Mobile threats, powered by risky behavior, are evolving country by country

Like some giant Darwinian experiment, mobile threats are evolving differently by country – but, according to a new report from mobile security firm Lookout, the biggest risk factor is user behavior.

The report, “Mobile Threats, Made to Measure,” is based on data from 50 million Lookout users last year. It points to country-based specialization for chargeware, malware, and adware, as developers modify their strategies for different threat environments.

But in any of the environments, Lookout security product manager Jeremy Linden told VentureBeat, “Risky behavior by users is the best indicator” that a mobile threat will hit.

“If you speed your car,” he noted, “you’re more likely to get into an accident.”

Similarly, Linden said, “If you encounter chargeware, it’s usually because you’ve visited a porn site or ad, and that behavior exposes you to more dangerous threats.” In chargeware, users are lured into apps or subscriptions that deceptively bill their victims.

“Risky behavior,” the report notes, “begets other risky behavior.” So, “[Having] a malware trojan on your phone means you’re seven times more likely to download another app with a Trojan.” An encounter with adware means you’re twice as likely to download an app with adware again.

By country

User behavior can differ by country, as can laws and the ways in which billing, such as for premium rate SMS texting to send money, are handled. And that leads to different species of mobile threats.

Europe, for instance, has fairly stringent mobile regulations, so attackers are avoiding straight-on, premium-rate SMS in favor of chargeware that the report describes as “‘grey area’ tactics like deceptive, if legal, in-app billing practices.”

In France, those kind of “grey area” tactics ensnare 13 percent of users. It’s 20 percent in the UK, but only 5 percent in the less-regulated U.S., where other threats like adware are flourishing.

Trusted app stores are common in the U.S., so the encounter rate for malware — viruses, Trojans, worms, and spyware — is only four percent. But in China, with more third-party app stores, it’s 28 percent.

Russia, where the encounter rate is 63 percent, is a kind of malware paradise. The malware money engine in Russia is leading to a population boom of malware creations and a robust environment of rarely prosecuted criminal startups. In Japan, a strict regulatory environment has kept its malware encounter rate to a bare one percent.

Now, a bit of hopeful news.

Adware, which serves pestering ads that often harvest personal information, had similar encounter rates everywhere in the first half of last year. In September, Google removed Android-based adware from its store and set new policies. Android-based adware saw a drop in countries served by Google Play.

Action by big players can help. In Europe, Linden said, carriers “are becoming more aware of the fraudulent billing problem” behind chargeware, so the second half of this year might see that kind of threat drop there.