Businesses that issue iPhones and iPads to their employees – or let them connect to company networks with their own – pay heed.

XcodeGhost, a compromised version of the iOS developer platform Xcode, poses a substantial threat to enterprise mobile devices. Android is far from safe, with HummingBad posing an increasing threat.

That’s according to Check Point Software Technologies’ latest Threat Index, highlighting the most prevalent malware families being used to attack organizations’ networks and mobile devices globally in April. The company identified 2,000 unique malware families last month, a more than 50 percent increase since March.

Researchers found XcodeGhost remains a threat even though it was pulled from the Apple App Store in September 2015. In general, attacks targeting iOS devices moved into the top three most common mobile malware for the first time.

HummingBad remained in the overall top 10 of malware attacks across all platforms during the period. Despite only being discovered by Check Point researchers in February, it has rapidly become commonly used, indicating hackers view Android mobile devices as weak spots in enterprise security and as potentially highly rewarding targets.{ad}

“As organizations’ dependence on mobility continues to grow, this latest research highlights cybercriminals are taking advantage of these devices, as they are proving to be the weakest link in enterprise IT security,” said Michael Shaulov, Check Point’s head of mobility product management. “This data also reinforces the need for businesses to have a strategy of advanced threat prevention on not only networks – but also on all endpoints and mobile devices – in order to best stop malware at the pre-infection stage.”

Overall in April, Conficker was the most prominent malware family, accounting for 17 percent of recognized attacks, while Sality was responsible for 12 percent and Zeroaccess for 6 percent of the recognized attacks.

Conficker is a worm that allows remote operations and malware to be downloaded, while Sality is a virus that allows remote operations and downloads of additional malware to infected systems by its operator. Zeroaccess is a worm that targets Windows platforms, allowing remote operations and malware download.

HummingBad, XcodeGhost and Iop, an Android malware that installs applications and displays excessive advertising by using root access on the mobile device, were the top three mobile malware families in April.

Check Point’s index is based on threat intelligence drawn from its ThreatCloud World Cyber Threat Map. The ThreatCloud database holds more than 250 million addresses analyzed for bot discovery, more than 11 million malware signatures and more than 5.5 million infected websites, and identifies millions of malware types daily.