Today’s Mobile Threatscape: Android-Centric, Booming, Espionage-friendly

This post is also available in: עברית (Hebrew)

The fact that Kaspersky Lab has not recorded malware that uses exploits in Android to perform a drive-by attack may seem positive, but only at a first glance. The grim reality is that users are actively searching for software from suspicious sources and taking no precautions when launching an unknown program – all of which makes it easier for cyber-criminals to infect devices. This trend is supplemented by the on-going distribution of malicious apps in the official Google Play app store, and the first recorded appearance of an app with malicious behavior in Apple’s official software distribution platform. These key trends of the mobile security landscape were observed by Kaspersky Lab’s Senior Malware Analyst Denis Maslennikov in the latest Mobile Malware Evolution report.

Kaspersky Lab’s key mobile forecast for 2012 proved entirely accurate: cyber-criminals indeed focused their attention on the highly popular Android platform, and the number of threats for it continued to grow at a rapid pace. In January 2012 Kaspersky Lab had less than 6,000 unique malware samples for Android in its database, but the year ended with an astounding figure of 43,000+ malicious programs. Over 99% of new threats found in 2012 targeted Android-based smartphones and tablets, with less than 1% aimed at devices running Symbian and BlackBerry operating systems or supporting the mobile version of Java.

The most widespread Android threats can be divided into three major groups: SMS Trojans, , stealing money by sending premium texts, adware, and exploits to gain root accessthat give full access to the device and any data stored on it. Another notable addition to the Android malware family was a new mobile botnet nicknamed Foncy that enabled cyber-criminals to gain control of mobile devices. The suspected authors of this botnet were arrested by French police: their actions may have netted more than EUR 100,000 from the victims.

Despite the limited number of new malicious apps for Symbian and BlackBerry smartphones, some of them are notable for specifically targeting victims’ bank accounts. In 2012 Kaspersky Lab experts recorded new versions of Trojans such as Zeus-in-the-Mobile and SpyEye-in-the-Mobile that combine forces with their “desktop” malicious counterparts to seize control of users’ online bank accounts. The mobile malware in this particular case is used to steal authorization messages from banks – mTAN codes – required to perform a transaction. Such malware also hides bank messages from the users, who remain unaware that anything is amiss until they check their bank accounts.

Mobile devices now find themselves on the receiving end of targeted attacks and cyber-espionage, just like their desktop counterparts. One example of this malware is a module named FinSpy, developed by British company Gamma International for a controversial practice called “legal surveillance”. Another case is the widespread Red October espionage campaign discovered by Kaspersky Lab: some of the modules used by attackers were designed specifically to steal data from mobile phones, including iPhones, BlackBerrys and Nokia smartphones.

Moreover, there is evidence (domain names, registry keys, etc.) pointing to the existence of Red October modules targeting other mobile devices including Android and BlackBerry.

Denis Maslennikov, Senior Malware Analyst, Kaspersky Lab, commented: “Cyber-criminals are taking mobile devices seriously, because now they typically contain even more private data than traditional PCs. In 2012 we recorded thousands of new malicious programs aimed at stealing information, taking money from mobile and bank accounts and spying on users. Unfortunately, the Android platform has already become quite a dangerous environment that is urgently in need of protection. The outlook for businesses is also rather grim. Targeted cyber espionage campaigns with a particular interest in mobile data, along with the problem of employees using their own devices to access corporate data all point to the need for companies to deploy an efficient Mobile Device Management system.”