SlideShare uma empresa Scribd logo

Rpt repeating-history

Anatoliy Tkachev
Anatoliy Tkachev
1 de 16
Baixar para ler offline
TrendLabs 2012 Mobile Threat and Security Roundup Repeating History
The Mobile Threat Landscape............................................................ 2 There was a significant increase in malicious and high-risk Android app detections. Notable Development in Mobile Malware......................................... 5 New mobile malware attacks, increasing in sophistication, were developed by cybercriminals and attackers. Mobile Vulnerabilities........................................................................... 6 The discovery of Android vulnerabilities opened up the possibility of new infection vectors in the landscape. Aggressive Mobile Adware and Other High-Risk Tools................. 7 Mobile adware treaded the line between profit and user privacy. Other Mobility Issues........................................................................... 8 Privacy, battery life, and new mobile platforms became major concerns for mobile users. The Future of Android Malware.......................................................... 11 New delivery methods and more sophisticated malware are only two of the emerging trends in mobile malware. Protecting Your Mobile Devices........................................................12
Android seems to be repeating history by way of Windows. The platform’s growing dominance in the mobile landscape echoes that of Windows in the desktop and laptop space.1 And much like Windows, Android’s popularity is making it a prime target for cybercriminals and attackers, albeit at a much faster pace. In 2012, we detected 350,000 malicious and high-risk Android app samples, showing a significant increase from the 1,000 samples seen in 2011. It took less than three years for malicious and high-risk Android apps to reach this number—a feat that took Windows malware 14 years.2 Just as Windows malware varied, so did Android malware—around 605 new malicious families were detected in 2012. Premium service abusers, which charge users for sending text messages to a premium- rate number, comprised the top mobile threat type, with transactions typically costing users US$9.99 a month.3 And victims of mobile threats didn’t just lose money, they also lost their privacy. The issue of data leakage continued to grow as more ad networks accessed and gathered personal information via aggressive adware. Aggressive adware in mobile devices are now similar to the notorious spyware, adware, and click-fraud malware rampant in the early days of the PC malware era. They, like PC malware, generate profit by selling user data. PC malware took advantage of loopholes in legitimate ads and affiliate networks, while today’s aggressive adware can cause data leakages that aren’t always limited to malicious apps. Even popular and legitimate apps can disclose data.4 We’ve seen the same kinds of threats in the early web threat days of PC malware appear in the Android malware landscape—all in roughly three years. 1
The Mobile Threat Landscape Android Threat Growth The increase in the number of detections in the latter part of 2012 was due to the rise of high-risk apps. 2012 saw an exponential increase in the number of The growth of Android malware also indicates detected Android malware, with 350,000 malicious the speed by which cybercriminals are targeting samples by yearend. The number of detections spiked multiple platforms. We released our “Annual Security in the third quarter from 41,000 to 156,000 samples. Roundup: Evolved Threats in a ‘Post-PC’ World,” The significant increase was due to the swell in which goes into more detail about the new post-PC aggressive adware.5 threat environment. 2
Distribution of Threat Types Premium service abusers topped this year’s list of most common malicious and high-risk Android app detections. They behave like the dialers of the desktop environment. Dialers call premium numbers and leave users with charges for calls to long-distance numbers or pay-per-call sites. Cybercriminals may have favored premium service abusers because they are simpler to create and less risky to use compared with Top 10 Malware committing credit card fraud or distributing fake Families antivirus. Premium service abusers also topped the list of most commonly seen Android malware in 2012. Often disguised as popular apps, they are designed to trick users into installing them. We spotted a rogue version of the game “Bad Piggies,” which was actually a FAKEINST variant.6 SMSBOXER variants spoof several best-selling Android apps, including “Angry Birds Space” and Instagram.7 GAPPUSIN variants, meanwhile, download other malicious apps and steal information from infected devices.8 3
Data Types Commonly Stolen The information stolen by data stealers—one of the top threats this year—may be used by cybercriminals for malicious schemes. They can, for instance, take advantage of a user’s contact list for SMS phishing or sell stolen information in the underground market. Some frequently stolen data include: • Application Programming Interface (API) key—a value that • Location authenticates service users • Network operator • Application ID • Phone ID and model • Contact list • Phone number • International Mobile Station Equipment Identity (IMEI)—a number • Text messages used to identify mobile devices • International Mobile Subscriber Identity (IMSI)—a number used to identify subscribers in a network Top 10 Countries with the Most Malicious Apps Downloaded Nigeria was the country with the most malicious apps downloaded, followed by Peru and India. Other countries in the top 30 include New Zealand (17), Germany (24), and the U.S. (26). The ranking was based on the percentage of apps rated as malicious over the total number of apps scanned per country. The ranking was limited to countries with at least 10,000 scans. The rating was based on the yearly analysis of real-time threat detection via Trend Micro™ Mobile Security Personal Edition. 4
Notable Development in Mobile Malware Mobile malware attacks showed increasing levels of New attack methods were seen this year. In contrast sophistication. From traditional social engineering to the typical routine of premium service abusers, a lures, cybercriminals developed new methods fake version of the GoWeather app logs in to a third- of victimizing users throughout the year. The party app store to download paid apps and media introduction of new methods can lead to more without the user’s knowledge.11 A Trojanized security complex attacks in the future. app was used together with the desktop threat, ZeuS, to steal Mobile Transaction Authentication Numbers Cybercriminals still favored social engineering. Rogue (mTANs) from the text messages of online banking or Trojanized versions of popular apps like “Angry users. A photo app leveraged system exploits to allow Birds Space” and Instagram were used to disguise remote attackers to gain administrator privileges on premium service abusers.9 Cybercriminals were quick a device. to capitalize on new apps, too. As previously stated, fake versions of “Bad Piggies” appeared merely a Threat actors are now expanding their targeted month after the release of the legitimate version.10 attacks to include mobile platforms. While monitoring Cybercriminals sometimes met the demand for apps a command-and-control (C&C) server connected before legitimate vendors did. Fake Pinterest apps to the Luckycat campaign, we discovered specific appeared in the market months before the official Android malware variants in the early stages of version came out. These fake apps were often hosted development.12 on Russian domains, with a domain for each fake app. 5
