‘Malvertising’: Mobile Users’ Main Malware Threat

Given the increasing use of mobile devices for work and play, it’s not surprising that Web ads now present the biggest malware threat to mobile users, according to a study by Blue Coat Systems. In as little as a year, Web ads have replaced pornography as the most prominent threat, directing mobile users to malware every one in five times.

“Malvertising,” the Web ads that direct users to malicious sites or that have malicious code, tripled as a threat factor during 2013, the study reports.

The multiple points of entry into the advertising and marketing world make it difficult for mobile device users to detect the difference between malicious and trustworthy ads. Human behaviors and trust are inherent in the success of these attacks, which, the report said, are based on social engineering.

In the study, shopping ranked as the fifth most common activity for mobile device usage. “From a mobile threat perspective, it’s a very logical business strategy for [hackers] to start narrowing in on the shopping category,” said Sasi Murthy, vice president of marketing and security for Blue Coat. She recommends that users shopping with their mobile devices always purchase from a trusted retail site and never link from a Web ad for purchasing.

Even though pornography decreased in its threat over the past year, mobile users of this type of content should be cautious. Pornography accounts for less than one percent of all types of content requests on mobile devices, but it leads to 16 percent of all attacks, according to the study.

Mobile users should also be alert for tried-and-true phishing scams. For example, users should avoid text messages that say a bank account has been compromised and request that a suspicious link be opened for follow-up.

Awareness of malvertising is essential because mobile device users request nearly double the amount of recreational content—for entertainment, shopping and sports, etc.—that PC users do, the report shows. This sets them up as targets for hackers who are ready to exploit them at their “popular watering holes.”

Twenty-two percent of the global population now owns smartphones, compared with 20 percent who own PCs. It’s important to note that social networking and shopping occur more frequently on mobile devices than on PCs.

Fortunately, hackers have not yet learned how to hijack mobile devices, Murthy says, but they are certainly exploiting people through common “trust models.”