Lookout’s report exposes drivers for encountering malware, new malware distribution methods, profit-making schemes and privacy threats

San Francisco, CA — September 6, 2012 — Lookout Inc., the leading mobile security company, today shared its State of Mobile Security Report 2012. In the report, Lookout explains the issues that individuals faced on mobile devices this year and explores the prominent trends in mobile threats. The report takes a holistic view of the mobile threat landscape, providing important context on an individuals’ likelihood of encountering threats and analyzing the factors that have advanced the malware industry in 2012. The findings are based on information from Lookout’s Mobile Threat Network, which includes threat data collected from more than one million apps and millions of devices worldwide.

The key findings from the State of Mobile Security 2012 report are:

Mobile malware has now become a profitable industry.

Because of its global ubiquity as a phone payment mechanism, premium text billing is the most common tactic used by malware writers to commit financial fraud on mobile. This class of malware, termed “Toll Fraud,” has become the most prevalent type of malware within the past year. Just one family of Toll Fraud malware, FakeInst, accounted for 82 percent of Lookout user detections in June 2012 and is estimated to have successfully stolen millions of dollars from people in Russia, the Middle Eastand parts of Europe.

Mobile privacy is a growing issue.

Privacy is one of the biggest issues people face on mobile devices. In 2012, a significant portion of privacy problems arose from aggressive advertising techniques, including pushing out-of-app ads and accessing personally identifiable information without user notification. Lookout estimates that five percent of Android applications include these aggressive ad networks and these apps have been downloaded more than 80 million times.

Geography and user behavior are main drivers for encountering threats.

People in Russia, Ukraine and China have a significantly higher likelihood of encountering malware than elsewhere. User behavior is the other leading factor; people who download apps outside of a trusted source, like Google Play, have a higher chance of encountering malware.

Visiting unsafe links from a mobile device is one of the most common ways people encounter mobile threats.

Web-based threats like phishing are often able to target both traditional PC users and mobile users equally, making these schemes easy for malware writers to produce and replicate. Lookout’s detected that four out of ten mobile users click on an unsafe link over the course of a year.

Gaming the app ecosystem.

‍Lookout observed malware designed to enable shady app promoters to conduct download fraud. These malware families primarily affected users in China. In the past year, Lookout discovered malware capable of automatically downloading apps from alternative app market sources without the user's knowledge, rooting the phone to download additional apps without warning, or installing third-party app stores.

“Trust is one of the most important factors influencing whether people will continue to use mobile devices to their full potential,” said Kevin Mahaffey, CTO and co-founder of Lookout. “As smartphones and tablets have come to house our personal data, access financial information, and power practically all of our communications, there are more incentives for attackers to strike. Our mission is to identify and solve emerging threats so people around the world can continue to trust their mobile devices”

Read or download the complete State of Mobile Security 2012 report on the Lookout website.

How to stay safe on mobile

• Use caution when downloading apps. Only download apps from trusted sources like Google Play and the App Store. Read user reviews and verify the developer is trusted. Be wary of apps that promise a paid app for free.
• Check for suspicious activity. Review your phone bill regularly to confirm you haven’t been charged. Unusual charges could be a sign that your phone is infected, the result of premium SMS fraud.
• Use caution when surfing the web. Pay close attention to the address when you click on a web link; make sure it matches the web site it claims to be.
• Guard against malware. Download a mobile security app for your phone, like Lookout, that scans for malware, spyware, and other viruses.