The number of malicious apps dedicated to attacking the Apple iOS — which is the system for devices such as the iPad, iPhone, and iPod Touch — has more than tripled over the past three quarters. The amount of such malicious targeting Android devices has remained flat over the same time period.
The findings were part of a report released by Skycure, a company specializing in cybersecurity for mobile devices. Its Mobile Threat Intelligence report scans devices for “high-severity” malicious apps and tracks the volume by quarter. The data comes from Skycure enterprise customers and those who download Skycure’s free tracking app. The cybersecurity industry leader Symantec recently announced plans to acquire Skycure.
According to Skycure’s Vice President of Marketing Varun Kohli, hackers appear to be focusing on iOS because Apple’s products are popular with more affluent consumers and cyber criminals are focusing on this market in order to follow the money.
Already in 2017, a total of 192 exploitable flaws have been detected in the iOS system, a significant increase from the 161 that were discovered in the entire year of 2016. Such vulnerabilities are projected to hit 643 for 2017, a year-over-year increase by a factor of four. The number of vulnerabilities in the Android system is expected to fall slightly, from 523 in 2016 to 500 in 2017.
A silver lining in the report is that greater likelihood that iOS users updating their software regularly, especially in comparison to Android users. Over 90 percent of iOS have migrated to the most recent iOS 10, while only 21 percent of Android users are using the most recent Android 7.
But according to Kohli, updating the iOS system is not a panacea, especially considering the other threats to mobile devices, including physical loss, attacks on the WiFi networks the device might be connected to, and vulnerability exploits.
Specific threats that were found by Skycure include the XcodeGhost, AceDeceiver, and Yispecter malware programs, all of which can appear to be legitimate downloads that are actually cyber attack software.