Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


05:19 PM
Connect Directly

Ransomware Leads Surge In 2014 Mobile Malware Onslaught

Mobile malware increases 75 percent in U.S.

Mobile threats are no longer a mythical boogieman for security teams anymore. Instead, mobile malware presents very credible risks against IT assets as criminals have learned to add malicious mobile software into their quiver of profitable attack tools. And according to a report out last week from Lookout, those malicious mobile tools are increasingly put into play. The firm showed that mobile malware grew significantly both in volume and sophistication.

The Lookout Mobile Threat Report showed that mobile malware encounter rates shot up by 75 percent in 2014 within the U.S., with ransomware named as the top category among these malicious mobile apps.  According to Lookout, many of the ransomware schemes forced victims to pay anywhere from $300 to $500 to unlock their phones, with the malware like ScarePackage, Koler, ScareMeNot and Cold Brother leading the charge as favorite flavors of malware to ransom phones.

Hiding as either an Adobe Flash update or a variety of antivirus apps, ScarePackage is delivered as a drive-by-download and runs phony 'scans' on victims' devices. It locks the phone and claims it discovered illicit content, showing a fake message from the FBI in an attempt to get the victim to pay up rather than face criminal charges or lose control of their device data. ColdBrother and ScareMeNot operate much in the same manner, masquerading as security scanners. Meanwhile Koler's blackmail scheme is similar, but pretends to be a media app instead.

According to researchers with Malwarebytes, consumers and security professionals should expect a surge in similar attacks. The ransomware model was perfected prior to the mobile revolution and attackers are finding it profitable to port their attacks to phones and tablets.

"What we see on the PC side, we soon see on the mobile side. We have already seen mobile malware variants that encrypt phone data and demand payment to retrieve," says Nathan Collier, senior malware intelligence analyst with Malwarebytes. "Pre-existing phone backup options will make this threat less severe, however many users still might be willing to pay to get their data back."

However, ransomware isn't the only mobile threat hitting the radar, according to Lookout. In the US, for example, the top malware encountered was NotCompatible, a versatile piece of malware that is the underpinning for a one of the longest-lived mobile botnets, infecting billions of devices. It is used for a number of fraudulent purposes, including stealing bank data from infected devices.  Lookout's report warned that NotCompatible was a testament to the fact that "attackers are upping their threat construction and deployment game" on the mobile front.

And according to Collier, it won't be the only Trojan to make headlines for targeting mobile banking. They believe mobile banking Trojans will increase significantly in 2015.

"With more people using mobile devices to bank, it’s becoming more popular for malware authors to exploit," he says. "Creating a fake site that looks like a mobile banking site may be a bit easier for malware authors since many sites are limited to keep the data processing low."


Ericka Chickowski specializes in coverage of information technology and business innovation. She has focused on information security for the better part of a decade and regularly writes about the security industry as a contributor to Dark Reading.  View Full Bio

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
User Rank: Strategist
1/21/2015 | 1:16:31 PM
User error and software issues

Do you think the current software is adequate to protect our phones or do you think its lack of using antispyware and virus software on phones that is causing the issue? While there will always be user error in responding to scams, if phones were preloaded with protective software we may evade some of these issues.

User Rank: Ninja
1/21/2015 | 9:01:30 AM
Has MDM implementations such as Mobile Iron at the enterprise level decreased or eradicated this threat? Or does anyone have experience to the effect of ransomware being present even with an MDM solution? Enterprise approved apps seem to be the security best practice when it comes to MDM.
User Rank: Ninja
1/21/2015 | 8:57:58 AM
Application Review
More of a reason as to why validation of these apps need to be approved by the OS owner (Apple, Android, etc). I know Apple does this to some degree (I am sure some apps slip through regardless) but Android seems to be an open market. For this reason I would posit that this type of attack would be more prevalent on android devices but I would like to see the raw data around it. Does anyone have data to contrast or strengthen my statement?
Why Vulnerable Code Is Shipped Knowingly
Chris Eng, Chief Research Officer, Veracode,  11/30/2020
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: I think the boss is bing watching '70s TV shows again!
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2020-12-03
Pimcore is an open source digital experience platform. In Pimcore before version 6.8.5 it is possible to modify & create website settings without having the appropriate permissions.
PUBLISHED: 2020-12-02
PHP remote file inclusion in the assign_resume_tpl method in Application/Common/Controller/BaseController.class.php in 74CMS before 6.0.48 allows remote code execution.
PUBLISHED: 2020-12-02
The Victor CMS v1.0 application is vulnerable to SQL injection via the 'search' parameter on the search.php page.
PUBLISHED: 2020-12-02
SQL injection vulnerability in BloodX 1.0 allows attackers to bypass authentication.
PUBLISHED: 2020-12-02
An SQL injection vulnerability was discovered in Online Doctor Appointment Booking System PHP and Mysql via the q parameter to getuser.php.