mobilesecurity.com [Mountain View, CA]  The mobile malware world is still in its infancy when compared with Windows threats, and here at mobilesecurity.com we’re planning to let you know when we spot trends that make us sit up and take notice. Symantec annually releases its Internet Security Threat Report – and with a global intelligence network of almost 65 million ‘attack sensors’, they’re pretty well-placed to deliver a summary of the previous year’s most fear-inducing online nastiness.

2011 was noteworthy for a number of reasons – hacktivism was without a doubt the topic that attracted the most attention, and ‘hacking’ barely took a break from the front page – either through the efforts of Anonymous and Lulzsec; the ongoing Wikileaks saga; or daily updates of celebrity phone-hacking exploits by the UK media.          

What we found particularly interesting is news of the escalation in mobile threats that could affect everyone with a smartphone. Android threats appeared on unregulated Android markets in January and February – with malware authors adding malware to the most popular free apps, which were then released on unofficial android markets. In March 2011, Symantec noticed Android.rootcager on the official Android market (now Google Play) – and when Google released a security tool to fix this, the bad guys took this tool, trojanized it, and released that too on unofficial Android markets.

If we look at the bare numbers, there were 315 mobile vulnerabilities in 2011, compared to 163 in 2010. Mobile malware clearly hasn’t grown to anything like the number of threats that we see on the PC market, but with growth of over 93% year-over-year – and the lack of awareness and understanding of what constitutes a mobile threat – there is real cause for concern.  We can expect the number of threats to continue to grow exponentially as cybercriminals continue to discover ways to exploit the rapidly-growing adoption of smartphones across the globe.

Symantec’s Internet Security Threat Report also highlights the different types of activity malware authors are turning their attention to. Over 50% of last year’s Android threats were designed to collect device data or to track users’ activities – so harvesting information is equally important on mobile platforms as it is on Windows. But one of the most popular methods mobile malware authors employed last year to actually make money was to send premium SMS messages from infected phones. This really illustrates how important it is for smartphone users to understand the permissions each app requires when they install it. It’s all too easy for consumers to simply skip the ‘permissions’ notification screen when updating or downloading an app, but when smartphones are increasingly being used to store personal and financial information, everyone needs to be on heightened alert for cybercriminals on phishing expeditions into our private lives.

Norton has created some interesting graphics to help illustrate the trends in mobile malware – print it out and post it on your office noticeboard – or take a look at the full Internet Security Threat Report.