Mobile
2/28/2014
02:08 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Mobile Malware Evolution: Three Infection Attempts Per User In 2013

Nearly 145,000 new malicious programs for mobile devices were detected in 2013

ABINGDON, England, February 27, 2014 /PRNewswire/ --

Kaspersky Lab experts have today published the results of their analysis of the mobile threat landscape in 2013 [http://www.securelist.com/en/analysis/204792326/Mobile_Malware_Evolution_2013 ]. The analysis has revealed the following figures for 2013:

- Nearly 145,000 new malicious programs for mobile devices were detected in 2013, which is more than three times the previous year's figure [http://www.securelist.com/en/analysis/204792283/Mobile_Malware_Evolution_Part_6 ] of 40,059 samples. As of January 1st 2014, Kaspersky Lab's collection included 190,000 mobile malware samples. - 98.1 per cent of all mobile malware detected in 2013 targeted Android devices. - Approximately 4 million malicious applications were used by cybercriminals to distribute mobile malware for Android-based devices. A total of 10 million malicious Android apps [http://www.kaspersky.com/about/news/virus/2014/Number-of-the-week-list-of-malicious-Android-apps-hits-10-million ] were detected in 2012-2013.

- The top five countries with the highest number of unique attacked users are as follows: Russia (40 per cent), India (8 per cent), Vietnam (4 per cent), Ukraine (4 per cent) and the UK (3 per cent).

The analysis also shows that the majority of mobile malware in 2013 targeted users' money:

- The number of mobile malware modifications designed for phishing, the theft of bank card information and money from bank accounts increased by a factor of almost 20. - 2,500 attempted infections by banking Trojans were blocked.[1]

Banking Trojans are by far the most dangerous type of mobile malware for users. Some of those [http://www.securelist.com/en/blog/8138/The_Android_Trojan_Svpeng_now_capable_of_mobile_phishing ] detected in 2013 were more geared towards stealing money from bank accounts rather than from a victim's mobile account, which significantly increases the potential losses.

Vulnerabilities in the Android OS architecture and its growing popularity were important factors behind the increase in Android banking Trojans in 2013. Cybercriminals appear to have become obsessed with this method of making money: at the beginning of the year there were just 67 known banking Trojans, but by the end of 2013 Kaspersky Lab's collection contained 1,321 unique samples.

Victor Chebyshev, Virus Analyst at Kaspersky Lab, commented: "Today, the majority of banking Trojan attacks target users in Russia and the CIS. However, that is unlikely to last for long: given the cybercriminals' keen interest in user bank accounts, the activity of mobile banking Trojans is expected to grow in other countries in 2014. We already know of Perkel [http://kasperskycontenthub.com/securelist/2013/05/16/it-threat-evolution-q1-2013/#12 ], an Android Trojan that attacks clients of several European banks, as well as the Korean malicious program Wroba."

--------------------------------------------------

1. The number of attacks prevented by Kaspersky Lab mobile products in 2013.

The increasingly sophisticated route to your money

- Criminals are increasingly using obfuscation, the deliberate act of creating complex code to make it difficult to analyse. The more complex the obfuscation, the longer it will take an antivirus solution to neutralise the malicious code and the more money the fraudsters can steal.

- Methods used to infect a mobile device include compromising legitimate sites and distributing malware via alternative app stores and bots (the bots usually self-proliferate by sending out text messages with a malicious link to addresses in the victim's address book). - Android vulnerabilities are used by criminals to enhance the rights of malicious applications which considerably extends their capabilities and makes it more difficult to remove malicious programs. To bypass the code integrity check when installing an application, the Master Key vulnerability is used. The fact that it is only possible to get rid of Android vulnerabilities by receiving an update from the device manufacturer merely complicates the situation further. If a smartphone or tablet was released more than a year ago, it is probably no longer supported by the manufacturer and patching of vulnerabilities is no longer provided. In that case, the only help comes from an antivirus solution

Read more at securelist.com [http://www.securelist.com/en/analysis/204792326/Mobile_Malware_Evolution_2013 ].

About Kaspersky Lab

Kaspersky Lab is the world's largest privately held vendor of endpoint protection solutions. The company is ranked among the world's top four vendors of security solutions for endpoint users*. Throughout its more than 16-year history Kaspersky Lab has remained an innovator in IT security and provides effective digital security solutions for large enterprises, SMBs and consumers. Kaspersky Lab, with its holding company registered in the United Kingdom, currently operates in almost 200 countries and territories across the globe, providing protection for over 300 million users worldwide. Learn more at http://www.kaspersky.co.uk

* The company was rated fourth in the IDC rating Worldwide Endpoint Security Revenue by Vendor, 2012. The rating was published in the IDC report "Worldwide Endpoint Security 2013-2017 Forecast and 2012 Vendor Shares (IDC #242618, August 2013). The report ranked software vendors according to earnings from sales of endpoint security solutions in 2012.

Follow us on Twitter

http://www.twitter.com/kasperskyuk

Like us on Facebook

http://www.facebook.com/Kaspersky

Editorial contact: Berkeley PR Lauren White [email protected] Telephone: +44(0)118-909-0909 1650 Arlington Business Park RG7 4SA, Reading

Kaspersky Lab UK Ruth Knowles [email protected] Telephone: +44(0)7590-440-433 Milton Business Park OX14 4RY, Oxford

SOURCE Kaspersky Lab Click here to Reply, Reply to all, or Forward 3.02 GB (20%) of 15 GB used Manage ©2014 Google - Terms & Privacy Last account activity: 3.5 hours ago Details

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
5 Security Technologies to Watch in 2017
Emerging tools and services promise to make a difference this year. Are they on your company's list?
Flash Poll
New Best Practices for Secure App Development
New Best Practices for Secure App Development
The transition from DevOps to SecDevOps is combining with the move toward cloud computing to create new challenges - and new opportunities - for the information security team. Download this report, to learn about the new best practices for secure application development.
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-7445
Published: 2015-10-15
The Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager (GEM) objects, which allows context-dependent attackers to cause a denial of service (memory consumption) via an application that processes graphics data, as demonstrated b...

CVE-2015-4948
Published: 2015-10-15
netstat in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.x, when a fibre channel adapter is used, allows local users to gain privileges via unspecified vectors.

CVE-2015-5660
Published: 2015-10-15
Cross-site request forgery (CSRF) vulnerability in eXtplorer before 2.1.8 allows remote attackers to hijack the authentication of arbitrary users for requests that execute PHP code.

CVE-2015-6003
Published: 2015-10-15
Directory traversal vulnerability in QNAP QTS before 4.1.4 build 0910 and 4.2.x before 4.2.0 RC2 build 0910, when AFP is enabled, allows remote attackers to read or write to arbitrary files by leveraging access to an OS X (1) user or (2) guest account.

CVE-2015-6333
Published: 2015-10-15
Cisco Application Policy Infrastructure Controller (APIC) 1.1j allows local users to gain privileges via vectors involving addition of an SSH key, aka Bug ID CSCuw46076.

Dark Reading Radio
Archived Dark Reading Radio
In past years, security researchers have discovered ways to hack cars, medical devices, automated teller machines, and many other targets. Dark Reading Executive Editor Kelly Jackson Higgins hosts researcher Samy Kamkar and Levi Gundert, vice president of threat intelligence at Recorded Future, to discuss some of 2016's most unusual and creative hacks by white hats, and what these new vulnerabilities might mean for the coming year.