Web-based malware attacks doubled in the second half of 2013 in comparison with the first half, according to the latest threat report from F-Secure Labs.
Threats targeting Google’s Android mobile operating system accounted for 97% of mobile threats for the whole year, the report revealed.
Web-based attacks, which typically involve techniques that redirect the browser to malicious sites, were the most commonly reported type of attack for the period covered by the report.
Web-based attacks represented 26% of detections, followed by the Conficker worm with 20%.
The three most common exploits detected during the period were all Java-related. Java exploits, however, declined compared with the first half of 2013.
More on web-based attacks
Mac malware continues a slight but steady increase, with 51 new families and variants detected in 2013.
The majority of mobile threats in 2013 were directed at the Android platform, which racked up 804 new families and variants, compared with only 238 new Android threats in 2012.
The remaining 3% of mobile threats were directed at the Symbian platform, with no threats detected against any other platform.
The top 10 countries reporting Android threats saw a little over 140,000 Android malware detections. Most reported detections came from Saudia Arabia (42%) and India (33%). European countries accounted for 15% and the US 5%.
More on Android security
The report noted that because the Android platform itself has relatively few vulnerabilities, the main distribution method is still compromised apps downloaded via third-party app stores.
F-Secure used the publication of the report to reiterate the security firm’s policy of no tolerance for governmental malware and mass surveillance.
“It has always been F-Secure’s policy to detect any malware, regardless of its source,” the company said.
Mikko Hypponen (pictured), chief research officer at F-Secure Labs, said governmental surveillance is not about governments collecting the information people are sharing publicly and willingly.
“It is about collecting the information you do not think you are sharing at all. Just because it can technically be done does not make it right,” he said.