The first quarter of 2013 turned out to be a busy time in IT security, according to a Q1 analysis by Kaspersky Lab, kicking off with the global cyberespionage operation known as Red October, which targeted various government agencies, diplomatic organizations and companies around the world. The MiniDuke zero-day vulnerability in Adobe Reader, Chinese hacking allegations by Mandiant, watering hole attacks on Apple and Facebook, and an Evernote campaign have marked the quarter as a significant one on the cybersecurity front. However, echoing other research, the mobile arena is seeing a persistent, and fast, growth rate of new bugs.
Kaspersky Lab’s data shows that in 2012 Android became the No. 1 target among virus writers as Google’s relatively open mobile operating system began to woo smartphone users from the iPhone. The number of threats over the course of the year grew steadily in an upswing that has continued into 2013.
“January is traditionally a quiet month for mobile virus writers — ‘only’ 1,262 new modifications appeared in the first month of the year,” Kaspersky said in the report. “But over the past few months, Kaspersky Lab has detected over 20,000 new mobile malware modifications. In February, we detected 12,044 mobile malware modifications, and another 9,443 in March. To compare — a total of 40,059 modifications of malicious programs targeting mobile devices were detected over the whole of 2012.”
SMS trojans, which send unauthorized text messages to short, premium-rate numbers, are still the most prevalent category of mobile threats and now represent 63.6% of all attacks.
First place this past quarter goes to Trojan-SMS.AndroidOS.FakeInst.a (29.45%). This threat targets primarily Russian-speaking internet users attempting to download software for Android devices from dubious sites. Often, cybercriminals use these websites to spread malware under the guise of useful software.
An adware trojan ranked second (18.78%), seen primarily in European countries, where it is used by the developers of free software to monetize products by displaying ads.
Third and fourth place both went to SMS trojans from the Opfake family: Trojan-SMS.AndroidOS.Opfake.a (12.23%) and Trojan-SMS.AndroidOS.Opfake.bo (11.49%).
“The first modifications of the Opfake family of threats were disguised as the latest version of Opera, a popular mobile browser,” Kaspersky noted. “Today, the malicious programs in this family are disguised as new versions of other popular apps (Skype, Angry Birds, etc.).”
There were two notable incidents in the quarter involving mobile malware: In the first two weeks of March, the well-known journalist Brian Krebs detected information on underground Russian-language forums about a new banking trojan targeting mobile devices and allegedly affecting users in 69 countries. Dubbed Perkel, it became clear that it was designed to steal text messages containing mTANs.
The second is the MTK Botnet, which by mid-January had infected up to one million Android devices owned primarily by Chinese users. The trojan spread via unofficial Chinese app stores with popular, cracked games. In addition to stealing information about the infected smartphone, user contact data and messages, threats in this family also hype up a variety of apps. To do so, the trojans stealthily download and install apps on the victim’s mobile device, and then give that app the highest possible rating in the app store. Then, they report their actions to a remote server.
“The number of apps for Android is constantly on the rise, and it is often a challenge to gain popularity with users — which is why these illegitimate tactics are becoming all the more common,” Kaspersky said.