Skycure Ltd., found that large organizations (with more than 200 devices) have at least one device with malware. Companies with Android devices are nearly twice as likely to have malware.

Overall three per cent of all enterprise iOS devices had malware, and nearly twice as many (5.7 per cent) of all enterprise Android devices were infected.

“Malware absolutely exists on enterprise mobile devices and standardizing on iOS doesn’t make you safe,” Skycare CTO Yair Amit said in a statement today. “We have seen recent attacks that have been specifically designed to circumvent two-factor authentication. Smartphones make excellent reconnaissance tools because they are able to track a user’s conversations and movements twenty-four seven. That means malware can target specific individuals for access to valuable personal and corporate information.”

And if you think employees are most productive in the mornings, apparently they are also at their most mischievous (or curious): The study found mobile workers are 10 times more likely to download apps (including malicious ones) between 9 and 10 a.m. than any other time of the day.

Separately this week Duo Security, a maker of end-point security products reported that three out of 10 Android devices didn’t applied a security patch that was available six months ago, leaving them susceptible to 24 critical vulnerabilities.

In addition, while Google has made much of the fact that Android security updates are now available to a wide number of handsets than just Nexus, as of April 30 only 25 per cent of the eligible devices were running the latest patch.

The report underscores a weakness in the Android ecosystem: Just because Google makes a patch available it doesn’t mean handset makers or carriers will allow them to be downloaded as soon as they are released, or at all. Then too, users may not have turned on automatic OS updates.

So while 62 per cent of the eligible Android devices in Duo Security’s customer dataset were made by Samsung, only 15 percent of eligible phones had applied the latest security patch. Huawei devices led the pack (almost 80 per cent, perhaps because it makes the Nexus 6P), followed by Motorola (now Lenovo), LG and OnePlus.

The Skycure report also found that nearly one in five (19 percent) enterprise Android devices still allows app installation from third-party stores, despite a system-level setting to turn off this feature. Most security analysts agree the safest place to download an app is Google’s Play Store. But the report says users are nearly twice as likely to download malware from the Samsung store, more than 12 times more likely to find malware at the Amazon store, and more than 72 times more likely to be infected at the Aptoid store.

Also, Bejing-based mobile security product maker Cheetah Mobile says a Chinese hacking group’s Android trojan has become one of the largest families of mobile malware ever. Dubbed “Hummer,” at its peak in April an average of 1.4 million handsets a day were being infected. Victims were largely in India, Indonesia, Turkey, China, the Phillipines and Mexico, although infections have also been seen in America.

Once a phone is infected, the trojan gains root privilege, which makes it very difficult to delete, the company says. The malware continually pops up ads on victims’ phones, pushes mobile phone games and silently installs porn applications in the background. Unwanted apps appear on these devices, and they’re reinstalled shortly after users uninstall them. Unfortunately the company doesn’t explain how users get infected.

Finally, Kaspersky Lab noted on Wednesday the number of mobile devices affected by ransomware took a leap starting in January, according to figures from customers using Kaspersky protection. Alarmingly, for 2015-2016 Canadians were the second largest number of victims (behind Germany, but ahead of the U.K., the U.S., Kazakhstan and Italy). However, while Kaspersky notes mobile ransomware is increasing it still is less than five per cent of all types of mobile malware users were attacked with.

All this means that CISOs should be looking for mobile device management solutions that allow them to see if devices on the network have the latest patches. Employees also need to be regularly reminded of the need to patch devices and refuse to download anything except from the Google or Apple stores.

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times. I can be reached at hsolomon [@]

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now