Is malware lurking in your employee's smartphone?

Data stealing Android malware is on the rise, say reports

IT professionals are increasingly concerned about the security risks posed by personal mobile devices in the workplace, particularly the introduction of malware into the corporate network.

That concern is justified, according to the latest stats from Fortinet's (NASDAQ: FTNT) FortiGuard Labs. Over the last six months, there has been a 30 percent increase in mobile malware, with more than 1,300 new samples appearing every day.

Android malware appears to be the biggest culprit. FortiGuard Labs is tracking over 300 unique Android malware families and over 250,000 unique Android malware samples.

Malware that infects mobile devices can then infect corporate networks when the devices access the network. Once on the network, malware can steal data or disrupt the network's functions.

"Three years ago, mobile malware wasn't much of a concern for users or businesses…However, as devices have proliferated, so, too, have cybercriminals eager to capitalize on the growing user base, and our research shows the proliferation of mobile malware will not abate anytime soon," says Axelle Apvrille, senior mobile anti-virus researcher at FortiGuard Labs.

While many of the malware families are new, they are exploiting existing vulnerabilities in Java, Acrobat, and Apache. While many of these holes have been patched, unpatched mobile devices are numerous and are being targeted.

FortiGuard Labs' data about Android malware jives with recent stats from Trend Micro, which found Android malware on Google Play rose 40 percent between the first and second quarter of this year.

The number of Android malware apps increased to 750,000 in the second quarter, up from 509,000 in the first quarter. About one-quarter of that Android malware is designed to steal data, according to Trend Micro.

This discouraging stats follow on the heels of reports about the Android master key vulnerability that affects almost all Android devices.

As reported by FierceMobileIT last month, Bluebox Security discovered the Android master key vulnerability that enables an attacker to turn a legitimate app into a trojan and steal corporate data, retrieve password and account information, and record phone conversations.

For more:
- see the Fortinet release
- check out the Trend Micro report

Related Articles: 
Android users must disable security setting to download enterprise apps, says Bluebox
Symantec uncovers 1,200 malicious apps on Google Play this year
Android security holes just keep coming  
Widespread Android flaw opens enterprises up to data theft, warns Bluebox