Mobile malware could be more destructive than PC malware, warns a security expert from Trend Micro.
“Mobile malware is repeating the history of Windows malware given the existing threats to Android,” said Paul J.S. Oliveria, Technical Marketing Researcher, Core Technology Marketing, Trend Micro. Oliveria notes that the number of mobile malware has quickly grown to the same volume PC malware took more than a decade to reach.
The bulk of mobile malware are still packaged as spoofed or Trojanized versions of popular apps, and as in previous quarter, almost half of these malware were designed to serve as means for cybercriminals to take full control of an infected device.
According to Oliveria, the discovery of the Android master key vulnerability which allows a hacker to actually change the code of the apps installed on devices is very significant as it affects almost all or 99% of Android devices available out there.
The vulnerability permits installed apps to be modified without the consent of the user. It further raised concerns about mostly relying on scanning apps for protection, along with the fragmentation that exists in the Android ecosystem.
According to the TrendLabs 2nd Quarter 2013 Security Roundup Report, mobile malware remains a big problem as it directly affects the popular Android system-based handheld devices. According to the report, the number of malicious and high-risk Android apps steadily increased until June, hitting 718,000 in the second quarter, representing a significant increase of 41% compared with the 509,000 found in the first quarter this year. In six months time, these apps surged by more than 350,000, a number that originally took TrendLabs three years to reach.
Spotted in the second quarter is a malware known as FAKEBANK that contains specific Android application package files (APKs), which it copies to a device’s Secure Digital card, spoofs legitimate apps. Using the APK files, the malware displays icons and a user interface that imitates legitimate banking apps. This technique is reminiscent of PC banking Trojans that monitor users browsing behaviors and spoofs banking sites.
OBAD (ANDROIDOS_OBAD.A) also exploited an Android vulnerability. Once installed, OBAD requests root and device administrator privileges, which allow it to take full control of an infected device.
Meanwhile, the report revealed that among countries most at risk of privacy exposure due to application use, the Philippines placed 10th when it downloaded 5.19% of the total number of high-risk apps.
Online banking: repackaged threats
In the online banking sector, threats increased in the second quarter. Although hackers have not generated completely new threats, they choose to repackage old ones. Poor patching practice, considered as a common problem in the Asia-Pacific region, also contributed to the rise in online banking threats. This has led to the growth of 29% in the number of infections to 146,000 in the second quarter of 2013, from 113,000 infections in the first quarter of the same year.
Other online banking malware threats can be found in different forms: malware that disguised as updates for Adobe Flash Player hosted on compromised sites, and as a “homemade browser.” There is also a malware that modifies an infected computer’s hosts file to redirect a customer to phishing sites and those of the Citadel variants that targets financial service institutions.
The report also revealed that that WORM_DOWNAD/Conficker remained the top malware in the second quarter of the year while the volume of adware, which are greatly proliferating in the Philippines, increased as more users were inclined to unknowingly download them as part of free software. DOWNAD/Conficker is still a concern for enterprises and small and medium-sized businesses (SMBs) as its volume reached 360,000 and 58,000, respectively.
Ma. Christina O. Cruz, Technical Communications Specialist of TrendLabs, described DOWNAD/Conficker as a malware which spreads copies of itself from computer to computer using folders, and removable drives. Its end-goal is to download other malware and it is alive for five years, since its discovery in 2008. As a caution, Cruz advised that patching and the purchase of regional software are very important.
Malware toolkits, which are inexpensive or available for free, are also employed by hackers to make it easier for them to carry out their purpose.
Social media: attractive platform for cybercriminals
Due to its massive user bases, social networking media became an attractive platform for cybercriminals in the second quarter, particularly users who manage multiple online accounts. Social media threats have also abused popular blogging sites like Tumblr, WordPress, and Blogger by hosting fake streaming popular movies. Social engineering tactics, where users are manipulated to provide confidential information, were also implemented using notable social engineering lures as bait.
Other significant attacks include that of Twitter which reveals that social media can be used to spread false news that can have severe results. In the case of Instagram scams, the victims are SMBs and marketers who wish to increase their online presence. This scam works by offering “free followers” or use professional looking sites where they can supposedly buy followers in bulk.