Mobile threats in July 2014 - BestCyberNews: Online News Presenter in the present world

BestCyberNews: Online News Presenter in the present world

Start knowing

test banner


Mobile threats in July 2014

In spite of this being the height of the summer holiday season, many cybercriminals aren’t giving a second thought to taking a “well-earned” rest; instead they are continuing their attacks on Android devices. Turning an illicit profit remains one of their main objectives. 

However, in addition to common SMS Trojans, they are increasingly employing malicious programs that steal or extort money from users. The last month saw this trend intensify: in July Doctor Web's security researchers discovered a number of such malicious applications, and the geographical area in which they are being distributed has been expanding steadily.

Making an illicit profit by stealing online bank account information and Android users' funds with the aid of various Trojans is becoming increasingly popular. Threats serving this purpose appeared several years ago, but they haven't seen much use until recently. Attacks involving malware like this are carried out in many countries, but has been one of the primary targets for quite a while.

Doctor Web's virus analysts registered a substantial increase in the number of incidents involving such malicious programs in that country. For example, in June several new malicious programs were discovered including Android.Banker.28.origin.
Spread in the guise of a Google Play client, this Trojan employs social engineering tricks to steal confidential banking information (NPKI certificates, online bank account login, phone number, credit card number and passwords). The program becomes operational only if an actual banking client application is running on a device. To lure the user into divulging all the information it needs, the Trojan mimics the look and feel of a legitimate application. The collected data is forwarded to criminals and can later be used to access victims' bank accounts and carry out unauthorised transactions.
Most threats discovered in are distributed by means of unwanted SMS messages containing Trojan download links. Here,Android.Banker.28.origin is no exception. It accounts for 22.22% of SMS spam incidents. All in all, in the past month Doctor Web's security researchers registered 126 such spam campaigns. The percentage of Trojans distributed by means of these short messages is shown in the pie chart below.
Distributed as Adobe Flash Player, Android.BankBot.21.origin targeted devices in Russia. This program mimicked the dialogue used to associate a credit card with a Google Play account. The acquired information and all incoming messages were forwarded to criminals. In addition, cybercriminals could order the malware to perform other tasks such as sending short messages.
May 2014 saw the emergence of ransomware for Android that locks compromised devices and encrypts files before demanding a ransom from users who want to restore their devices to normal operation or get back their files. The number of programs like this has surged in a short period of time. In May, only two definitions for such malware were present in the Dr.Web virus database, but by the end of July, that figure soared to 54. In just two months, the number of these threats increased 27 times, i.e., by 2,600%.
Android.Locker.19.origin is one of the ransom programs discovered in July—it targets Android devices in the USA. When launched on a mobile device, the Trojan locks it and displays a ransom message. Once the device is locked,Android.Locker.19.origin won't allow the user to perform any action with the OS interface. It is noteworthy that this Trojan can not only lock a device, but can also encrypt files, but the attackers didn't use this feature. It is likely that it will be enabled in future versions of the Trojan.
Doctor Web is the Russian developer of Dr.Web anti-virus software. We have been developing our products since 1992. The company is a key player on the Russian market for software that meets the fundamental need of any business — information security. Doctor Web is one of the few anti-virus vendors in the world to have its own technologies to detect and cure malware. Our anti-virus protection system allows the information systems of our customers to be protected from any threats, even those still unknown. Doctor Web was the first company to offer an anti-virus as a service and, to this day, is still the undisputed Russian market leader in Internet security services for service providers. Doctor Web has received state certificates and awards; our satisfied customers spanning the globe are clear evidence of the high quality of the products created by our talented Russian programmers.