Mobile malware uses the web in various ways. For one, in many cases, malicious URLs are classified as mobile malware disease vectors. We already discussed how cybercriminals utilize them to infiltrate mobile devices in last month’s Mobile Review, The Dangers of Third-Party Apps Sites.

Through malicious URLs, coupled with social engineering techniques, cybercriminals are able to slip malicious apps onto your devices. Since mobile malware attacks are often two-pronged, the involvement of malicious URLs does not stop there.

Cybercriminals not only use malicious URLs to infect your devices with malware, they also need them for further communication. Mobile malware such as backdoors and malicious downloaders need this communication in order to stay undetected and carry out their malicious activities on your device.

Of all the malicious apps we’ve detected so far, 17% have malicious URLs embedded in them. And among those malicious URLs, 90% are classified as disease vectors. This means that when these malicious apps are installed, they will communicate with these URLs to download other malware or malware components.

Around 60% of the malicious URLs queried by malicious apps use North American domains; while 24% and 16% use EMEA (European, Middle Eastern, and African) and Asia Pacific domains, respectively.

This is discussed in detail in our latest Mobile Review, The Communication Function of Malicious URLs. Our e-guide Avoiding Bad URLs in the Mobile Web provides tips and best practices for users.

Since malicious apps rely on malicious URLs for installation and communication, you will need a security solution that blocks threats using reputation technology. Trend Micro Mobile Security Personal Edition provides just that and protects you against malicious apps and URLs.

We’re trying to make the Security Intelligence Blog better. Please take this survey to tell us how.

Ever wonder how those pesky pop-up ads end up on your smartphone? More importantly, do you ever consider what this seemingly harmless display of ads can do to you and your data? There are more to these ads than just taking up space and eating up your phone’s bandwidth and battery life.

This month’s Mobile Review sheds light on the overlooked organizations behind these ads, mobile ad networks. Get to know how they operate, their hidden activities, their motivations, and how they directly affect you. Though not intentionally malicious, their processes can still put mobile users at risk.

Late in November, Senior Threat Researcher Noriyaki Hayashi already gave us a concise breakdown of free app ecosystem and the part mobile ad networks play in it. This report gives an update on how these networks have adapted to further aid app developers and, in some way, protect users as well.

Also in this report is a look at mobile malware type called premium service abusers. We analyzed how they get on smartphones, how they behave, and why they are a preferred money-making scheme of cybercriminals. Compared to our midyear stats, premium services abusers remained the top mobile malware threat in November 2012, with FAKE and BOXER variants alone raking up to over 57% of our total accumulated mobile malware detections.