The Green Sheet Online Edition
April 11, 2016 • Issue 16:04:01
Mobile moving target
As mobile device use accelerates worldwide, so do malware attacks. According to the latest Kaspersky Lab Mobile Virusology report, the volume of malware targeting mobile users more than tripled last year. The firm detected 884,774 new malicious programs launched globally in 2015, up from 295,539 in 2014.
Advancements in mobile have made it an attractive target. "As mobile devices become more and more functional, cybercriminals have become more and more sophisticated at attacks that attempt to steal money from users," said Roman Unuchek, Senior Malware Analyst at Kaspersky Lab USA.
Ransomware, which has long been the scourge of business network users, now attacks mobile users. Incidents involving ransomware grew from 1.1 percent to 3.8 percent of mobile product attacks tracked year-over-year by Kaspersky. Last year, Russia, Germany, Kazakhstan and the United States led the pack of 156 countries impacted.
Once a device is infected, the ransomware app blocks the device with a pop-up window carrying a message that the user has committed illegal actions, Kaspersky noted. To unlock the device, the user typically pays a ransom of anywhere from $12 to $100.
According to the Blue Coat Systems Inc. 2015 Mobile Malware Report: Familiar Threats Get More Sophisticated, ransomware has become the top malware threat targeting mobile devices, and multiple security firms allege that hackers associated with the Chinese government may be responsible for the rise in attacks.
"The decision to pay a ransom comes down to the confidence and financial cost of recreating or restoring data from a previous backup," said Travis Smith, Senior Security Research Engineer at Tripwire Inc. "Since most ransomware samples we have seen have a time limit to pay, it’s important to have confidence that you can restore the majority of data on short notice. Organizations should focus on improving backup and restoration procedures to reduce the cost of restoring data and services after a potential breach."
Another alarming trend is the rising number of mobile malware programs that use advertising to infiltrate mobile devices. According to Unuchek, this type of malware allows cybercriminals to "gain super-user access" on users' devices to install components that are often difficult to remove.
Malicious apps have also appeared in the Apple App Store and Google Play Store. Kaspersky estimated that the number of downloads linked to the Google Play Store were between 100,000 to 500,000 per Trojan.
Kaspersky noted that criminals attacking Apple posted a malicious version of the Xcode iOS app developer toolset to exploit third-party vendors, who then shared it through local servers. Apple apparently responded by removing an estimated 39 infected Xcode apps downloaded to the App Store.
Following is a list of mobile malware trends identified by Kaspersky in 2015:
- Malicious attachments that users are unable to delete
- Phishing windows that conceal legitimate apps
- Ransomware that impacts individuals and organizations
- Super-user rights access to display aggressive advertising
- Malware for iOS that impacts Apple devices
While the number of new mobile banking Trojans decreased in 2015, 7,030 versus 16,586 in 2014, intrusions have become more pernicious. According to Kaspersky, malware today overlays the bank's legitimate pages or online payment apps with fake ones to impact clients at dozens of banks through a single attack. Past apps were capable of infecting one or two banks at a time.
Stealing user logins and passwords by displaying a phishing window instead of the genuine app interface is nothing new. "We first came across it back in 2013 in Trojan-SMS.AndroidOS.Svpeng," Unuchek noted. "In our IT threat evolution in Q1 2015 report we mentioned Trojan-SMS.AndroidOS.OpFake.cc, which was capable of attacking at least 29 banking and financial apps."
Using the latest iteration of the Trojan identified in the first quarter 2015 report, hackers can infect up to 114 banking and financial apps, according to Unuchek. He added that the Trojan's main goal is to steal the login credentials for bank accounts, but it also overlays the windows of several popular mail applications.
"To stay safe do not neglect reliable mobile anti-virus solutions," Unuchek said. "Bear in mind that prevention of the threat is better than suffering losses after the infection."
Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.