How has the mobile security landscape changed over the past year? What types of threats were most common? How were malicious actors’ techniques evolving, and, going forward, how do security teams keep pace with these changes?
When it comes to securing mobile apps and devices, the more you know about the threats and how they’re evolving, the better. That’s why you don’t want to miss our new 2023 Global Mobile Threat Report.
This report offers a comprehensive examination of the trends that shaped the mobile security landscape over the last year. Report authors draw extensively from Zimperium’s zLabs researchers as well as third-party industry experts.
Global Mobile Threat Report: Three Key Takeaways
Below are three of the top takeaways from this report.
#1. Mobile Malware Proliferating Dramatically
Mobile malware is continuing to proliferate, both in volume and in the number of variants detected. Between 2021 and 2022, the total number of unique mobile malware samples rose by 51%, with more than 920,000 samples detected.
There were an average of 77,000 unique malware samples detected every month in 2022. On average, each week, Zimperium protected its customers from 2,000 so-called “zero-day” samples– which are samples that had not yet been identified by the industry in general.
Below are three of the most notorious malware campaigns that made the news in 2022.
- Dark Herring campaign. Early in 2022, Zimperium discovered this malware campaign, which successfully targeted more than 105,000,000 victims around the world. This scamware campaign is estimated to have exacted hundreds of millions of dollars in losses.
- TeaBot campaign. First detected in 2021, this banking trojan saw rapid proliferation throughout 2022. Ultimately, more than 400 apps were found to be infected with this malware.
- RatMilad campaign. The Zimperium zLabs team issued a warning about this Android spyware campaign in the fall of 2022. Once this malicious app was installed on a victim’s mobile device, threat actors were able to gain control over devices and view contacts, phone call logs, media, and files.
#2. Mobile Users Increasingly Targeted by Phishing Attacks
Phishing attacks against mobile device users keep growing more widespread—and users keep being victimized. In 2022, 80% of phishing sites detected either specifically targeted mobile device functionality or were designed to function on both desktop and mobile systems.
Further, mobile-focused phishing attacks tend to be more successful. In fact, the average user is six to 10 times more likely to fall for SMS-based phishing attacks than email-based attacks.
#3. No Mobile Platform is Immune
Mobile threats remain a significant risk for users on each of the major mobile device platforms.
Between 2021 and 2022, the number of critical vulnerabilities discovered on the Android operating system grew from 571 to 897, a 138% increase. In 2021, Zimperium detected malware on 1 in 50 Android devices. By 2022, this rate grew to 1 in 20 devices.
On the other hand, Apple iOS platforms account for a significant majority–80%, of the zero-day vulnerabilities being exploited in the wild.
The data points above demonstrate there is no shortage of bad actors targeting mobile-first organizations. As mobile threats continue to evolve and expand, Zimperium remains dedicated to providing the advanced mobile-first security necessary for organizations to stay ahead of attacks.
We produced this annual Global Mobile Threat Report to help CISOs and security professionals understand the mobile risks targeting enterprises for both applications and devices. The findings in this report will help security teams evaluate their mobile security environment and improve defenses to ensure a mobile-first security strategy.
Download Your Copy
Download the 2023 Global Mobile Threat Report to learn more about these key takeaways and many other findings from the mobile threat landscape. Download now.