Mobile Vulnerabilities Software vulnerabilities have long been exploited by cybercriminals and attackers for their malicious schemes. For instance, zero-day vulnerabilities were exploited in attacks using the Blackhole Exploit Kit13 and remote access Trojans (RATs).14 But such vulnerabilities were no longer just limited to the desktop environment. Android vulnerabilities were also discovered in 2012, making affected devices possible new infection vectors. Patching mobile vulnerabilities may be difficult as some carriers or phone manufacturers are slow to release updates.15 Older OS versions may not even receive updates—an issue similar to some Windows™ legacy systems.16 Dialpad App Vulnerability Android Debug Bridge (ADB) Vulnerability This vulnerability was found in the dialer app of The ADB was created to allow developers to certain smartphones. A vulnerable dialer app can communicate with connected Android devices for directly execute Unstructured Supplementary Service debugging purposes. However, its implementation Data (USSD) codes, including malicious ones, without contained a vulnerability that can allow a malicious app prompting the user.17 Cybercriminals can use this to to gain full control of a targeted app. Malicious apps remotely wipe data from a device. can take advantage of this vulnerability to steal data and control the run-time behavior of its targeted app. SMS Phishing Vulnerability Samsung Exynos Vulnerability This vulnerability can allow a running app to send fake text messages to the user.18 Attackers or This vulnerability was found in a driver of certain cybercriminals can exploit this vulnerability to bypass Samsung devices. It allows any installed app to user permissions. They can simply use fake text access the phone’s memory.19 Attackers can use this messages to solicit sensitive user information. vulnerability to gain complete control of a device. 6
Aggressive Mobile Adware and Other High-Risk Tools App developers integrate advertising libraries to their apps to generate revenue. According to our research, over 90% of the free apps we found contained ad libraries—modules used by ad networks to push ads. Though ad libraries are not inherently malicious, we found apps with ad libraries that try to gather data without explicitly notifying users. They also aggressively display ads, even via notifications. The aggressive display of ads is reminiscent Top 10 Adware of Windows adware, which have been plaguing Families desktops and laptops and annoying users with pop-up messages. The prevalence of aggressive adware brought three major issues to light: Fraudulent text messages: Ad networks sometimes send out ads in the form of fake text messages. This method tricks users to click ads.20 User annoyance: Some apps send out constant notifications or announcements. Not only does this annoy users, it also contributes to battery drainage.21 Data leakage: Ad libraries can collect sensitive data like GPS location, call logs, phone numbers, and device information.22 One study found that some ad libraries even made personal information directly accessible to advertisers.23 Ad libraries expanded the Aside from aggressive adware, other high-risk number of parties privy to private information, which tools also became prominent this year. While not can lead to misuse. inherently malicious, these apps can be exploited by However, efforts have been made to remedy these malicious individuals for their own gain. High-risk issues. Some of the top mobile ad networks enforced tools may be viewed as the mobile equivalent of compliance measures in line with Google’s revised PC grayware. They can track user data like device developer policy. Their new software developer kits location, phone calls, and messages. One particular (SDKs) had opt-in mechanisms, giving users the app, Spy Phone PRO+, gained notoriety because ability to either allow or forbid ad networks to collect despite clearly stating its purpose, it was downloaded data and display ads outside apps. more than 100,000 times from Google Play.24 7
Other Mobility Issues Just as desktop and laptop users have concerns App Use and Privacy beyond malware, so do mobile users. Privacy is a App use has become the cornerstone for smartphone concern for both platform users, given the amount ownership. A Nielsen study showed that the number of data sent online. Desktop and laptop users often of apps U.S. smartphone users install increased worry about the speed and performance of their from 32 in 2011 to 41 in 2012.25 Research from Flurry computers. Mobile users, meanwhile, are concerned revealed that the average amount of time spent on with device battery consumption. apps grew 35% in 2012.26 But while apps continue Early desktop users were rarely concerned with OS to rise in popularity, users may not be aware that version updates as these often came several years in- they can put personal data at risk.27 Apps like “Angry between. Mobile users now face the task of regularly Birds” and “Angry Birds Space” can access data like a updating their devices as platform refreshes come in phone’s IMEI number and a user’s location. at a much faster rate. The issue of data access is made more difficult because each user has a different definition of privacy. What may seem invasive to one user may be viewed as routine by another. It is up to users to decide the how much information they are willing to disclose to their apps. Top 10 Countries at Risk of Privacy Exposure India topped the list, followed by Turkey and the Philippines. Other countries in the top 30 include Germany (15), Australia (16), and the U.K. (19). The ranking was based on the percentage of apps rated as high-risk over the total number of apps scanned per country. The ranking was limited to countries with at least 10,000 scans. The rating was based on the yearly analysis of real-time threat detection via Trend Micro™ Mobile Security Personal Edition. 8
Managing Battery Life Privacy wasn’t the only concern of users. A Trend A study by Purdue University and Microsoft stated Micro study found that battery drainage was the that more energy is consumed by third-party ads biggest smartphone concern of more than 60% of in free apps than the apps themselves.29 Recent the respondents.28 While users can tweak their device findings from Trend Micro™ Longevity for Android™ settings to lower power consumption, they fail to app showed that 18% of the apps users downloaded realize that app use also causes battery drainage. rated ”poor” in battery utilization. Top 10 Countries with the Most Battery-Draining Apps The country with the most battery-draining apps is Thailand. Other countries in the list include Japan, Singapore, and the U.S. The rating was based on yearly analysis of data collated via Trend Micro Longevity for Android. The ranking was limited to countries with at least 10,000 scans. 9
Security by Mobile Platform Performance and ease of use are not the only Jelly Bean 4.2, the latest version of the Android things now considered when buying a smartphone. OS, offers users control over app access rights and Security has also become a major factor to consider, access to files on a shared device. Jelly Bean had especially in the presence of mobile threats. In 2012, an improved setup that divided permissions into mobile OS vendors released platform refreshes with two categories—privacy and device access. It also upgraded or new security and privacy features. came with real-time malicious app scanning that complemented Bouncer, a service that scans Google Apple has long taken an aggressive stance when it Play for potentially malicious apps.30 comes to securing its iOS platform. Its most recent version, iOS 6, gives users more control over their Windows 8 boasts of multiple layers of security, privacy. The new privacy settings let users decide including three key security features—extended which apps can access data like user location, Information Rights Management (IRM) and automatic contacts, photos, Bluetooth-shared files, Tweets, and device encryption, real-time phishing filtering, and Facebook posts. iOS 6 used Identifier for Advertisers Kids Corner. Extended IRM and device encryption (IFA) tracking technology, which allows users to control the amount of access allowed to specific switch off mobile tracking and be marked as unwilling emails and documents hosted on a Windows participants in advertisers’ data-gathering process. server. Real-time phishing filtering uses Microsoft’s IFA only kept track of online habits, a marked SmartScreen URL reputation system to notify users difference from the previously used Unique Device every time they land on phishing sites. Kids Corner Identifiers (UDIDs), which paired devices to users’ allows children access to only the apps and media personal information. content a parent selects. 10
