This malware has the effect of turning a mobile device into a zombie, providing full control over it to the malware author, according to AVG's threat report.
“The volume and sophistication of the mobile threats are increasing”, observed Yuval Ben-Itzhak, AVG’s chief technology officer. “There is a particular type of attack that misleads the user into an action that turns the phone into a zombie. The remote hacker can control the phone, operate it, monetize it, and use it to attack others”, he told Infosecurity.
The report also identified PC-based malware that involved social engineering, including an email scam targeting Asian markets and the US, as well as a mass injection SQL attack using celebrity sex videos and fake anti-virus to trick users. Social engineering attacks are becoming more sophisticated in their approach, making even users who may have been victims in the past likely to fall prey again, according to the AVG report.
Also, mobile users were tricked into downloading malware hidden in seemingly legitimate applications such as Angry Birds Space. The malware enables the hacker to monetize from the infected device and to download additional malicious code or connect the device to a botnet.
“The hackers have taken the Angry Birds app, reversed engineered it, put their malicious code inside, repackaged it, and put it in the Android markets outside of the official Google Play market”, Ben-Itzhak explained.
“The mobile world for hackers is a dream come true. It makes it much easier to monetize attacks….Once they put malware on the phone, they can start to monetize immediately”, he said.
One notable theme in the second quarter was the amount of malware originating from China. Email scams and malicious Android applications uploaded to third party application markets were just two of the threats identified. These targeted China and in some cases, neighboring countries including Japan, South Korea, and Taiwan.