The increasing infiltration of smartphones in our lives spells good news for cyber criminals. Just a few days back, we talked about the Trojan, Android.Trojan.Uupay.D, which runs in the background and sends sensitive information to an untraceable, anonymous server in China. But the sad part is, this is not the only malware infecting smartphones. According to McAfee Labs Threat Report, for the first quarter of 2014, the total number of mobile malwares has grown by 167% in last one year. The malicious apps are mostly in form of clones of some famous mobile apps and exploit vulnerabilities of legitimate apps and platforms.
More Than 750,000 New Mobile Malwares in Q1, 2014
In the first quarter of 2014, more than 750,000 new mobile malwares were discovered, making the cumulative figure of total malwares to reach around 3.8 million. The figures are not surprising at all as the total number of malicious apps on Android reached 2 million in Q1 2014. The majority of apps are disguised as a legitimate app or its update. The malware additions this quarter are the second highest in last two years, after more than 810,000 mobile malwares detected in Q4 2012.
As per the graph, the total mobile malware grew from 3.15 million in Q4 2013 to 3.8 million in Q1 2014, recording a 22.2% quarter over quarter growth. The yearly growth in number of mobile malwares stood at 167%, up from 1.45 million mobile malwares in Q1 2013 to 3.8 million in Q1 2014. These numbers represent the unique samples of malwares instead of the malware families.
McAfee labs counted more than 200 million total malware samples – includes desktop and mobile both – in Q1 2014. The mobile malwares represented 1.9% of these total malwares, which shows the growing influence of malware on mobile users.
Malware Launches Other Malicious Apps
Traditionally, the malwares exploited the platform they were launched on, but now they also abuse the services and features to install other apps illegitimately without users’ permission. Manual download and installation of an app from Google Inc. (NASDAQ:AAPL) Play Store requires authorization from user but a Japanese-language malware, Android/BadInst.A, automatically retrievers a user’s Google account and requests for the permission to access various Google services.
The whole reverse-engineered protocol involves a standard framework API, AccountManager with approved permissions. The granting of permission plays a critical role in launch of other apps, but since this app has the required valuations; it automatically downloads, installs and launches other apps without the user intervention. The authorization tokens can also be used on third-party app stores.
Malware Poses Threat to Digital Wallet and WhatsApp
The growing adopting of mobile app has provided new avneues to malware app developers. A disguised game app, BaloonPop, steals the WhatsApp messages and pictures to send to a remote server for decryption. The Trojan, Android/Balloonpopper.A, exploited the encryption weakness of the popular messaging app and the data was decrypted and launched on the website of Attacker. This poses a greater threat to users’ image, shared through the most popular mobile app. The violated security on WhatsApp through these malware apps exposes pictures to unwanted users.
Another Trojan, Android/Waller.A, get installed as a licit utility app or an update of Adobe Flash Player, but hidden from home-screen. The app makes use of the money-transfer protocol of Visa QIWI Wallet to check the account balance and transfers the money to the attacker’s server by intercepting the confirmation response.
The Clone Of Flappy Bird Attacks!
Since the pullout of popular game, Flappy Bird, hundreds of impersonators of the game emerged out. Out of the 300 samples taken by McAfee labs, 238 samples were malicious versions of the game. The clones are taking advantage of the reach that the game had; it was downloaded 50 million times. These malwares are notoriously famous for making calls, sending messages, reading IMEI number, MAC address and installing applications without the users’ permission. These clones also extract the GPS location and send user activity data to third-party sites.
Q1 2014 has been a risky quarter in terms of malwares, malicious apps and messaging threats. The spam mails were three times the legitimate e-mails. Moreover, the number of spam mails were the second largest in this quarter after the Q3 2013.
The growing demand of smartphones is alerting the cyber criminals too. Though iOS is touted to be more secure, it also suffering from malicious apps. With more than 500 apps being added on Windows Store every day, Windows Phone OS also poses great opportunity for attackers. They see this as an opportunity to use and abuse the features and vulnerabilities of the apps for their advantage.
The malwares attacking the messaging apps pose a privacy threat to the content shared by users. The digital wallet apps have the vital information shared by the device user which can potentially harm the user if leaked. Although steps are being taken to safeguard the user, there is no foolproof method. A little restrain from the third-party app stores and granting of unnecessary information to the apps can make the devices safer and more secure. The app developers should also install every possible method to protect their apps from such malwares.