Figures for the 2013 fourth quarter and year from Alcatel-Lucent’s Kindsight subsidiary reveals that mobile malware infections increased 20% in 2013, with 4G LTE devices being the most likely to be infected. To put that in perspective, the mobile infection rate was just 0.55% in the fourth quarter. But, the number of mobile malware samples is growing at a rapid clip, increasing by 20-fold in 2013.
It’s worth noting that despite the great increase in numbers, the quality and sophistication of most mobile malware is still a long way behind the more mature Windows/PC varieties.
“The command and control (C&C) mechanisms are primitive and often don’t work; configurations are hard-coded and inflexible; the malware makes no serious effort to conceal itself; and attack vectors are limited to hoping someone installs the infected app,” ALU noted in the report. “That said, 2013 saw a number of Android malware specimens that are beginning to show the sophistication that we see in their Windows cousins.”
And indeed, Android devices accounted for 60% of total mobile network infections, which frequently took the form of trojanized applications downloaded from third-party app stores, Google Play Store or by phishing scams. Infections on iPhone devices and BlackBerry devices made up less than 1%.
Forty per cent of mobile malware originated from Windows laptops tethered to a phone or connected directly through a mobile USB stick or MiFi hub.
“Criminals traditionally go after low hanging fruit,” said Kevin McNamee, security architect and director of Alcatel-Lucent’s Kindsight Security Labs, in a statement. “Not only is Android the largest smartphone market, unlike iPhone and Blackberry, it allows apps to be loaded from third-party sites. This provides cybercriminals with an un-policed mechanism to distribute their malware which can easily evade detection by device-based anti-virus. Thus, in 2013 we saw an increased trend towards operators offering network based anti-virus security to subscribers as a service.”
Further, the firm noted that it is “trivial” for an attacker to hijack a legitimate Android application, inject malware into it and redistribute it for consumption. “There are now binder kits available that will allow an attacker to automatically inject malware into an existing application,” the report explained. “This is only exacerbated by Android’s incredibly weak app signing policy that encourages using self-signed certificates to sign applications.”
Overall, Alcatel-Lucent also noted that hackers are becoming more successful in gaining access to devices thanks to the rise in consumer ultra-broadband usage. LTE devices for instance are two to three times more likely to be infected.
In addition to the posed risks to consumers, mobile malware is increasingly used to commit espionage on businesses and governments. Mobile spyware turns infected smartphones and tablets into a cyber-espionage devices that allow hackers to remotely track location, download contact lists and personal information, intercept and send messages, record conversations and take pictures.
Hacktivism is also an area that is on the rise—and has the potential to morph over the course of 2014. “Imagine an underground hacktivism organization that provided their own app for Android and iPhone,” ALU noted. “The app would allow the coordination of hacktivism activities and facilitate coordinated DDoS attacks against government, industry and infrastructure. It is not inconceivable that a future ‘occupy the internet’ protest movement could be based on rogue mobile apps.”
And, the potential for cyber terrorism is also troubling. “Mobile botnets have the potential for being much larger and more widespread than the traditional PC-based ones,” the report noted. “A DDoS attack from such a botnet against mobile infrastructure could be quite devastating.”
Meanwhile, the security threat to home networks remained constant with traditional “fixed” malware types just starting to make the jump to mobile devices. The residential infection rate in fixed networks dropped from 9.6% in October to 8.7% in December. For the year, it remained relatively flat at 10%.
About 6% of broadband residential customers were infected with high-level threats such as a bots, root-kits, and banking Trojans, with the ZeroAccess click-fraud malware topping all infections in the fourth quarter (followed by Alureon spyware and the Zeus banking Trojan). But its infection rate dropped from 0.8% to 0.4% due to Microsoft’s and Symantec’s efforts to disrupt its operations last year.