Mobile threats are no longer a mythical boogieman for security teams anymore. Instead, mobile malware presents very credible risks against IT assets as criminals have learned to add malicious mobile software into their quiver of profitable attack tools. And according to a report out last week from Lookout, those malicious mobile tools are increasingly put into play. The firm showed that mobile malware grew significantly both in volume and sophistication.
The Lookout Mobile Threat Report showed that mobile malware encounter rates shot up by 75 percent in 2014 within the U.S., with ransomware named as the top category among these malicious mobile apps. According to Lookout, many of the ransomware schemes forced victims to pay anywhere from $300 to $500 to unlock their phones, with the malware like ScarePackage, Koler, ScareMeNot and Cold Brother leading the charge as favorite flavors of malware to ransom phones.
Hiding as either an Adobe Flash update or a variety of antivirus apps, ScarePackage is delivered as a drive-by-download and runs phony 'scans' on victims' devices. It locks the phone and claims it discovered illicit content, showing a fake message from the FBI in an attempt to get the victim to pay up rather than face criminal charges or lose control of their device data. ColdBrother and ScareMeNot operate much in the same manner, masquerading as security scanners. Meanwhile Koler's blackmail scheme is similar, but pretends to be a media app instead.
According to researchers with Malwarebytes, consumers and security professionals should expect a surge in similar attacks. The ransomware model was perfected prior to the mobile revolution and attackers are finding it profitable to port their attacks to phones and tablets.
"What we see on the PC side, we soon see on the mobile side. We have already seen mobile malware variants that encrypt phone data and demand payment to retrieve," says Nathan Collier, senior malware intelligence analyst with Malwarebytes. "Pre-existing phone backup options will make this threat less severe, however many users still might be willing to pay to get their data back."
However, ransomware isn't the only mobile threat hitting the radar, according to Lookout. In the US, for example, the top malware encountered was NotCompatible, a versatile piece of malware that is the underpinning for a one of the longest-lived mobile botnets, infecting billions of devices. It is used for a number of fraudulent purposes, including stealing bank data from infected devices. Lookout's report warned that NotCompatible was a testament to the fact that "attackers are upping their threat construction and deployment game" on the mobile front.
And according to Collier, it won't be the only Trojan to make headlines for targeting mobile banking. They believe mobile banking Trojans will increase significantly in 2015.
"With more people using mobile devices to bank, it’s becoming more popular for malware authors to exploit," he says. "Creating a fake site that looks like a mobile banking site may be a bit easier for malware authors since many sites are limited to keep the data processing low."