The Future of Android Malware As the popularity of Android continues to grow, so More devices (and more threats) in the workplace: will the number of threats its users face. The volume Bring your own device (BYOD) is fast becoming a of malicious and high-risk Android apps will reach norm for many organizations.32 But rather than 1 million in 2013.31 Aside from increasing in number, having uniform devices, users will opt to bring here are additional predictions about Android multiple devices that run on different platforms.33 malware: Cybercriminals and attackers will take advantage of the multiple devices and platforms at work to spread New delivery methods: Social networking apps malware. now allow users to sync various social networking accounts. Malicious individuals will take advantage More sophisticated malware: Android malware will this feature to simultaneously post mobile malware continue to evolve to avoid detection by security links to different social networks. apps and bypass platform security measures. This evolution will come in the form of rootkits. Security QR codes will also be exploited by malicious researchers have published a proof-of-concept (POC) individuals to spread Android malware. rootkit, which shows how rootkits can be used by Combined mobile-desktop threats: Android malware authors to gain full control of a mobile malware will also become part of attack chains device without being detected.34 involving desktop threats, particularly for attacks New targets: More malware attacks will focus on new targeting online banking transactions. payment methods like near-field communications (NFC) to steal financial information. 11
Protecting Your Mobile Devices With the constant changes in the mobile threat landscape, smartphone owners should secure their devices. Here are some steps to protect devices against mobile threats: • Use your device’s built-in security features. • Regularly check for software updates. Opt for phones that have security features and Software updates are usually released to address use them. Built-in security features like password, issues like vulnerabilities or improve software pattern, or PIN lock options prevent outsiders performance. from accessing your data should your phone get • Invest in a security app. Security apps can misplaced or stolen. inform you if an app has malicious or suspicious • Do research on apps before downloading them behaviors. Some apps even protect data with even from trusted sources. Cybercriminals features like remote wipe or privacy scanner. often disguise malware by spoofing popular • Set BYOD policies at work. Organizations should apps. Familiarize yourself with details of popular decide which employees will only be allowed to apps (e.g., the name of the developer) to ensure bring devices and what types of devices they will that you download the legitimate version. It is support. Set up procedures to take if a device is advisable to download from reputable app stores stolen, lost, or damaged. like Google Play than third-party ones. • Read permissions before installing apps. Malicious apps usually seek access to various kinds of data stored in a mobile device. Read permissions to check what type of actions an app will perform once installed. Be wary of apps that require more permissions than necessary (e.g., a calendar app that seeks access to your call logs). 12
References 1 http://www.businesswire.com/news/home/20121101006891/en/Android-Marks-Fourth-Anniversary-Launch- 75.0-Market 2 http://www.av-test.org 3 http://news.cnet.com/8301-27080_3-20048132-245.html 4 http://blog.trendmicro.com/trendlabs-security-intelligence/do-you-know-what-data-your-mobile-app- discloses/ 5 http://about-threats.trendmicro.com/us/mobilehub/mobilereview/rpt_mothly_mobile_review_201209_the_ growing_problem_of_mobile_adware.pdf 6 http://blog.trendmicro.com/trendlabs-security-intelligence/malicious-developers-released-rogue-bad-piggies- versions/ 7 http://blog.trendmicro.com/trendlabs-security-intelligence/rogue-instagram-and-angry-birds-space-for- android-spotted/ 8 http://blog.trendmicro.com/trendlabs-security-intelligence/1730-malicious-apps-still-available-on-popular- android-app-providers/ 9 http://blog.trendmicro.com/trendlabs-security-intelligence/rogue-instagram-and-angry-birds-space-for- android-spotted/ 10 http://blog.trendmicro.com/trendlabs-security-intelligence/malicious-developers-released-rogue-bad-piggies- versions/ 11 http://blog.trendmicro.com/trendlabs-security-intelligence/android-malware-family-downloads-paid-media- and-apps/ 12 http://www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-papers/wp_adding-android-and- mac-osx-malware-to-the-apt-toolbox.pdf 13 http://blog.trendmicro.com/trendlabs-security-intelligence/java-zero-days-and-the-blackhole-exploit-kit/ 14 http://blog.trendmicro.com/trendlabs-security-intelligence/new-ie-zero-day-exploit-leads-to-poisonivy/ 15 http://blog.trendmicro.com/trendlabs-security-intelligence/dirty-ussds-and-the-android-update-problem/ 16 http://windows.microsoft.com/en-US/windows/end-support-help 17 http://www.theregister.co.uk/2012/09/25/samsung_flaw/ 18 http://www.theregister.co.uk/2012/11/08/android_vulnerability_in_adware/ 19 http://blog.trendmicro.com/trendlabs-security-intelligence/exynos-based-android-devices-suffer-from- vulnerability/ 20 http://blog.trendmicro.com/trendlabs-security-intelligence/164-unique-android-adware-still-online/ 21 http://about-threats.trendmicro.com/us/mobilehub/mobilereview/rpt_mothly_mobile_review_201209_the_ growing_problem_of_mobile_adware.pdf 22 http://about-threats.trendmicro.com/us/mobilehub/mobilereview/rpt-monthly-mobile-review-the-hidden-risk- behind-mobile-ad-networks-201212.pdf 23 http://www4.ncsu.edu/~mcgrace/WISEC12_ADRISK.pdf 24 http://blog.trendmicro.com/trendlabs-security-intelligence/17-bad-mobile-apps-still-up-700000-downloads-so- far/ 25 http://blog.nielsen.com/nielsenwire/?p=31891 26 http://blog.flurry.com/bid/92105/Mobile-Apps-We-Interrupt-This-Broadcast 27 http://blog.trendmicro.com/trendlabs-security-intelligence/do-you-know-what-data-your-mobile-app- discloses/ 28 http://fearlessweb.trendmicro.com/2012/misc/report-3rd-party-advertising-in-free-apps-drains-smartphone- battery-power/ 29 http://research.microsoft.com/en-us/people/mzh/eurosys-2012.pdf 30 http://googlemobile.blogspot.com/2012/02/android-and-security.html 31 http://www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/spotlight-articles/sp-trend-micro- predictions-for-2013-and-beyond.pdf 32 http://www.trendmicro.com/cloud-content/us/pdfs/business/white-papers/wp_forrester_measure-value-of- consumerization.pdf 33 http://www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/spotlight-articles/sp-trend-micro- predictions-for-2013-and-beyond.pdf 34 http://www.reuters.com/article/2010/07/30/us-hackers-android-idUSTRE66T52O20100730
TREND MICRO INCORPORATED TRENDLABSSM Trend Micro Incorporated (TYO: 4704; TSE: 4704), a global cloud TrendLabs is a multinational research, development, and support security leader, creates a world safe for exchanging digital information center with an extensive regional presence committed to 24x7 threat with its Internet content security and threat management solutions surveillance, attack prevention, and timely and seamless solutions for businesses and consumers. A pioneer in server security with delivery. With more than 1,000 threat experts and support engineers over 20 years’ experience, we deliver top-ranked client, server and deployed round-the-clock in labs located around the globe, TrendLabs cloud-based security that fits our customers’ and partners’ needs, enables Trend Micro to continuously monitor the threat landscape stops new threats faster, and protects data in physical, virtualized and across the globe; deliver real-time data to detect, to preempt, and to cloud environments. Powered by the industry-leading Trend Micro™ eliminate threats; research on and analyze technologies to combat Smart Protection Network™ cloud computing security infrastructure, new threats; respond in real time to targeted threats; and help our products and services stop threats where they emerge—from the customers worldwide minimize damage, reduce costs, and ensure Internet. They are supported by 1,000+ threat intelligence experts business continuity. around the globe. ©2013 by Trend Micro Incorporated. All rights reserved. Trend Micro and the Trend Micro t-ball logo are trademarks or registered trademarks of Trend Micro Incorporated. All other product or company names may be trademarks or registered trademarks of their owners.

