Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


05:19 PM
Connect Directly

Ransomware Leads Surge In 2014 Mobile Malware Onslaught

Mobile malware increases 75 percent in U.S.

Mobile threats are no longer a mythical boogieman for security teams anymore. Instead, mobile malware presents very credible risks against IT assets as criminals have learned to add malicious mobile software into their quiver of profitable attack tools. And according to a report out last week from Lookout, those malicious mobile tools are increasingly put into play. The firm showed that mobile malware grew significantly both in volume and sophistication.

The Lookout Mobile Threat Report showed that mobile malware encounter rates shot up by 75 percent in 2014 within the U.S., with ransomware named as the top category among these malicious mobile apps.  According to Lookout, many of the ransomware schemes forced victims to pay anywhere from $300 to $500 to unlock their phones, with the malware like ScarePackage, Koler, ScareMeNot and Cold Brother leading the charge as favorite flavors of malware to ransom phones.

Hiding as either an Adobe Flash update or a variety of antivirus apps, ScarePackage is delivered as a drive-by-download and runs phony 'scans' on victims' devices. It locks the phone and claims it discovered illicit content, showing a fake message from the FBI in an attempt to get the victim to pay up rather than face criminal charges or lose control of their device data. ColdBrother and ScareMeNot operate much in the same manner, masquerading as security scanners. Meanwhile Koler's blackmail scheme is similar, but pretends to be a media app instead.

According to researchers with Malwarebytes, consumers and security professionals should expect a surge in similar attacks. The ransomware model was perfected prior to the mobile revolution and attackers are finding it profitable to port their attacks to phones and tablets.

"What we see on the PC side, we soon see on the mobile side. We have already seen mobile malware variants that encrypt phone data and demand payment to retrieve," says Nathan Collier, senior malware intelligence analyst with Malwarebytes. "Pre-existing phone backup options will make this threat less severe, however many users still might be willing to pay to get their data back."

However, ransomware isn't the only mobile threat hitting the radar, according to Lookout. In the US, for example, the top malware encountered was NotCompatible, a versatile piece of malware that is the underpinning for a one of the longest-lived mobile botnets, infecting billions of devices. It is used for a number of fraudulent purposes, including stealing bank data from infected devices.  Lookout's report warned that NotCompatible was a testament to the fact that "attackers are upping their threat construction and deployment game" on the mobile front.

And according to Collier, it won't be the only Trojan to make headlines for targeting mobile banking. They believe mobile banking Trojans will increase significantly in 2015.

"With more people using mobile devices to bank, it’s becoming more popular for malware authors to exploit," he says. "Creating a fake site that looks like a mobile banking site may be a bit easier for malware authors since many sites are limited to keep the data processing low."


Ericka Chickowski specializes in coverage of information technology and business innovation. She has focused on information security for the better part of a decade and regularly writes about the security industry as a contributor to Dark Reading.  View Full Bio

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
User Rank: Strategist
1/21/2015 | 1:16:31 PM
User error and software issues

Do you think the current software is adequate to protect our phones or do you think its lack of using antispyware and virus software on phones that is causing the issue? While there will always be user error in responding to scams, if phones were preloaded with protective software we may evade some of these issues.

User Rank: Ninja
1/21/2015 | 9:01:30 AM
Has MDM implementations such as Mobile Iron at the enterprise level decreased or eradicated this threat? Or does anyone have experience to the effect of ransomware being present even with an MDM solution? Enterprise approved apps seem to be the security best practice when it comes to MDM.
User Rank: Ninja
1/21/2015 | 8:57:58 AM
Application Review
More of a reason as to why validation of these apps need to be approved by the OS owner (Apple, Android, etc). I know Apple does this to some degree (I am sure some apps slip through regardless) but Android seems to be an open market. For this reason I would posit that this type of attack would be more prevalent on android devices but I would like to see the raw data around it. Does anyone have data to contrast or strengthen my statement?
US Formally Attributes SolarWinds Attack to Russian Intelligence Agency
Jai Vijayan, Contributing Writer,  4/15/2021
Dependency Problems Increase for Open Source Components
Robert Lemos, Contributing Writer,  4/14/2021
FBI Operation Remotely Removes Web Shells From Exchange Servers
Kelly Sheridan, Staff Editor, Dark Reading,  4/14/2021
Register for Dark Reading Newsletters
White Papers
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2021-04-19
An out-of-bounds (OOB) memory access flaw was found in fs/f2fs/node.c in the f2fs module in the Linux kernel in versions before 5.12.0-rc4. A bounds check failure allows a local attacker to gain access to out-of-bounds memory leading to a system crash or a leak of internal kernel information. The hi...
PUBLISHED: 2021-04-19
A flaw was found in cifs-utils in versions before 6.13. A user when mounting a krb5 CIFS file system from within a container can use Kerberos credentials of the host. The highest threat from this vulnerability is to data confidentiality and integrity.
PUBLISHED: 2021-04-19
If Ethernet communication of the JTEKT Corporation TOYOPUC product series’ (TOYOPUC-PC10 Series: PC10G-CPU TCC-6353: All versions, PC10GE TCC-6464: All versions, PC10P TCC-6372: All versions, PC10P-DP TCC-6726: All versions, PC10P-DP-IO TCC-6752: All versions, PC10B-P TCC-6373: Al...
PUBLISHED: 2021-04-19
An exploitable SQL injection vulnerability exists in ‘getAssets.jsp’ page of OpenClinic GA 5.173.3. The serialnumber parameter in the getAssets.jsp page is vulnerable to unauthenticated SQL injection. An attacker can make an authenticated HTTP request to trigger...
PUBLISHED: 2021-04-19
GStreamer before 1.18.4 might access already-freed memory in error code paths when demuxing certain malformed Matroska files.