According to Juniper, until around 2010, the most targeted platforms for mobile malware were Nokia’s Symbian operating system and Oracle’s Java platform. Since that time, a shift occurred toward malware that targeted Google’s Android operating system, a trend that followed the mobile market. Currently, the majority of detected malware threats targeted Android devices.¹

Exploits for iOS devices have been demonstrated, but fewer are often seen in the wild prior to security patches being released. For example, in 2014, WireLurker proved to be an active and ongoing threat to iOS devices. WireLurker loads itself onto iPhones and iPads when the devices are connected via USB to a Mac computer onto which an infected OS X app has already been downloaded.² Threats to iOS devices have been identified every year, including XCode Ghost, AceDeceiver, Pegasus Spyware, and exploits to Java on Mobile Safari. Some of these threats have been distributed through the iOS App Store before being discovered and mitigated and rely on misuse of developer and/or enterprise certificates and also, take advantage of unpatched firmware.

The Android platform still presents a much easier target for malware developers based on many of the criteria that were discussed during the Android module. Unlike iOS, it is more common for Android devices to become stagnant and no longer receive software updates (security patches) due to Manufacturer and Carrier limitations, hardware support, and other factors.

While the platforms listed below are no longer actively supported, it is important to note that NO mobile operating system is immune to attacks, as many earlier malware variants attacked the Windows Mobile, JAVAME, BlackBerry, Symbian, and Nokia firmware as well.

References:

[1] https://for585.com/u2sn- (Juniper report)
[2] https://for585.com/hfj59 (Digital Trends article on WireLurker)