Mobile threats are evolving and growing, especially for Android devices. In 2017, SophosLabs analyzed over 4 million malware samples, the vast majority coming from outside of Google's Play store. While the Play store removed over 700,000 violating apps, 37% of all submitted apps were potentially harmful. Several malware families have been discovered on Google Play by SophosLabs infecting over 280 million users. The number of new Android malware and potentially unwanted apps continues to increase yearly, with ransomware and cryptominers being increasingly common monetization methods employed by cybercriminals.

1. Confidential - Sophos internal and partners only 1
Mobile threats are here to stay and evolving
Everyone is mobile
• Every organization faces security
risks when employees mix personal
and business access to apps, email,
the internet from a device
• Any device that is roaming is
vulnerable
• Employee productivity versus
security must be balanced
• Every business needs to evaluate
what their risks are
Core reasons why Android
devices are attacked
• Google Play store is not
immune to malware
• 3rd party stores are a major
attack vector
• Multiple ways to monetize:
ransomware, cryptojacking, banking
Trojans, rogue advertisement and
premium SMS

2. Mobile Threat Data Points
Confidential - Sophos internal and partners only 2
iOS THREATS
<10
ANDROID THREATS
4 Million+
VS.
2017 SophosLabs Analyzation
Vast majority of
4 Million Malware Samples
came from outside
Google’s walled garden
In 2017, Google Play reported
35 different threat families
Google took down
700,000 packages
violating Google Play policies
A continuing trend:
47 threat families so far
6 of 37 malware families
discovered at SophosLabs

3. Android apps removed from Google Play
3
37% potentially harmful applications removed from Google Play in 2017 – SophosLabs
Total apps
submitted to
Google Play in
2017:
2,144,733
Free Apps:
2,012,893
Paid Apps:
131,840
37% - Removed from
Google Play app store
Free Apps: 681,241
Paid Apps: 109,897
Left in Google Play:
Free Apps: 1,331,652
Paid Apps: 21,943
14.2 billion installs
Built by 184,852
developers

4. Malware on Google Play found by SophosLabs
4
Cumulative number of malicious apps on Google Play from July 2017 till September 2018
0
2000
1800
1600
1400
1200
1000
800
600
200
400
(number of unique applications)
July 2017 January 2018 September 2018
SonicSpy
CPUMiner
ExpensiveWall
BankBot
AsiaHitGroup
Tizi
LightsOut
MyEtherWallet
47 New Malware Families
280 Million Downloads
6 out of 37 Malware Families
Discovered in 2018 Were
Discovered by Sophos

5. Android Malware Growth, 2015-2018
5
Annual rate of new Android malware and PUA collected by SophosLabs
0
500,000
1,000,000
1,500,000
2,000,000
2,500,000
3,000,000
3,500,000
4,000,000
4,500,000
2012 2013 2014 2015 2016 2017 2018
Malware PUA
Source: SophosLabs, 2017
100%
increase in new
malware sightings
expected, as
compared to 2015
projected

6. Android Ransomware: No sign of going away
6
0
50,000
100,000
150,000
200,000
250,000
300,000
350,000
400,000
450,000
500,000
2013 2014 2015 2016 2017 2018 Jan-
Aug
New Android ransomware samples
collected by SophosLabs, per year
SophosLabs: Cryptojacking is
replacing ransomware as a
preferred monetization route.
But ransomware shows no sign
of going away

7. Cryptominers: On The Rise
Confidential - Sophos internal and partners only 7
SophosLabs:
• Discovered 25 cryptomining apps on Google Play disguised
as games and educational applications on September 24,
installed more than 120,000 times LINK
• Observed more than 20,000 different variants of the Loapi
cryptomining malware in the second half of 2017
function startMiner(n, id)
{
if (isAlreadyStarted)
return;
isAlreadyStarted=true;
var miner = new
CoinHive.Anonymous(id, {
threads: n-1,
autoThreads: true,
throttle: 0.5
});
miner.start();
}
Generates cryptocurrency
for cybercriminals

8. Resources
Confidential - Sophos internal and partners only 8
SophosLabs Uncut “Android”
o Research straight from SophosLabs
Naked Security News
o Industry security news
SophosLabs on Twitter
o Follow for breaking news
and updates
Sophos Mobile Security
o Technology innovations
and protection