Kaspersky Lab’s report on the evaluation of threats targeting smartphones, tablets and other mobile devices that was published in February 2013 showed that in 2012 Android became the number one target among virus writers, and that the number of threats grew steadily over the course of the year. Did the number of mobile threats shrink in 2013? Not quite!
January, traditionally being a quiet month for mobile virus writers – only 1,262 new modifications appeared in the first month of the year but by August, the number of fraudulent one-click apps published grew up to 2,500. That’s not all, Kaspersky Lab has detected over 20,000 new mobile malware modifications over the past few months. In February alone, 12,044 mobile malware modifications were detected, another 9,443 were found in March. To compare, a total of 40,059 modifications of malicious programs targeting mobile devices were detected over the whole of 2012.
SMS Trojans were found to be the most prevalent category of mobile threats and currently representing 63.6% of all attacks. These threats send text messages without the users’ knowledge to short, premium-rate numbers, leaving the users’ with hefty phone bills.
The Android platform remains popular among mobile virus writers. A total of 99.9% of new mobile threat detections target the platform.
Top 4 Malicious Programs
In the past quarter, first place for dangerous malware goes to Trojan-SMS.AndroidOS.FakeInst.a with 29.45% attacks. It was seen to primarily target Russian speaking Internet users who attempted to download software for Android devices from dubious sites. These dubious websites are often used by cybercriminals to spread malware under the guise of useful software.
The podium for second place goes to an adware by the name of Trojan.AndroidOS.Plangton.a (18.78% of attacks). This threat is prominent in European countries, where it is used by developers of free software to monetize products by displaying ads. SMS Trojans from the Opfake family stood at third and fourth places. The first modifications of the Opfake family of threats were disguised as the latest version of Opera, a popular mobile browser. Today, the malicious programs in this family are disguised as new versions of other popular apps (Skype, Angry Birds, etc.).
Kaspersky Labs also recorded two most interesting virus incidents in the last quarter:
- A new threat going by the name of Perkel or Perkele was rumored to have allegedly attacked users in 69 countries. It was only detected several days later when the first modifications of Perkel began to appear. This particular threat hunts for mTANs (Mobile Transaction Authentication Numbers), uses text messages to communicate and upload stolen data to its command server. It is capable of performing self-updates.
- The MTK Botnet, which was responsible for infecting up to one million Android devices primarily used by Chinese users. The spread of a malicious program in China was at the root of the botnet. It spread via unofficial Chinese app stores with popular, cracked games. It was developed to steal information about the infected smartphone, user contact data and messages. To do so, it hyped up a variety of apps: the Trojan could stealthily download and install apps on the victim’s mobile device and then give that app the highest possible ranking in the app store, thus increasing its visibility in the app store. Then they report their actions to a remote server.
As we are increasingly storing valuable data in our mobile devices, risk of banking or transaction numbers being stolen is increasing. Confidential business data stored in mobile devices are rarely encrypted or protected with a PIN. Growing use of “smart” devices in businesses as well as in personal lives, and the lack of awareness among organizations about mobile threats can lead to data leakage and misuse of important business or personal information.
And hey Android, get a real security update ASAP!
Source: Kaspersky Securelist Network