Web-based malware attacks doubled in the second half of 2013 in comparison with the first half, according to the latest threat report from F-Secure Labs.
Threats targeting Google’s Android mobile operating system accounted for 97% of mobile threats for the whole year, the report revealed.
Web-based attacks, which typically involve techniques that redirect the browser to malicious sites, were the most commonly reported type of attack for the period covered by the report.
Web-based attacks represented 26% of detections, followed by the Conficker worm with 20%.
The three most common exploits detected during the period were all Java-related. Java exploits, however, declined compared with the first half of 2013.
More on web-based attacks
- Conficker makes way for web-based attacks, says Microsoft
- How to defend against a DOM-based XSS attack
- Web-based malware: Why detection efforts must go beyond anti-malware
- Web app attacks demand automated defences, study finds
Mac malware continues a slight but steady increase, with 51 new families and variants detected in 2013.
The majority of mobile threats in 2013 were directed at the Android platform, which racked up 804 new families and variants, compared with only 238 new Android threats in 2012.
The remaining 3% of mobile threats were directed at the Symbian platform, with no threats detected against any other platform.
The top 10 countries reporting Android threats saw a little over 140,000 Android malware detections. Most reported detections came from Saudia Arabia (42%) and India (33%). European countries accounted for 15% and the US 5%.
More on Android security
- Securing Android for business
- Top 10 Android security tips
- McAfee finds code-validation dodging Android malware
- Researchers warn of “huge” Android security flaw
- Researchers discover new Android Trojan
- NCSU study says Android vulnerabilities are mostly from manufacturers
The report noted that because the Android platform itself has relatively few vulnerabilities, the main distribution method is still compromised apps downloaded via third-party app stores.
F-Secure used the publication of the report to reiterate the security firm’s policy of no tolerance for governmental malware and mass surveillance.
“It has always been F-Secure’s policy to detect any malware, regardless of its source,” the company said.
Mikko Hypponen (pictured), chief research officer at F-Secure Labs, said governmental surveillance is not about governments collecting the information people are sharing publicly and willingly.
“It is about collecting the information you do not think you are sharing at all. Just because it can technically be done does not make it right,” he said.