Mobile and Home Networking Malware Creep On

Recent research reveals that in the second quarter of 2013, 10% of home networks and more than 0.5% of mobile networks were infected with malware
Recent research reveals that in the second quarter of 2013, 10% of home networks and more than 0.5% of mobile networks were infected with malware

Figures for the second quarter of 2013 by Alcatel-Lucent's Kindsight subsidiary have revealed an increase in volume for threats across the board: that includes malware used by hackers to gain access to devices for corporate espionage, spying on individuals, theft of personal information, generating massive quantities of spam, denial of service attacks (DDoS) on business and governments, and millions of dollars in fraudulent banking and advertising scams.

In mobile networks, the vast majority of infected devices are either Android phones or Windows laptops tethered to a phone or connected directly through a mobile USB stick or MiFi hub. The fastest-growing segment remains mobile malware that targets Android, which exhibited a sixfold increase in the number of Android malware samples in the quarter, bringing the rate of infection for Android devices alone up above 1%.

The top threats in mobility are trojanized apps that steal information about the phone or send SMS messages. Some are banking trojans that intercept access tokens for banking websites, or are spyware applications, the report found.

Uapush.A is a moderate threat level Android adware trojan that also sends SMS messages and steals information from the compromised device. Activity on this has increased steadily since April, Kindsight noted. The malware has its web based command-and-control (C&C) site located in China.

QdPlugin is another notable threat according to the firm, although the infection rate has leveled off over the past two months. It's an Android trojan that downloads and installs adware applications that steal information from the phone, such as IMEI, IMSI and country code. The malware is distributed as a repackaged version of legitimate games. The malware opens a C&C connection to a remote server located in the US. The purpose of this appears to be providing remote control of the adware applications.

"Malware and cybersecurity threats continue to be a growing problem for home networks and mobile devices, particularly for Android smartphones and tablets, which are increasingly targeted", said Kevin McNamee, security architect and director of Kindsight Security Labs, in a statement. "Users often don't take the appropriate security precautions for their mobile devices, and even when they do a malicious app can easily evade detection by device-based anti-virus."

To demonstrate how a smartphone can become a cyber-espionage device, McNamee said Kindsight has developed a proof-of-concept spy-phone software module that can be injected into just about any Android application. From a remote web-based command center the attacker can track the phone’s location; download contact lists and personal information; intercept and send messages; record conversations; and take pictures.

Meanwhile, although the 10% rate of infection within the home is up from the 9% rate tracked last quarter, the rate of high-level infection has stayed steady. About 6% of home networks exhibited high-level threats, such as bots, rootkits and trojan banking viruses. In addition, 5% of households are also infected with a moderate threat level malware such as spyware, browser hijackers or adware. Some households had multiple infections, including both high and moderate threat level infections.

The ZeroAccess botnet continues to be the most common malware threat, infecting 0.8% of broadband users. It downloads additional malware that is used in a large scale ad-click fraud. This fraud can cost internet advertisers millions of dollars each day. The bandwidth utilization is moderate at any given time, but when aggregated over a month can be quite significant for the user.

"We have observed this bot consuming up to 45 Gig of bandwidth over a month," said Kindsight in the report. "A variant also makes money through bitcoin mining. Due to the P2P nature of this infection the C&C is everywhere, with heavy concentrations of infection in the US, Europe and Asia."

What’s hot on Infosecurity Magazine?