Recomendados

TrendLabs 2012 Annual Security Roundup: Evolved Threats in a “Post-PC” World
TrendLabs 2012 Annual Security Roundup: Evolved Threats in a “Post-PC” WorldTrendLabs 2012 Annual Security Roundup: Evolved Threats in a “Post-PC” World
TrendLabs 2012 Annual Security Roundup: Evolved Threats in a “Post-PC” WorldInfinigate Group
 
2012 nq mobile_security_report
2012 nq mobile_security_report2012 nq mobile_security_report
2012 nq mobile_security_reportIsnur Rochmad
 
Rp threat-predictions-2013
Rp threat-predictions-2013Rp threat-predictions-2013
Rp threat-predictions-2013Комсс Файквэе
 
HinDroid
HinDroidHinDroid
HinDroidHinDroid
 
MALWARE DETECTION TECHNIQUES FOR MOBILE DEVICES
MALWARE DETECTION TECHNIQUES FOR MOBILE DEVICESMALWARE DETECTION TECHNIQUES FOR MOBILE DEVICES
MALWARE DETECTION TECHNIQUES FOR MOBILE DEVICESijmnct
 
Malware detection techniques for mobile devices
Malware detection techniques for mobile devicesMalware detection techniques for mobile devices
Malware detection techniques for mobile devicesijmnct
 
Security News bytes October 2013
Security News bytes October 2013Security News bytes October 2013
Security News bytes October 2013n|u - The Open Security Community
 
The Current State of Cybercrime 2014
The Current State of Cybercrime 2014The Current State of Cybercrime 2014
The Current State of Cybercrime 2014EMC
 

Recomendados

TrendLabs 2012 Annual Security Roundup: Evolved Threats in a “Post-PC” World
TrendLabs 2012 Annual Security Roundup: Evolved Threats in a “Post-PC” WorldTrendLabs 2012 Annual Security Roundup: Evolved Threats in a “Post-PC” World
TrendLabs 2012 Annual Security Roundup: Evolved Threats in a “Post-PC” WorldInfinigate Group
 
2012 nq mobile_security_report
2012 nq mobile_security_report2012 nq mobile_security_report
2012 nq mobile_security_reportIsnur Rochmad
 
Rp threat-predictions-2013
Rp threat-predictions-2013Rp threat-predictions-2013
Rp threat-predictions-2013Комсс Файквэе
 
HinDroid
HinDroidHinDroid
HinDroidHinDroid
 
MALWARE DETECTION TECHNIQUES FOR MOBILE DEVICES
MALWARE DETECTION TECHNIQUES FOR MOBILE DEVICESMALWARE DETECTION TECHNIQUES FOR MOBILE DEVICES
MALWARE DETECTION TECHNIQUES FOR MOBILE DEVICESijmnct
 
Malware detection techniques for mobile devices
Malware detection techniques for mobile devicesMalware detection techniques for mobile devices
Malware detection techniques for mobile devicesijmnct
 
Security News bytes October 2013
Security News bytes October 2013Security News bytes October 2013
Security News bytes October 2013n|u - The Open Security Community
 
The Current State of Cybercrime 2014
The Current State of Cybercrime 2014The Current State of Cybercrime 2014
The Current State of Cybercrime 2014EMC
 
I haz you and pwn your maal whitepaper
I haz you and pwn your maal whitepaperI haz you and pwn your maal whitepaper
I haz you and pwn your maal whitepaperHarsimran Walia
 
Briskinfosec - Threatsploit Report Augest 2021- Cyber security updates
Briskinfosec - Threatsploit Report Augest 2021- Cyber security updatesBriskinfosec - Threatsploit Report Augest 2021- Cyber security updates
Briskinfosec - Threatsploit Report Augest 2021- Cyber security updatesBriskinfosec Technology and Consulting
 
“Design and Detection of Mobile Botnet Attacks”
“Design and Detection of Mobile Botnet Attacks”“Design and Detection of Mobile Botnet Attacks”
“Design and Detection of Mobile Botnet Attacks”iosrjce
 
P01761113118
P01761113118P01761113118
P01761113118IOSR Journals
 
Grift horse money stealing trojan takes 10m android users for a ride
Grift horse money stealing trojan takes 10m android users for a rideGrift horse money stealing trojan takes 10m android users for a ride
Grift horse money stealing trojan takes 10m android users for a rideRoen Branham
 
Comilion introduction presentation 26102012 (1)
Comilion introduction presentation 26102012 (1)Comilion introduction presentation 26102012 (1)
Comilion introduction presentation 26102012 (1)AP DealFlow
 
Pocket virus threat
Pocket virus threatPocket virus threat
Pocket virus threatAli J
 
Implementing security on android application
Implementing security on android applicationImplementing security on android application
Implementing security on android applicationIAEME Publication
 
M86 security predictions 2011
M86 security predictions 2011M86 security predictions 2011
M86 security predictions 2011subramanian K
 
Evolutionand impactofhiddenmobilethreats wandera
Evolutionand impactofhiddenmobilethreats wanderaEvolutionand impactofhiddenmobilethreats wandera
Evolutionand impactofhiddenmobilethreats wanderaAnjoum .
 
H1 2011 E-Threat Landscape Report
H1 2011 E-Threat Landscape ReportH1 2011 E-Threat Landscape Report
H1 2011 E-Threat Landscape ReportBitdefender
 
BETTER- Threat Whitepaper- PoS
BETTER- Threat Whitepaper- PoSBETTER- Threat Whitepaper- PoS
BETTER- Threat Whitepaper- PoSPurna Bhat
 
E-threat landscape report H1 2012
E-threat landscape report H1 2012E-threat landscape report H1 2012
E-threat landscape report H1 2012BitDefenderRo
 
Rp quarterly-threat-q1-2012
Rp quarterly-threat-q1-2012Rp quarterly-threat-q1-2012
Rp quarterly-threat-q1-2012Комсс Файквэе
 
Adaptive Mobile Malware Detection Model Based on CBR
Adaptive Mobile Malware Detection Model Based on CBRAdaptive Mobile Malware Detection Model Based on CBR
Adaptive Mobile Malware Detection Model Based on CBRijtsrd
 
Report on Mobile security
Report on Mobile securityReport on Mobile security
Report on Mobile securityKavita Rastogi
 
