Skycure Report Finds at Least One iPhone in Every Large Enterprise is Infected with Malware

Android Devices Are Twice as Likely to Have Malware as iOS Devices

ios-malware-1Palo Alto, Calif. – June 30, 2016 Skycure, the leader in mobile threat defense, today announced the results of its third Mobile Threat Intelligence Report, based on worldwide mobile threat intelligence data from Skycure. The report, which focuses on malware in the enterprise, found that large organizations (defined as companies or agencies with more than 200 iOS or Android mobile devices) are almost guaranteed to have at least one malware-infected device. Companies with Android devices are nearly twice as likely to have malware.  The report also found that four percent of all mobile devices have malware installed, regardless of whether they are managed by an enterprise or an individual.

“Malware absolutely exists on enterprise mobile devices and standardizing on iOS doesn’t make you safe,” said Yair Amit, CTO of Skycure. “Unlike the nuisance malware of the past that targeted only consumers, today’s malware is smarter, and often more focused on businesses. We have seen recent attacks that have been specifically designed to circumvent two-factor authentication. Smartphones make excellent reconnaissance tools because they are able to track a user’s conversations and movements twenty-four seven. That means malware can target specific individuals for access to valuable personal and corporate information.”

The State of Malware

Enterprises today are still struggling to manage mobile devices within their workforce. Keeping devices secure while still allowing them access to corporate systems is a complicated problem, especially with many workers using their own devices to connect to enterprise applications and documents. Malware can be difficult to pinpoint in an enterprise managing hundreds or thousands of devices, each installed with hundreds of apps.

The Skycure report found the following by studying malware in the enterprise:

  • Three percent of all enterprise iOS devices have malware installed, and nearly twice as many (5.7 percent) of all enterprise Android devices are infected

  • Android devices have a greater variety of malware. Total Android malware consists of 76 percent unique varieties, while only 22 percent of all installed iOS malware was unique.

  • On average, enterprises have more than three unique varieties of malware. The study analyzed an average of more than 290 apps per device.

  • The report found the worst time of day to install apps is the hour from 9:00-10:00 am ET. That hour is as much as 10 times the rate of other hours during the day.

  • Mobile ransomware continues to increase, with screen-lock ransomware as the most prevalent. However, crypto-ransomware, where content is unrecoverable even if the user is able to access their files, is growing in popularity.

The Third-party App Store Threat

The report found that nearly one in five (19 percent) enterprise Android devices still allows app installation from third-party stores, despite a system-level setting to turn off this feature. According to the study, this is a problem because third-party app stores are much more likely to deliver malware. The report ranked the Google Play store the safest place to get Android apps. Users are nearly twice as likely to download malware from the Samsung store, more than 12 times more likely to find malware at the Amazon store, and more than 72 times more likely to be infected at the Aptoid store.

Network Attacks Still a Bigger Threat

While the report focuses on malware, it notes that malware is only one of the mobile threats facing enterprises. In fact, the report found that network incidents happen five times more often than malware incidents. Of all the incidents detected, 70 percent were network-based compared to 13 percent malware-based. Diving deeper into the network incidents, the study found the largest number of threats from SSL Man in the Middle attacks, which intercept a communication between two systems. The second largest threat came from content manipulation attacks, in which hackers alters data to cause a victim to perform desired actions through a manipulated interface or in a third-party system.

Nearly one in every three enterprise mobile devices are medium-to-high risk according to the Skycure Mobile Threat Risk Score. Two in every hundred are high risk–meaning they’ve already been compromised or are currently under attack. The Skycure risk score takes into account recent threats the device was exposed to, device vulnerabilities and configuration, and user behavior.


Mobile malware is a challenge every enterprise security team faces today. Organizations looking to defend their mobile ecosystems from such threats should follow advice from the major EMM vendors, which all recommend adding a Mobile Threat Defense solution. Traditional approaches that leverage standard static and dynamic methods alone are good, but not enough to detect malware created with the new methods hackers are devising every day. The SANS Institute suggests a strategy that builds on this traditional approach by adding multiple layers of threat intelligence and advanced analytics. In addition to the local threat information collected and analyzed on the device, organizations can benefit from crowd-sourced threat intelligence from many distributed devices and additional server-side analysis to identify and protect enterprises even from sophisticated malware that bypasses classical detection methods.

“Malware is one of the biggest challenges our customers face in securing a mobile workforce,” said John Morgan, Vice President of Product and Ecosystem, MobileIron. “Our customers find our technologies complementary. Skycure detects and protects against both known and unknown threats, while MobileIron helps customers take action to remediate those threats.”

About the Mobile Threat Intelligence Report

The Skycure Mobile Threat Intelligence Report reviews worldwide threat intelligence data. Today’s report is based on millions of monthly security tests from January through March 2016 and includes both unmanaged devices and those under security management in enterprise organizations. Data includes Skycure’s proprietary Mobile Threat Risk Score, which acts as a credit score to measure the risk of threat exposure for mobile devices. For organizations, Skycure condenses millions of data points to calculate a risk score so that IT can quickly discern the state of the overall system and the risk to each device.

For a copy of the Mobile Threat Intelligence Report go to:

For details and to learn more about how Skycure Mobile Threat Defense protects organizations and prevents cyber attacks without compromising the mobile user experience or privacy, visit or request an assessment.

About Skycure

Skycure is the leader in mobile threat defense. Skycure solutions detect and prevent cyber attacks without compromising the user’s privacy or mobile experience. Skycure’s predictive technology uses a layered approach that leverages massive crowd-sourced threat intelligence, in addition to both device- and server-based analysis, to proactively protect mobile devices from malware, network threats, and app/OS vulnerability exploits. Skycure Research Labs have identified some of the most-discussed mobile device vulnerabilities of the past few years, including Accessibility Clickjacking, No iOS Zone, Malicious Profiles, Invisible Malicious Profiles, WifiGate and LinkedOut. The company is backed by Shasta Ventures, Pitango Venture Capital, New York Life, Mike Weider, Peter McKay, and other strategic investors.

Previous post

What kind of VR meet-up settings can users expect to see?

Next post

The changing landscape of the mobile gaming industry