Led by Ransomware, Android Threats Surge 75%

2014 saw the continued emergence of a pattern of regional adaptation for mobile malware, along with the rise of fresh mobile threat tactics and an increase in threat sophistication. There was also an astounding 75% jump in Android malware over the course of the year.

According to Lookout Security’s 2014 Mobile Threat Report, malware grew substantially over the year, and mobile threat sophistication and experimentation is on the rise. Lookout found that as mobile operators and platforms have continued to crack down on mobile attackers and their monetization methods, the attackers’ strategies have shifted from simple premium SMS scams to new things.

The increase in Android mobile malware is an increase driven largely by prolific new mobile threats like ransomware. Device-for-ransom malware schemes in fact surged globally, with variants like ScareMeNot and ScarePakage finishing in the top five most-prevalent mobile threats in the US, UK and Germany.

As an example, the latter masquerades as an Adobe Flash update or a variety of anti-virus apps, and is distributed as a drive-by-download. When downloaded, it pretends to scan victims’ phones and then locks the device after falsely reporting that its scan found illicit content.

Notably, in 2014 Lookout observed a handful of fresh mobile threats, such as DeathRing and a new variant of Mouabad, which suggested the compromise of mobile supply chains and pre-loading of malware on factory-shipped devices. DeathRing poses as a ringtone app and then surreptitiously downloads fake SMS content to infected devices, in a possible attempt to capture victim login credentials by impersonating trusted entities like banks via SMS.

In addition, a new variant of the threat NotCompatible, a sophisticated mobile threat with layers of complex self-defense mechanisms to evade detection and countermeasures, gained considerable traction in the US and Western Europe, the firm said.

In 2014 Lookout also observed CoinKrypt, one of the first instances of attackers attempting to use compromised mobile devices for cryptocurrency mining, which the firm called “a novel, if ultimately unprofitable scheme.” It drains battery life and monthly data allotment, but overall, mobile compute power is minimal. So, Lookout estimates that these activities yield minimal profits given the immense processing power required to mine crypto-currencies.

Adware prevalence meanwhile fell dramatically in 2014, evidence that Google’s crackdown on adware in the latter half of 2013 and its continued policing of the Play Store has substantially reduced the prevalence of abusive mobile advertising practices in Android applications. In some countries, such as the U.K., adware encounter rates are now surpassed by other threats like chargeware.

And, chargeware continued to be a regional phenomenon in the year, with the prevalence falling in the UK and France, but exploding in Germany, where it experienced a 250% surge. However, it has encounter rates of 9% in France and 11% in the UK, averaging much higher that those in countries like the US (4%).

While the growth is staggering, it should be noted that mobile still remains a fraction of WIndows-based threats. Even so, the success of ransomware in the United States and Western Europe indicates that when thwarted, mobile attackers will innovate and pivot to maintain an edge.

“In the face of more sophisticated adversaries, consumers can stay one step ahead by remaining vigilant, installing apps from trusted app marketplaces, and installing advanced mobile security solutions like Lookout on their devices,” Lookout said in the report.

What’s Hot on Infosecurity Magazine?