14 cyber threats
14 cyber threats14 cyber threats
14 cyber threatsmahesh43211
 
Symantec Website Security Threat Report
Symantec Website Security Threat ReportSymantec Website Security Threat Report
Symantec Website Security Threat Reportcheinyeanlim
 
10940 img sytr12_mobile_malware
10940 img sytr12_mobile_malware10940 img sytr12_mobile_malware
10940 img sytr12_mobile_malwareSytelReplyUK
 
IRJET- A Survey on Android Ransomware and its Detection Methods
IRJET- A Survey on Android Ransomware and its Detection MethodsIRJET- A Survey on Android Ransomware and its Detection Methods
IRJET- A Survey on Android Ransomware and its Detection MethodsIRJET Journal
 
Android pcsl 201208_en
Android pcsl 201208_enAndroid pcsl 201208_en
Android pcsl 201208_enAnatoliy Tkachev
 
Avc fdt 201209_en
Avc fdt 201209_enAvc fdt 201209_en
Avc fdt 201209_enAnatoliy Tkachev
 

Mais conteúdo relacionado

Mais procurados

I haz you and pwn your maal whitepaper
I haz you and pwn your maal whitepaperI haz you and pwn your maal whitepaper
I haz you and pwn your maal whitepaperHarsimran Walia
 
Briskinfosec - Threatsploit Report Augest 2021- Cyber security updates
Briskinfosec - Threatsploit Report Augest 2021- Cyber security updatesBriskinfosec - Threatsploit Report Augest 2021- Cyber security updates
Briskinfosec - Threatsploit Report Augest 2021- Cyber security updatesBriskinfosec Technology and Consulting
 
“Design and Detection of Mobile Botnet Attacks”
“Design and Detection of Mobile Botnet Attacks”“Design and Detection of Mobile Botnet Attacks”
“Design and Detection of Mobile Botnet Attacks”iosrjce
 
Grift horse money stealing trojan takes 10m android users for a ride
Grift horse money stealing trojan takes 10m android users for a rideGrift horse money stealing trojan takes 10m android users for a ride
Grift horse money stealing trojan takes 10m android users for a rideRoen Branham
 
Comilion introduction presentation 26102012 (1)
Comilion introduction presentation 26102012 (1)Comilion introduction presentation 26102012 (1)
Comilion introduction presentation 26102012 (1)AP DealFlow
 
Pocket virus threat
Pocket virus threatPocket virus threat
Pocket virus threatAli J
 
Implementing security on android application
Implementing security on android applicationImplementing security on android application
Implementing security on android applicationIAEME Publication
 
M86 security predictions 2011
M86 security predictions 2011M86 security predictions 2011
M86 security predictions 2011subramanian K
 
Evolutionand impactofhiddenmobilethreats wandera
Evolutionand impactofhiddenmobilethreats wanderaEvolutionand impactofhiddenmobilethreats wandera
Evolutionand impactofhiddenmobilethreats wanderaAnjoum .
 
H1 2011 E-Threat Landscape Report
H1 2011 E-Threat Landscape ReportH1 2011 E-Threat Landscape Report
H1 2011 E-Threat Landscape ReportBitdefender
 
BETTER- Threat Whitepaper- PoS
BETTER- Threat Whitepaper- PoSBETTER- Threat Whitepaper- PoS
BETTER- Threat Whitepaper- PoSPurna Bhat
 
E-threat landscape report H1 2012
E-threat landscape report H1 2012E-threat landscape report H1 2012
E-threat landscape report H1 2012BitDefenderRo
 
Adaptive Mobile Malware Detection Model Based on CBR
Adaptive Mobile Malware Detection Model Based on CBRAdaptive Mobile Malware Detection Model Based on CBR
Adaptive Mobile Malware Detection Model Based on CBRijtsrd
 
Report on Mobile security
Report on Mobile securityReport on Mobile security
Report on Mobile securityKavita Rastogi
 
14 cyber threats
14 cyber threats14 cyber threats
14 cyber threatsmahesh43211
 
Symantec Website Security Threat Report
Symantec Website Security Threat ReportSymantec Website Security Threat Report
Symantec Website Security Threat Reportcheinyeanlim
 
10940 img sytr12_mobile_malware
10940 img sytr12_mobile_malware10940 img sytr12_mobile_malware
10940 img sytr12_mobile_malwareSytelReplyUK
 
IRJET- A Survey on Android Ransomware and its Detection Methods
IRJET- A Survey on Android Ransomware and its Detection MethodsIRJET- A Survey on Android Ransomware and its Detection Methods
IRJET- A Survey on Android Ransomware and its Detection MethodsIRJET Journal
 

Mais procurados (20)

I haz you and pwn your maal whitepaper
I haz you and pwn your maal whitepaperI haz you and pwn your maal whitepaper
I haz you and pwn your maal whitepaper
 
Briskinfosec - Threatsploit Report Augest 2021- Cyber security updates
Briskinfosec - Threatsploit Report Augest 2021- Cyber security updatesBriskinfosec - Threatsploit Report Augest 2021- Cyber security updates
Briskinfosec - Threatsploit Report Augest 2021- Cyber security updates
 
“Design and Detection of Mobile Botnet Attacks”
“Design and Detection of Mobile Botnet Attacks”“Design and Detection of Mobile Botnet Attacks”
“Design and Detection of Mobile Botnet Attacks”
 
P01761113118
P01761113118P01761113118
P01761113118
 
Grift horse money stealing trojan takes 10m android users for a ride
Grift horse money stealing trojan takes 10m android users for a rideGrift horse money stealing trojan takes 10m android users for a ride
Grift horse money stealing trojan takes 10m android users for a ride
 
Comilion introduction presentation 26102012 (1)
Comilion introduction presentation 26102012 (1)Comilion introduction presentation 26102012 (1)
Comilion introduction presentation 26102012 (1)
 
Pocket virus threat
Pocket virus threatPocket virus threat
Pocket virus threat
 
Implementing security on android application
Implementing security on android applicationImplementing security on android application
Implementing security on android application
 
M86 security predictions 2011
M86 security predictions 2011M86 security predictions 2011
M86 security predictions 2011
 
Evolutionand impactofhiddenmobilethreats wandera
Evolutionand impactofhiddenmobilethreats wanderaEvolutionand impactofhiddenmobilethreats wandera
Evolutionand impactofhiddenmobilethreats wandera
 
H1 2011 E-Threat Landscape Report
H1 2011 E-Threat Landscape ReportH1 2011 E-Threat Landscape Report
H1 2011 E-Threat Landscape Report
 
BETTER- Threat Whitepaper- PoS
BETTER- Threat Whitepaper- PoSBETTER- Threat Whitepaper- PoS
BETTER- Threat Whitepaper- PoS
 
