How the iPhone kick-started the mobile malware revolution

As smartphones have evolved, mobile threats have evolved with them. Today, the total number of malicious mobile apps stands at 21,400,000.

The mobile industry has come a long way. This year celebrated the tenth anniversary of the iPhone: the device that arguably kick-started the smartphone revolution.

Over that time the mobile device has evolved from a clunky voice-only handset into a high-powered fully fledged voice + computing platform. The feature-rich smartphones, tablets and phablets we carry around with us today are a thousand times more powerful than the first mainframe PCs. And for most of us they’re an essential companion; offering access to a huge variety of personal and business applications, ranging from email to social media, personal banking to gaming.

>See also: The history of Apple’s iPhone ahead of the next one

There’s just one problem: while the iPhone gave birth to a new wave of smartphone innovation, it also heralded the start of a serious mobile threat industry, which has major implications for enterprise security.

A worrying blind spot

According to TrendLabs data, the number of unique mobile malware samples collected by Trend Micro now stands at a massive 21.4 million — and it’s growing all the time. It’s not uncommon today to see malicious applications garner millions of downloads, particularly those that manage to slip past the filters and onto Google Play or — more rarely — Apple’s App Store.

This has serious implications for the average business, given the meteoric rise of BYOD. Nearly three-quarters (72%) of organisations allow some members of staff to use their personal device at work today.

>See also: iPhone X analyst reaction: the phone of the future?

Hackers know this, and the fact that they may be less well-secured than typical endpoints. This means attacks are increasingly designed not just to generate money from premium rate services and adware, but also to target on-board data and to use the device as an incursion point into the corporate network. Mobile endpoints still represent a worrying blind spot for many IT security leaders.

A brief history of mobile threats

To understand how we got here, and how quickly threats have evolved in the mobile ecosystem, let’s take a look back at the past 10+ years and some of the landmark events that changed the industry.

2004 — Symbian malware Cabir makes its first appearance, spreading via Bluetooth. Criminals soon monetised this malicious code to produce the Trojan Qdial, disguised as a cracked copy of the game Mosquitos, which sent covert text messages to premium rate services.

2005 — Mobile malware moved into the realms of information theft via Pbstealer, which copied all the data from an infected device’s address book and then tried to send it to any Bluetooth-enabled device within range.

>See also: Apple’s ‘iPhone X’ leak doesn’t damage buzz before event

2009 — SMS fraud Trojans came of age. SMS fraud takes several forms, including sending premium rate texts, or more socially engineered attacks where texts are sent asking the recipient to call a (premium rate) number to confirm a non-existent transaction.

2010 — Following the launch of the iPhone and Android devices, we saw the first ever Trojan for Android; a Russian SMS fraud app detected as ANDROIDOS_DROIDSMS.A. Also that year we saw the very first malware for iOS based devices, although the Ikee worm only affected jailbroken iPhones.

2011 — The first major attack on Google Play via over 50 apps containing a root exploit published on the Android market.

2014 — The volume of malicious and high-risk apps reached a landmark two million unique samples, barely six months after it hit one million. We also saw mobile malware evolving into more sophisticated strains, as is the case with the coin miner ANDROIDOS_KAGECOIN and mobile ransomware ANDROIDOS_LOCKER.A. Over the years, mobile ransomware has evolved from this screen locker type to encrypting selected files folders where photos and videos are stored.

2016 — The highly sophisticated Pegasus spyware was revealed, using a combination of phishing and three iPhone zero-day vulnerabilities (known as Trident), to exploit the phone remotely and launch a cyber-espionage attack against highly targeted individuals. From it, we learned that, despite Apple’s rigorous approach to securing its ecosystem, the iPhone is still vulnerable to exploits and once jailbroken, is wide open to attack.

>See also: 10 things to expect from today’s ‘iPhone X’ launch

Business and society has come a long way in a short space of time, but so have the bad guys. If nothing else, this teaches us that wherever there are users and money to be made, cyber threats will follow.

Organisations looking to minimise the risk of ransomware or data loss via mobile channels must draw up comprehensive policies backed up by advanced endpoint security. This will ensure an appropriate level of device hygiene and that only approved handsets can connect to the network.


Sourced by Bharat Mistry, Principal Security Strategist, Trend Micro

Avatar photo

Nick Ismail

Nick Ismail is a former editor for Information Age (from 2018 to 2022) before moving on to become Global Head of Brand Journalism at HCLTech. He has a particular interest in smart technologies, AI and...