Home / IT / Telecom / Tech/ iOS malware increasing faster than Android malware

iOS malware increasing faster than Android malware

Comments / {{hitsCtrl.values.hits}} Views / Monday, 11 September 2017 00:00

  • Number of disclosed iOS vulnerabilities in Q1 2017 surpassed all of 2016, says expert’s report

Skycure, the leader in mobile threat defense, has released the company’s latest mobile threat intelligence report ‘10 Years of (Hacking) iOS’. 

The report examines the security impact of iOS on the enterprise over the past 10 years and includes Skycure analysis of iOS mobile threat data from the first quarter of 2017. The study found that as iOS has become more popular as a platform, especially for enterprise executives and government agency officials, the rate of attack and incidents of malware have increased. According to the report, the percentage of enterprise iOS devices that have malicious apps installed today has more than tripled since Q3 2016. 

In comparison, the rate of Android malware infections has stayed relatively flat. In addition, the number of disclosed vulnerabilities in the first quarter of 2017 was greater than all of 2016.

Co-founder and CTO of Skycure Yair Amit said: “iOS has had a profound effect on the security of enterprises. The iPhone ushered in the trend of BYOD, and the concept of apps and the app store, changing how IT manages corporate networks and equipment. The impact of iPhones and iPads on work productivity means more employees are choosing iOS devices for BYOD, and that makes iOS a valuable target for hackers. The number of vulnerabilities and malware does not indicate how secure a platform is but it does indicate how often hackers are attempting to break into it. Increasing malware and vulnerabilities demonstrate that hackers want to break into iOS devices. Enterprises need to make sure that they don’t find a way in.”

There’s a (Malicious) App for that

The Skycure study reports that malware on iOS devices is becoming more prevalent as the sophistication of exploits continues to increase. The rate of iOS malware has continued to increase and tripled from Q3 2016 to Q1 2017.

Apple does a tremendous job of keeping malware out of the App Store. A common misconception is that iOS devices can’t get malware because apps must come from the Apple App Store. In truth, there are many ways to infect an iOS device, according to the Skycure report. The Skycure report lists the following methods and examples of threats that exploited them to infiltrate devices:

  • Via App Store (example known campaign includes XcodeGhost)
  • Via malicious app using Apple-approved certificate (example known campaign includes AceDeceiver)
  • Via sideloaded app (example known campaign includes Yispecter)
  • Via jailbroken device (example known campaign includes Xsser mRAT)
  • Via cable (example known campaigns include Wirelurker, Malicious Chargers)
  • Via malicious settings (example known campaign includes Malicious Profiles)
  • By leveraging an OS vulnerability (example known campaign includes Pegasus)

Today’s attacks are becoming very good at hiding their presence to extend the period of control or spying access. XcodeGhost exploited the iOS development environment itself to get malware into the App Store. The report includes a ‘Mobile Kill Chain’ to demonstrate the step-by-step process used by the most dangerous mobile threats today, beginning with targeted social engineering to get the victim to click or install something, then jailbreaking the device, and ending with the bad guys having access to GPS, camera, microphone, SMS, email and other apps.

Publicly disclosed vulnerabilities are on the rise but iOS devices are patched quickly

One of the most important things that can be done to secure a mobile device is to be sure it is on the latest security patch. Despite the increase in malware, iOS devices have a much shorter window of vulnerability to any exploit because they are more likely to have the most updated security patches. 

In the Skycure study, 91% of active devices were on the latest major version (iOS 10) at the end of Q1, and 22% were on the latest minor release (iOS 10.3). By comparison, only 21% of Android devices were on the most recent Android version (7.0 – Nougat). A previous Skycure report found that 71% of Android devices still run on security patches more than two months old.

iOS and risky network exposure

The Skycure report also examined the risk of network exposure on iOS devices, finding the following in Q1 of this year:

  • iOS devices in Europe connect to more risky networks and experience a higher rate of network incidents than iOS devices in the US
  • iPads are much less likely to connect to risky networks than iPhones. About 39% of iPhones experienced risky network incidents, averaging over seven incidents per affected device, while only 25% of iPads were exposed, averaging only five incidents each.

In any typical organisation, about 21% of all mobile devices will be exposed to a network threat in the first month of security monitoring. This number goes to 41% over the next three months.

Top five recommendations to keep iOS device safe

The Skycure researchers offered the following tips to keep iOS devices safe:

  • Don’t click, install or connect to anything that you are not confident is safe.
  • Only install apps from reputable app stores.
  • Don’t perform sensitive work on your device while connected to a network you don’t trust.
  • Always update to the latest security patch as soon as it is available for your device.
  • Protect your device with a free mobile security app like Skycure – https://apps.skycure.com/

Share This Article


1. All comments will be moderated by the Daily FT Web Editor.

2. Comments that are abusive, obscene, incendiary, defamatory or irrelevant will not be published.

3. We may remove hyperlinks within comments.

4. Kindly use a genuine email ID and provide your name.

5. Spamming the comments section under different user names may result in being blacklisted.


Today's Columnists

Great ‘Gamperaliya’: A great novel made into a great film by a great director

Saturday, 23 June 2018

‘Gamperaliya’ (Changes in the Village/Changement au Village) was the third feature film made by ace director Lester James Peries. It was released on 20 December 1963.The film was based on the famous novel of the same name written by the doyen of

Thushani takes Todos to new heights

Saturday, 23 June 2018

Thushani Rodrigo has always amazed me. From the very first day I met her, I have been in awe of her strength, courage and grace and constantly impressed by her creativity. The discipline and commitment she brings to her work, her farsightedness and h

Confusion in Maldivian opposition is to Yameen’s advantage

Saturday, 23 June 2018

The ongoing confusion in the ranks of the Maldivian opposition, barely three months before the presidential election, works to the advantage of the incumbent President and candidate of the Progressive Party of the Maldives (PPM), Abdulla Yameen.

Implications of inward FDI on China: Lessons to be learnt

Saturday, 23 June 2018

China overtook the United States to become the largest trading nation in the world in 2014. China is the second largest economy in the world behind the United States and the largest exporter in the world. It is referred to as the factory of the world

Columnists More