E-threat landscape report H1 2012
E-threat landscape report H1 2012E-threat landscape report H1 2012
E-threat landscape report H1 2012
 
Rp quarterly-threat-q1-2012
Rp quarterly-threat-q1-2012Rp quarterly-threat-q1-2012
Rp quarterly-threat-q1-2012
 
Adaptive Mobile Malware Detection Model Based on CBR
Adaptive Mobile Malware Detection Model Based on CBRAdaptive Mobile Malware Detection Model Based on CBR
Adaptive Mobile Malware Detection Model Based on CBR
 
Report on Mobile security
Report on Mobile securityReport on Mobile security
Report on Mobile security
 
14 cyber threats
14 cyber threats14 cyber threats
14 cyber threats
 
Symantec Website Security Threat Report
Symantec Website Security Threat ReportSymantec Website Security Threat Report
Symantec Website Security Threat Report
 
10940 img sytr12_mobile_malware
10940 img sytr12_mobile_malware10940 img sytr12_mobile_malware
10940 img sytr12_mobile_malware
 
IRJET- A Survey on Android Ransomware and its Detection Methods
IRJET- A Survey on Android Ransomware and its Detection MethodsIRJET- A Survey on Android Ransomware and its Detection Methods
IRJET- A Survey on Android Ransomware and its Detection Methods
 

Destaque

Zero days-hit-users-hard-at-the-start-of-the-year-en
Zero days-hit-users-hard-at-the-start-of-the-year-enZero days-hit-users-hard-at-the-start-of-the-year-en
Zero days-hit-users-hard-at-the-start-of-the-year-enAnatoliy Tkachev
 
Avcomparatives Survey 2011
Avcomparatives Survey 2011Avcomparatives Survey 2011
Avcomparatives Survey 2011Anatoliy Tkachev
 
Hii assessing the_effectiveness_of_antivirus_solutions
Hii assessing the_effectiveness_of_antivirus_solutionsHii assessing the_effectiveness_of_antivirus_solutions
Hii assessing the_effectiveness_of_antivirus_solutionsAnatoliy Tkachev
 

Destaque (18)

Android pcsl 201208_en
Android pcsl 201208_enAndroid pcsl 201208_en
Android pcsl 201208_en
 
Avc fdt 201209_en
Avc fdt 201209_enAvc fdt 201209_en
Avc fdt 201209_en
 
Avc beh 201207_en
Avc beh 201207_enAvc beh 201207_en
Avc beh 201207_en
 
Summary2010
Summary2010Summary2010
Summary2010
 
Dtl 2013 q1_home.1
Dtl 2013 q1_home.1Dtl 2013 q1_home.1
Dtl 2013 q1_home.1
 
Zero days-hit-users-hard-at-the-start-of-the-year-en
Zero days-hit-users-hard-at-the-start-of-the-year-enZero days-hit-users-hard-at-the-start-of-the-year-en
Zero days-hit-users-hard-at-the-start-of-the-year-en
 
Security survey2013 en
Security survey2013 enSecurity survey2013 en
Security survey2013 en
 
Avc per 201210_en
Avc per 201210_enAvc per 201210_en
Avc per 201210_en
 
Avc prot 2013a_en
Avc prot 2013a_enAvc prot 2013a_en
Avc prot 2013a_en
 
Avcomparatives Survey 2011
Avcomparatives Survey 2011Avcomparatives Survey 2011
Avcomparatives Survey 2011
 
Kis2010 ru
Kis2010 ruKis2010 ru
Kis2010 ru
 
Dtl 2012 q4_home.1
Dtl 2012 q4_home.1Dtl 2012 q4_home.1
Dtl 2012 q4_home.1
 
Drweb curenet-manual-ru
Drweb curenet-manual-ruDrweb curenet-manual-ru
Drweb curenet-manual-ru
 
Avc per 201206_en
Avc per 201206_enAvc per 201206_en
Avc per 201206_en
 
Hii assessing the_effectiveness_of_antivirus_solutions
Hii assessing the_effectiveness_of_antivirus_solutionsHii assessing the_effectiveness_of_antivirus_solutions
Hii assessing the_effectiveness_of_antivirus_solutions
 
Online payments-threats-2
Online payments-threats-2Online payments-threats-2
Online payments-threats-2
 
Avc per 201304_en
Avc per 201304_enAvc per 201304_en
Avc per 201304_en
 
Ncr mobile europe_russia
Ncr mobile europe_russiaNcr mobile europe_russia
Ncr mobile europe_russia
 

Semelhante a Rpt repeating-history

Panda labs annual report 2012
Panda labs annual report 2012Panda labs annual report 2012
Panda labs annual report 2012Itex Solutions
 
Enter Sandbox: Android Sandbox Comparison
Enter Sandbox: Android Sandbox ComparisonEnter Sandbox: Android Sandbox Comparison
Enter Sandbox: Android Sandbox ComparisonJose Moruno Cadima
 
The Current State of Cybercrime 2013
The Current State of Cybercrime 2013The Current State of Cybercrime 2013
The Current State of Cybercrime 2013EMC
 
Droidcon2013 security genes_trendmicro
Droidcon2013 security genes_trendmicroDroidcon2013 security genes_trendmicro
Droidcon2013 security genes_trendmicroDroidcon Berlin
 
Android Malware: Study and analysis of malware for privacy leak in ad-hoc net...
Android Malware: Study and analysis of malware for privacy leak in ad-hoc net...Android Malware: Study and analysis of malware for privacy leak in ad-hoc net...
Android Malware: Study and analysis of malware for privacy leak in ad-hoc net...IOSR Journals
 
F-Secure Mobile Threat Report Quarter 1 2012
F-Secure Mobile Threat Report Quarter 1 2012F-Secure Mobile Threat Report Quarter 1 2012
F-Secure Mobile Threat Report Quarter 1 2012F-Secure Corporation
 
Review on mobile threats and detection techniques
Review on mobile threats and detection techniquesReview on mobile threats and detection techniques
Review on mobile threats and detection techniquesijdpsjournal
 
Mobile threatreport q1_2012
Mobile threatreport q1_2012Mobile threatreport q1_2012
Mobile threatreport q1_2012Shivmohan Yadav
 
Malware Improvements in Android OS
Malware Improvements in Android OSMalware Improvements in Android OS
Malware Improvements in Android OSPranav Saini
 
Top cyber security trends for 2014
Top cyber security trends for 2014Top cyber security trends for 2014
Top cyber security trends for 2014Abdullah Al-Ghamdi
 
Third Annual Mobile Threats Report
Third Annual Mobile Threats ReportThird Annual Mobile Threats Report
Third Annual Mobile Threats ReportJuniper Networks
 
CYREN 2013년 인터넷 위협 보고서_영문
CYREN 2013년 인터넷 위협 보고서_영문CYREN 2013년 인터넷 위협 보고서_영문
CYREN 2013년 인터넷 위협 보고서_영문Jiransoft Korea
 
