Article

The Growing Sophistication of Mobile Malware

IBM i, Linux, AIX
Posted:
August 25, 2016

 

Mobile malware has been on the rise over the past few years as individuals and organizations shift more tasks from PCs to smartphones and tablets. Once seen as a respite from Windows, platforms such as Android are now magnets for some of the most dedicated and sophisticated attacks, ranging from SMS Trojans to seemingly innocuous games and utilities that secretly collect excessive amounts of information, such as device IDs and contacts.

 

Mobile Malware Becomes Mainstream Across the Globe

Recent research from McAfee underscored the issue, finding that the number of malware samples on Android had risen by 33 percent over the last two quarters of 2013. During that time, the rate of PC malware remained flat, despite the high number of attack surfaces provided by circumstances such as the deteriorating security of Windows XP and Server 2003.

Going forward, the gap in attacker attention between mobile and desktop is likely to close, with Android threats not only proliferating throughout 2014 but becoming much more advanced as well. Threats that were previously exclusive to PCs, such as crippling ransomware like CryptoLocker, will make their way to mobile devices, creating a more diverse set of Android malware.

Why is there such a wide range of mobile threats? A big part of the problem is the sheer number of apps that extensively track user behavior. More than 80 percent of Android apps track network use and location, data points that are of central interest to malware. With so much software overcollecting and oversharing user information, there’s a huge opening for attackers to exploit and gain access to sensitive items such as account credentials, GPS coordinates, wireless carrier information, and SIM card numbers.

The scope of the issue is impressive. Worldwide, one security vendor’s network alone detected more than 100,000 new mobile malware routines in 2013, and while a substantial chunk of all attacks originated in the U.S. and Russia, the problem is decidedly global, with different problems spread out across North America and Europe. The volume hasn’t reached that of PC malware yet, but the 2013 haul alone constituted 70 percent of the vendor’s library of known mobile malware.

Recent research from McAfee underscored the issue, finding that the number of malware samples on Android had risen by 33 percent over the last two quarters of 2013. During that time, the rate of PC malware remained flat, despite the high number of attack surfaces provided by circumstances such as the deteriorating security of Windows XP and Server 2003.
Going forward, the gap in attacker attention between mobile and desktop is likely to close, with Android threats not only proliferating throughout 2014 but becoming much more advanced as well. Threats that were previously exclusive to PCs, such as crippling ransomware like CryptoLocker, will make their way to mobile devices, creating a more diverse set of Android malware.
Why is there such a wide range of mobile threats? A big part of the problem is the sheer number of apps that extensively track user behavior. More than 80 percent of Android apps track network use and location, data points that are of central interest to malware. With so much software overcollecting and oversharing user information, there’s a huge opening for attackers to exploit and gain access to sensitive items such as account credentials, GPS coordinates, wireless carrier information, and SIM card numbers.
The scope of the issue is impressive. Worldwide, one security vendor’s network alone detected more than 100,000 new mobile malware routines in 2013, and while a substantial chunk of all attacks originated in the U.S. and Russia, the problem is decidedly global, with different problems spread out across North America and Europe. The volume hasn’t reached that of PC malware yet, but the 2013 haul alone constituted 70 percent of the vendor’s library of known mobile malware.

 

How Mobile Malware Takes Advantage of Leaky and Vulnerable Applications

McAfee’s report found that the data collection practices of many applications, as well as the prevalent freemium and ad-supported business models of mobile developers, may be facilitating this global rise in mobile malware. There’s correlation between apps that invade privacy and malware: 35 percent of the most invasive apps also contained malware.

More specifically, users should keep a particularly close eye on games and tools, which between them accounted for more than half of the top 20 mobile malware threats documented by McAfee. In most cases, these applications request specific permissions that may be unusual for their category.

A game, for instance, might ask for the Android permission Read_Phone_State, which allows it to access the phone’s ID and to know if it is receiving a call or notification. This request is fairly standard for music players since they need to reduce the volume when such an event happens, but it’s odd coming from a game—unless the game is part of a botnet, in which case it would want to track user activity.

Other frequently abused permissions include Get_Accounts, which accesses accounts for login and verification purposes, and Receive_SMS and its ilk, which can be used for text messaging fraud or spurious multi-factor authentication for something such as a bank account. The recent surge of apps that imitate discontinued mobile game “Flappy Bird” illustrates what can happen when applications ask for too many permissions.

Whereas the original “Flappy Bird” only asked for network access (so that it could serve ads) and permission to prevent the device from going to sleep during gameplay, impostors asked for access to SMS, bookmarks and various system tools. These requests enabled them to set up premium SMS chargeware, disguised as a text message verification after purchasing the “full” version of the game.

Moreover, SMS-related mobile malware is a common issue around the world. SMSend, a Trojan that distributes spam, harasses users, and phishes for credentials, is a leading threat in the United States, Spain, and Taiwan, underscoring the global reach of the Android malware problem. In Saudi Arabia, McAfee discovered a similar app designed to sabotage a political campaign. It could jam audio transmission to a connected headset, send malicious messages, and scan infected devices for contacts and phone numbers.

 

The Threats from Ad Libraries and Wi-Fi Sniffing

A good indication of how far mobile malware has come is its increasing abuse of infrastructure beyond just a single infected device, most notably wireless networks and ad libraries. For example, the recently unveiled Chameleon proof-of-concept malware draws on the Wi-Fi sniffing techniques of legitimate utilities such as Fing to analyze network activity and hone in on vulnerable endpoints.

Chameleon demonstrates how open networks are becoming conduits for attacks on all types of network infrastructure, from smartphones to smart appliances. Unsecured networks invite the attention of attackers eager to gain additional information about devices and scrape credentials—the same motives behind virtually all mobile malware.

As these threats go global and target more devices, many of them are also leveraging mobile ad libraries to scale out malware delivery. Half of all instances of the Leadbolt library are associated with malware, according to McAfee, and another security vendor found that ads were now the top mobile malware threat, accounting for 12 percent of all content requests but 20 percent of all infections.

Overall, mobile malware still accounts for a small percentage of all threats, but it’s rapidly growing in both scope and sophistication. With organizations increasingly reliant on a wide range of interconnected devices and networks, the stakes are high. You must implement robust anti-virus software and file protection and recovery mechanisms to ward off these dangers.

The IFS included in IBM i is susceptible to mobile malware and other Windows or Intel-based viruses, worms, and malicious programs. If you overlook your Power Systems as part of your virus scanning strategy, you risk making your entire network of devices the target of mobile malware.

Solutions such as StandGuard Anti-Virus put companies in excellent position to consistently deploy anti-virus technology on IBM Power Systems and to be alerted to any potentially anomalous activity. Don’t allow your Power Systems to be the source of infection. It’s easy to scan the IFS with StandGuard Anti-Virus to be sure your data is safe where it is stored. In fact, you can do it free today.

Request your trial and get started on stronger security.

 

Related Solutions