In 2015, the volume of malware targeting mobile devices more than tripled compared to 2014. The most dangerous threats in 2015 were ransomware programs, that is, malicious software that can gain unlimited rights to an "infected" device, as well as the programs subtheftdata, including financial malware. 
These are the main findings of the annual Mobile Virusology report, written by Kaspersky Lab's Antimalware Research Group.
In numbers, the landscape of mobile threats for 2015 was shaped as follows:
- 884.774 new malware was detected by Kaspersky Lab. This figure was three times higher than 2014 (295.539)
- The number of new mobile banking Trojan was reduced to 7.030 samples from 16.586 2014
- 94.344 unique users have been attacked by mobile ransomware. This size has more than doubled compared to 2014 (18.478)
Continuous increase in ransomware programs
2015 was the year of ransomware programs. Once a device is "infected" with this type of malware, malicious applications "block" the device with a pop-up window containing a message that the user has committed illegal actions. In order to unlock the device, the user has to pay a ransom that usually ranges between $ 12 and $ 100.
The number of Kaspersky Lab mobile product users attacked by ransomware increased from 1,1% to 3,8% between 2014 and 2015. Attacks were recorded in 156 countries, με τις περισσότερες να εντοπίζονται στη Ρωσία, τη Γερμανία και το Καζακστάν. Το κακόβουλο λογισμικό «Trojan-Ransom.AndroidOS.Small' and its modification, 'Trojan-Ransom.AndroidOS.Small.o', were most active in Russia and Kazakhstan. 'Small.o' was the most prevalent mobile ransomware program detected by Kaspersky Lab in the past year.
The number of ransomware application modifications has increased by 3,5 times, evidence that fraudsters see more and more advantages in extortion as a way of obtaining money. 2016 is likely to see an increase in the sophistication of these malware and their modifications, with more geographies being targeted.
Malware with over-access rights - a threatening development
At 2015, nearly half of 20's most widespread Trojan were malicious programs displaying "embarrassing" ads on portable devices. The most widespread last year were the Trojan programs Fadeb, Leech, Rootnik, GoPro and Ztorg. The scammers used every available method to propagate these Trojan, through malicious web banners, fake games, and even legitimate apps that had "climbed" to official app stores. In some cases, they were "installed" as legitimate software pre-installed by device vendors.
Some of these applications have the ability to gain super-user or root access. These types of permissions give attackers an almost unlimited ability to modify the information stored on a compromised device. If the installation is successful, the malware becomes almost impossible to delete, even after a factory reset. Mobile malware with "root access" rights first became known around 2011, and last year they were extremely popular among digital criminals. This trend is likely to continue in 2016.
Mobile banking malware - Watch your money
Banking Trojans are becoming more complex than reducing the number of changes. The mechanisms of these malicious applications are the same as before: after entering the system of a client computer or a device, the malware overlaps the legitimate websites of a bank or online application of bogus payments. However, the scale at which such malware could be exploited significantly increased 2015. Today, digital criminals can attack the customers of dozens of banks located in different countries, using just one kind of malware, and previously would have used malicious applications that could only attack one or two financial services organizations in just a few countries. An example of a malicious application with multiple goals is Acecard Trojan, which features the tools for attacks against users of dozens of banks and online services.
"As mobile devices become more and more operational, digital criminals are constantly evolving attacks that attempt to steal money from users. Last year was the year of bank Trojan and ransomware programs. Adware programs were widely used to "infect" devices with more sophisticated malware. We also see growing interest in malware that can gain "super-user" access to user devices. In order to keep users safe, they should not omit the use of reliable anti-virus solutions for mobile devices. Let us all keep in mind that it is much better to prevent the threats of seeing losses after "contamination" ", commented Roman Unuchek, Senior Malware Analyst of Kaspersky Lab in the US.
More information about the 2015 mobile malware landscape development is available on the site Securelist.com.
Top 20 malicious mobile programs
| Name | % of all attacked users * | |
| 1 | DangerousObject.Multi.Generic | 44.2 |
| 2 | Trojan-SMS.AndroidOS.Podec.a | 11.2 |
| 3 | Trojan-Downloader.AndroidOS.Leech.a | 8.0 |
| 4 | Trojan.AndroidOS.Ztorg.a | 7.6 |
| 5 | Trojan.AndroidOS.Rootnik.d | 6.9 |
| 6 | Exploit.AndroidOS.Lotoor.be | 6.1 |
| 7 | Trojan-SMS.AndroidOS.OpFake.a | 5.6 |
| 8 | Trojan-Spy.AndroidOS.Agent.el | 4.0 |
| 9 | Trojan.AndroidOS.Guerrilla.a | 3.7 |
| 10 | Trojan.AndroidOS.Mobtes.b | 3.6 |
| 11 | Trojan-Dropper.AndroidOS.Gorpo.a | 3.6 |
| 12 | Trojan.AndroidOS.Rootnik.a | 3.5 |
| 13 | Trojan.AndroidOS.Fadeb.a | 3.2 |
| 14 | Trojan.AndroidOS.Ztorg.pac | 2.8 |
| 15 | Backdoor.AndroidOS.Obad.f | 2.7 |
| 16 | Backdoor.AndroidOS.Ztorg.c | 2.2 |
| 17 | Exploit.AndroidOS.Lotoor.a | 2.2 |
| 18 | Backdoor.AndroidOS.Ztorg.a | 2.0 |
| 19 | Trojan-Ransom.AndroidOS.Small.o | 1.9 |
| 20 | Trojan.AndroidOS.Guerrilla.b | 1.8 |