Internet security threat report 2013
Internet security threat report 2013Internet security threat report 2013
Internet security threat report 2013Karim Shaikh
 
ANDROID UNTRUSTED DETECTION WITH PERMISSION BASED SCORING ANALYSIS
ANDROID UNTRUSTED DETECTION WITH PERMISSION BASED SCORING ANALYSISANDROID UNTRUSTED DETECTION WITH PERMISSION BASED SCORING ANALYSIS
ANDROID UNTRUSTED DETECTION WITH PERMISSION BASED SCORING ANALYSISijitcs
 
A Systematic Review of Android Malware Detection Techniques
A Systematic Review of Android Malware Detection TechniquesA Systematic Review of Android Malware Detection Techniques
A Systematic Review of Android Malware Detection TechniquesCSCJournals
 
AndRadar: Fast Discovery of Android Applications in Alternative Markets
AndRadar: Fast Discovery of Android Applications in Alternative MarketsAndRadar: Fast Discovery of Android Applications in Alternative Markets
AndRadar: Fast Discovery of Android Applications in Alternative MarketsFACE
 

Semelhante a Rpt repeating-history (20)

Panda labs annual report 2012
Panda labs annual report 2012Panda labs annual report 2012
Panda labs annual report 2012
 
Panda labs annual-report-2012
Panda labs annual-report-2012Panda labs annual-report-2012
Panda labs annual-report-2012
 
Enter Sandbox: Android Sandbox Comparison
Enter Sandbox: Android Sandbox ComparisonEnter Sandbox: Android Sandbox Comparison
Enter Sandbox: Android Sandbox Comparison
 
The Current State of Cybercrime 2013
The Current State of Cybercrime 2013The Current State of Cybercrime 2013
The Current State of Cybercrime 2013
 
Droidcon2013 security genes_trendmicro
Droidcon2013 security genes_trendmicroDroidcon2013 security genes_trendmicro
Droidcon2013 security genes_trendmicro
 
Android Malware: Study and analysis of malware for privacy leak in ad-hoc net...
Android Malware: Study and analysis of malware for privacy leak in ad-hoc net...Android Malware: Study and analysis of malware for privacy leak in ad-hoc net...
Android Malware: Study and analysis of malware for privacy leak in ad-hoc net...
 
F-Secure Mobile Threat Report Quarter 1 2012
F-Secure Mobile Threat Report Quarter 1 2012F-Secure Mobile Threat Report Quarter 1 2012
F-Secure Mobile Threat Report Quarter 1 2012
 
Review on mobile threats and detection techniques
Review on mobile threats and detection techniquesReview on mobile threats and detection techniques
Review on mobile threats and detection techniques
 
BLURRING BOUNDARIES
BLURRING BOUNDARIESBLURRING BOUNDARIES
BLURRING BOUNDARIES
 
Mobile threatreport q1_2012
Mobile threatreport q1_2012Mobile threatreport q1_2012
Mobile threatreport q1_2012
 
Malware Improvements in Android OS
Malware Improvements in Android OSMalware Improvements in Android OS
Malware Improvements in Android OS
 
Top cyber security trends for 2014
Top cyber security trends for 2014Top cyber security trends for 2014
Top cyber security trends for 2014
 
Third Annual Mobile Threats Report
Third Annual Mobile Threats ReportThird Annual Mobile Threats Report
Third Annual Mobile Threats Report
 
CYREN 2013년 인터넷 위협 보고서_영문
CYREN 2013년 인터넷 위협 보고서_영문CYREN 2013년 인터넷 위협 보고서_영문
CYREN 2013년 인터넷 위협 보고서_영문
 
Internet security threat report 2013
Internet security threat report 2013Internet security threat report 2013
Internet security threat report 2013
 
ANDROID UNTRUSTED DETECTION WITH PERMISSION BASED SCORING ANALYSIS
ANDROID UNTRUSTED DETECTION WITH PERMISSION BASED SCORING ANALYSISANDROID UNTRUSTED DETECTION WITH PERMISSION BASED SCORING ANALYSIS
ANDROID UNTRUSTED DETECTION WITH PERMISSION BASED SCORING ANALYSIS
 
B istr main-report_v18_2012_21291018.en-us
B istr main-report_v18_2012_21291018.en-usB istr main-report_v18_2012_21291018.en-us
B istr main-report_v18_2012_21291018.en-us
 
A Systematic Review of Android Malware Detection Techniques
A Systematic Review of Android Malware Detection TechniquesA Systematic Review of Android Malware Detection Techniques
A Systematic Review of Android Malware Detection Techniques
 
Mobile threat report_q3_2013
Mobile threat report_q3_2013Mobile threat report_q3_2013
Mobile threat report_q3_2013
 
AndRadar: Fast Discovery of Android Applications in Alternative Markets
AndRadar: Fast Discovery of Android Applications in Alternative MarketsAndRadar: Fast Discovery of Android Applications in Alternative Markets
AndRadar: Fast Discovery of Android Applications in Alternative Markets
 

