The crackdowns by premium-rate regulator PhonepayPlus appear finally to have paid off with new figures from Lookout showing a sharp fall in the number of UK mobile users encountering malware and SMS scams during 2014.
Lookout’s latest Mobile Threat Report (drawn from its own user base of 60 million) showed an overall UK malware ‘encounter rate’ of 5 percent during 2013, which last year dropped sharply to 2 percent.
The equivalent rate for France and Germany in 2014 was 3 percent, for Japan 1 percent, in all three cases roughly stable compared to the year before. In the US the encounter rate surged from 4 percent to seven percent, making the country a mobile malware hotspot among developed countries.
The UK fall seems to be explained by a marked decline in the prevalence of adware and chargeware (apps that charge for content without consent), a category that includes the spate of premium rate SMS scams that have plagued UK users in recent years.
Lookout’s interpretation is that this is explained by prosecutions by regulator PhonepayPlus, which commented on the figures.
“As Lookout’s latest report shows, effective regulation in partnership with the information security industry can make a real difference,” said acting chief executive of PhonepayPlus, Jo Prowse.
“PhonepayPlus is continuously working to monitor and counter mobile malware that misuses premium rate services, and when required we will take robust action to protect UK consumers and the digital economy.”
Equally, while the UK chargeware encounter rate has fallen from 23 percent, it still stands at 11 percent, the highest of all the countries for that particular category of threat.
PhonePay Plus can therefore claim to have had some effect but only in stemming what was an unacceptably bad situation.
The top 2014 UK malware threat was SMSCapers, a porn-to-chargeware con, followed by a scareware/ransomware app called ScareMeNot. The NotCompatible malware that has been around since 2012 also featured.
In the US, NotCompatible remains the main threat, followed by Koler ransomware that locks up the user’s mobile after claiming to have detected illegal activity. This spread surprisingly fast last summer using innovative worm-like behaviour.
The appearance of ransomware is probably a good pointer to the future development of mobile malware. SMS fraud is hard work and can be blocked through mobile networks; ransom attacks involve a request to the user but can bypass that form of control.
“In 2014 the new and noteworthy mobile security trend was a surge in new mobile threat tactics like ransomware and an increase in threat sophistication and experimentation,” said Lookout’s researchers.
For Android devices at least, some kind of mobile security app is starting to look like a must have rather than an optional extra.