Mobile app users in PHL more vulnerable to malware

By Beatriz Marie D. Cruz, Reporter

FILIPINO mobile application users experience malware attacks more often than the global average, with brands needing to work double time to increase their safeguards against fraud as attacks become more advanced, according to mobile app security company Appdome.

The average infection rate of malware on Philippine mobile devices is at 16%, higher than the global average of 9%, Appdome Co-Creator and CEO Tom Tovar said in an interview with ����ý.

“I think that’s in part due to the mobile-first nature of the Filipino market. Filipinos tend to lean into technology very quickly,” Mr. Tovar said.

Filipinos use an average of 11 mobile applications per day, higher than the global average of six apps and the US average of five, he said. A recent report by consumer intelligence firm Meltwater and creative agency We Are So-cial also showed that Filipinos spend an average of eight hours and 52 minutes daily on the internet, ranking third worldwide.

“You’re more likely to [attract] more opportunities for a malware maker to get something on your device if you’re downloading more apps.”

Mr. Tovar said 60% of the malware that infected Philippine mobile devices were spyware attacks, or those that log users’ keystrokes, clicks, and logins. Around 30% were harvesters, or attacks that steal usernames, passwords, and credit card information, while the remaining 10% were banking and payment trojans, which compromise transactions.

Filipino mobile users are now more concerned about attackers stealing their personal information, money, and other sensitive data, he said.

“If you look at the consumer sentiment, Filipino consumers care very much about data security and data privacy, but they care a lot more about protection from frauds, scams, account takeovers, and things that would take their money and identity.”

Around 88% of Filipinos said they favor preemptive anti-fraud measures when transacting through apps over reimbursement, Appdome data showed.

However, firms are “too slow” to keep up with the increasing sophistication of malware attacks, Mr. Tovar said.

“I think they’re outgunned and outclassed. They’re focused on data protection and compliance, which is great, but it’s not where the main attack surface is. The main attack surface is in fraud, scams, in malware, and in AI (artificial intelligence) deepfakes.”

AI has also increased the proliferation of polymorphic attacks, or those that can dynamically adjust to evade detection, he said.

“In the old world, you’ll get a trojan or malware installed on a device, and whatever it does, it does,” Mr. Tovar said. “But these days, with AI agents, they have the ability to shape shift in the middle of the process.”

New mobile app launches are expected to nearly double every year due to AI and cybersecurity teams will need to keep up to ensure the safety of their users, he said.

“They need to put AI at every single step in the defense lifecycle or they’re just going to be outrun by everybody else.”