The volume of mobile malware and high-risk apps soared to over two million in the first quarter of 2014, a decade after the first proof-of-concept mobile malware but only six months since the one million milestone was reached, according to Trend Micro.
The internet security vendor’s Q1 2014 Security Roundup claimed that increasing demand for stolen mobile data and readily available kits for packaging malware inside apps led to the discovery of 647,000 new pieces of malware in the period.
Cybercriminals have been testing out new tools and techniques to increase their chances of success this quarter, according to Trend Micro VP of security research, Rik Ferguson.
These include using Tor to anonymise command & control servers, and launching a new remote access toolkit – Dendroid – designed to take screenshots and record sound and videos from victims’ devices.
However, information theft still accounts for only a small proportion of mobile malware – around 19%, Ferguson told Infosecurity.
“Mirroring what we’re seeing in PC-based malware, it’s more about monetising legitimate services than setting up criminal services,” he added. “So we’ve seen a decline in premium service abuser malware and a rise in adware.”
That fall-off in premium service abuser malware is partly due to a concerted effort by regulators to better scrutinize accounts for any signs of illegality, explained Ferguson.
“This is a good thing because cybercrime is all about the money, so one of the best disruption points is in the money trail,” he added.
A final “area ripe for further abuse” is the burgeoning trend amongst mobile attackers for finding vulnerabilities in legitimate apps, potentially exposing user data or leaving at risk of being used to launch further attacks.
Trend Micro explained in a blog post on Monday that it found two such Android apps – an unnamed productivity app with at least 10 million installs, and a shopping app with at least one million.
“This issue lies in a certain Android component which basically executes functions of the app. This component has an attribute named ‘android:exported’, which, when set to ‘true’, allows this component to be executed or accessed by other applications,” wrote mobile threat analyst Weichao Sun.
“This means that apps installed within a device may be able to trigger certain functions in other apps. This has obvious convenient uses for developers and vendors who want to strike partnerships with apps by other vendors, but from a security standpoint, this also poses an opportunity for cyber criminals.”
An attacker could use the vulnerability to display pop-ups featuring malicious links, or even target content providers that handle critical info for the app, he explained.
Android developers were urged to check all components used in their apps and ensure that access is appropriately restricted.