Mobile Malware Infects Millions; LTE Spurs Growth

Share

Related Stories

  • 92% of Top 500 Android Apps Carry Security or Privacy Risk
    About 460 of the top 500 Android applications create a security or privacy risk when downloaded to Android devices, according to new research. And that’s largely because of a lack of user education, and the fact that mobile users don’t mind sharing personal information for free apps in return.
  • Banking Malware Infects Android Devices Through PCs
    The idea of using mobile or portable devices to infect desktop PCs and laptops (not to mention other fixed endpoints like ATMs and point-of-sale terminals) is a tried-and-true threat vector for cybercriminals – but now, new banking malware is taking the opposite approach.
  • New Android Malware Intercepts Calls and Texts
    Mobile malware victims may have several reactions upon discovering a smartphone infection, but chuckling is likely not one of them. Nonetheless, a new Android malware threat dubbed "HeHe" has been identified that steals text messages and intercepts and disconnects phone calls.
  • 2 Million-Strong ZeroAccess Botnet Disrupted by Microsoft and Law Enforcement
    An international cooperative effort involving Microsoft, the FBI, Europol and A10 Networks has disrupted the ZeroAccess (Sirefef) P2P ad fraud botnet. ZeroAccess is believed to use up to 800,000 out of a total of two million infected PCs at any time, mostly in the US and Europe, capable of stealing $2.7 million from online advertisers every month.
  • ZeroAccess Becoming More Persistent as well as Pervasive
    A new study of the ZeroAccess rootkit, believed to have infected 2.2 million home networks worldwide at the end of last year, has demonstrated that it continues to evolve, with new techniques to evade detection and hinder removal.

Top 5 Stories

News

Mobile Malware Infects Millions; LTE Spurs Growth

29 January 2014

How pervasive is the mobile malware threat? New research shows that malicious code is infecting more than 11.6 million mobile devices at any given time, putting their owners at increased risk for stolen personal and financial information; bill shock resulting from pirated data usage; and extortion in exchange for device control.

Figures for the 2013 fourth quarter and year from Alcatel-Lucent’s Kindsight subsidiary reveals that mobile malware infections increased 20% in 2013, with 4G LTE devices being the most likely to be infected. To put that in perspective, the mobile infection rate was just 0.55% in the fourth quarter. But, the number of mobile malware samples is growing at a rapid clip, increasing by 20-fold in 2013.

It’s worth noting that despite the great increase in numbers, the quality and sophistication of most mobile malware is still a long way behind the more mature Windows/PC varieties.

“The command and control (C&C) mechanisms are primitive and often don’t work; configurations are hard-coded and inflexible; the malware makes no serious effort to conceal itself; and attack vectors are limited to hoping someone installs the infected app,” ALU noted in the report. “That said, 2013 saw a number of Android malware specimens that are beginning to show the sophistication that we see in their Windows cousins.”

And indeed, Android devices accounted for 60% of total mobile network infections, which frequently took the form of trojanized applications downloaded from third-party app stores, Google Play Store or by phishing scams. Infections on iPhone devices and BlackBerry devices made up less than 1%.

Forty per cent of mobile malware originated from Windows laptops tethered to a phone or connected directly through a mobile USB stick or MiFi hub.

“Criminals traditionally go after low hanging fruit,” said Kevin McNamee, security architect and director of Alcatel-Lucent’s Kindsight Security Labs, in a statement. “Not only is Android the largest smartphone market, unlike iPhone and Blackberry, it allows apps to be loaded from third-party sites. This provides cybercriminals with an un-policed mechanism to distribute their malware which can easily evade detection by device-based anti-virus. Thus, in 2013 we saw an increased trend towards operators offering network based anti-virus security to subscribers as a service.”

Further, the firm noted that it is “trivial” for an attacker to hijack a legitimate Android application, inject malware into it and redistribute it for consumption. “There are now binder kits available that will allow an attacker to automatically inject malware into an existing application,” the report explained. “This is only exacerbated by Android’s incredibly weak app signing policy that encourages using self-signed certificates to sign applications.”

Overall, Alcatel-Lucent also noted that hackers are becoming more successful in gaining access to devices thanks to the rise in consumer ultra-broadband usage. LTE devices for instance are two to three times more likely to be infected.

In addition to the posed risks to consumers, mobile malware is increasingly used to commit espionage on businesses and governments. Mobile spyware turns infected smartphones and tablets into a cyber-espionage devices that allow hackers to remotely track location, download contact lists and personal information, intercept and send messages, record conversations and take pictures.

Hacktivism is also an area that is on the rise—and has the potential to morph over the course of 2014. “Imagine an underground hacktivism organization that provided their own app for Android and iPhone,” ALU noted. “The app would allow the coordination of hacktivism activities and facilitate coordinated DDoS attacks against government, industry and infrastructure. It is not inconceivable that a future ‘occupy the internet’ protest movement could be based on rogue mobile apps.”

And, the potential for cyber terrorism is also troubling. “Mobile botnets have the potential for being much larger and more widespread than the traditional PC-based ones,” the report noted. “A DDoS attack from such a botnet against mobile infrastructure could be quite devastating.”

Meanwhile, the security threat to home networks remained constant with traditional “fixed” malware types just starting to make the jump to mobile devices. The residential infection rate in fixed networks dropped from 9.6% in October to 8.7% in December. For the year, it remained relatively flat at 10%.

About 6% of broadband residential customers were infected with high-level threats such as a bots, root-kits, and banking Trojans, with the ZeroAccess click-fraud malware topping all infections in the fourth quarter (followed by Alureon spyware and the Zeus banking Trojan). But its infection rate dropped from 0.8% to 0.4% due to Microsoft’s and Symantec’s efforts to disrupt its operations last year.

This article is featured in:
Application Security  •  Industry News  •  Malware and Hardware Security  •  Wireless and Mobile Security

 

Comment on this article

You must be registered and logged in to leave a comment about this article.

We use cookies to operate this website and to improve its usability. Full details of what cookies are, why we use them and how you can manage them can be found by reading our Privacy & Cookies page. Please note that by using this site you are consenting to the use of cookies. ×