Rpt repeating-history

  • 1. TrendLabs 2012 Mobile Threat and Security Roundup Repeating History
  • 2. The Mobile Threat Landscape............................................................ 2 There was a significant increase in malicious and high-risk Android app detections. Notable Development in Mobile Malware......................................... 5 New mobile malware attacks, increasing in sophistication, were developed by cybercriminals and attackers. Mobile Vulnerabilities........................................................................... 6 The discovery of Android vulnerabilities opened up the possibility of new infection vectors in the landscape. Aggressive Mobile Adware and Other High-Risk Tools................. 7 Mobile adware treaded the line between profit and user privacy. Other Mobility Issues........................................................................... 8 Privacy, battery life, and new mobile platforms became major concerns for mobile users. The Future of Android Malware.......................................................... 11 New delivery methods and more sophisticated malware are only two of the emerging trends in mobile malware. Protecting Your Mobile Devices........................................................12
  • 3. Android seems to be repeating history by way of Windows. The platform’s growing dominance in the mobile landscape echoes that of Windows in the desktop and laptop space.1 And much like Windows, Android’s popularity is making it a prime target for cybercriminals and attackers, albeit at a much faster pace. In 2012, we detected 350,000 malicious and high-risk Android app samples, showing a significant increase from the 1,000 samples seen in 2011. It took less than three years for malicious and high-risk Android apps to reach this number—a feat that took Windows malware 14 years.2 Just as Windows malware varied, so did Android malware—around 605 new malicious families were detected in 2012. Premium service abusers, which charge users for sending text messages to a premium- rate number, comprised the top mobile threat type, with transactions typically costing users US$9.99 a month.3 And victims of mobile threats didn’t just lose money, they also lost their privacy. The issue of data leakage continued to grow as more ad networks accessed and gathered personal information via aggressive adware. Aggressive adware in mobile devices are now similar to the notorious spyware, adware, and click-fraud malware rampant in the early days of the PC malware era. They, like PC malware, generate profit by selling user data. PC malware took advantage of loopholes in legitimate ads and affiliate networks, while today’s aggressive adware can cause data leakages that aren’t always limited to malicious apps. Even popular and legitimate apps can disclose data.4 We’ve seen the same kinds of threats in the early web threat days of PC malware appear in the Android malware landscape—all in roughly three years. 1
  • 4. The Mobile Threat Landscape Android Threat Growth The increase in the number of detections in the latter part of 2012 was due to the rise of high-risk apps. 2012 saw an exponential increase in the number of The growth of Android malware also indicates detected Android malware, with 350,000 malicious the speed by which cybercriminals are targeting samples by yearend. The number of detections spiked multiple platforms. We released our “Annual Security in the third quarter from 41,000 to 156,000 samples. Roundup: Evolved Threats in a ‘Post-PC’ World,” The significant increase was due to the swell in which goes into more detail about the new post-PC aggressive adware.5 threat environment. 2
  • 5. Distribution of Threat Types Premium service abusers topped this year’s list of most common malicious and high-risk Android app detections. They behave like the dialers of the desktop environment. Dialers call premium numbers and leave users with charges for calls to long-distance numbers or pay-per-call sites. Cybercriminals may have favored premium service abusers because they are simpler to create and less risky to use compared with Top 10 Malware committing credit card fraud or distributing fake Families antivirus. Premium service abusers also topped the list of most commonly seen Android malware in 2012. Often disguised as popular apps, they are designed to trick users into installing them. We spotted a rogue version of the game “Bad Piggies,” which was actually a FAKEINST variant.6 SMSBOXER variants spoof several best-selling Android apps, including “Angry Birds Space” and Instagram.7 GAPPUSIN variants, meanwhile, download other malicious apps and steal information from infected devices.8 3
  • 6. Data Types Commonly Stolen The information stolen by data stealers—one of the top threats this year—may be used by cybercriminals for malicious schemes. They can, for instance, take advantage of a user’s contact list for SMS phishing or sell stolen information in the underground market. Some frequently stolen data include: • Application Programming Interface (API) key—a value that • Location authenticates service users • Network operator • Application ID • Phone ID and model • Contact list • Phone number • International Mobile Station Equipment Identity (IMEI)—a number • Text messages used to identify mobile devices • International Mobile Subscriber Identity (IMSI)—a number used to identify subscribers in a network Top 10 Countries with the Most Malicious Apps Downloaded Nigeria was the country with the most malicious apps downloaded, followed by Peru and India. Other countries in the top 30 include New Zealand (17), Germany (24), and the U.S. (26). The ranking was based on the percentage of apps rated as malicious over the total number of apps scanned per country. The ranking was limited to countries with at least 10,000 scans. The rating was based on the yearly analysis of real-time threat detection via Trend Micro™ Mobile Security Personal Edition. 4
  • 7. Notable Development in Mobile Malware Mobile malware attacks showed increasing levels of New attack methods were seen this year. In contrast sophistication. From traditional social engineering to the typical routine of premium service abusers, a lures, cybercriminals developed new methods fake version of the GoWeather app logs in to a third- of victimizing users throughout the year. The party app store to download paid apps and media introduction of new methods can lead to more without the user’s knowledge.11 A Trojanized security complex attacks in the future. app was used together with the desktop threat, ZeuS, to steal Mobile Transaction Authentication Numbers Cybercriminals still favored social engineering. Rogue (mTANs) from the text messages of online banking or Trojanized versions of popular apps like “Angry users. A photo app leveraged system exploits to allow Birds Space” and Instagram were used to disguise remote attackers to gain administrator privileges on premium service abusers.9 Cybercriminals were quick a device. to capitalize on new apps, too. As previously stated, fake versions of “Bad Piggies” appeared merely a Threat actors are now expanding their targeted month after the release of the legitimate version.10 attacks to include mobile platforms. While monitoring Cybercriminals sometimes met the demand for apps a command-and-control (C&C) server connected before legitimate vendors did. Fake Pinterest apps to the Luckycat campaign, we discovered specific appeared in the market months before the official Android malware variants in the early stages of version came out. These fake apps were often hosted development.12 on Russian domains, with a domain for each fake app. 5
  • 8. Mobile Vulnerabilities Software vulnerabilities have long been exploited by cybercriminals and attackers for their malicious schemes. For instance, zero-day vulnerabilities were exploited in attacks using the Blackhole Exploit Kit13 and remote access Trojans (RATs).14 But such vulnerabilities were no longer just limited to the desktop environment. Android vulnerabilities were also discovered in 2012, making affected devices possible new infection vectors. Patching mobile vulnerabilities may be difficult as some carriers or phone manufacturers are slow to release updates.15 Older OS versions may not even receive updates—an issue similar to some Windows™ legacy systems.16 Dialpad App Vulnerability Android Debug Bridge (ADB) Vulnerability This vulnerability was found in the dialer app of The ADB was created to allow developers to certain smartphones. A vulnerable dialer app can communicate with connected Android devices for directly execute Unstructured Supplementary Service debugging purposes. However, its implementation Data (USSD) codes, including malicious ones, without contained a vulnerability that can allow a malicious app prompting the user.17 Cybercriminals can use this to to gain full control of a targeted app. Malicious apps remotely wipe data from a device. can take advantage of this vulnerability to steal data and control the run-time behavior of its targeted app. SMS Phishing Vulnerability Samsung Exynos Vulnerability This vulnerability can allow a running app to send fake text messages to the user.18 Attackers or This vulnerability was found in a driver of certain cybercriminals can exploit this vulnerability to bypass Samsung devices. It allows any installed app to user permissions. They can simply use fake text access the phone’s memory.19 Attackers can use this messages to solicit sensitive user information. vulnerability to gain complete control of a device. 6
  • 9. Aggressive Mobile Adware and Other High-Risk Tools App developers integrate advertising libraries to their apps to generate revenue. According to our research, over 90% of the free apps we found contained ad libraries—modules used by ad networks to push ads. Though ad libraries are not inherently malicious, we found apps with ad libraries that try to gather data without explicitly notifying users. They also aggressively display ads, even via notifications. The aggressive display of ads is reminiscent Top 10 Adware of Windows adware, which have been plaguing Families desktops and laptops and annoying users with pop-up messages. The prevalence of aggressive adware brought three major issues to light: Fraudulent text messages: Ad networks sometimes send out ads in the form of fake text messages. This method tricks users to click ads.20 User annoyance: Some apps send out constant notifications or announcements. Not only does this annoy users, it also contributes to battery drainage.21 Data leakage: Ad libraries can collect sensitive data like GPS location, call logs, phone numbers, and device information.22 One study found that some ad libraries even made personal information directly accessible to advertisers.23 Ad libraries expanded the Aside from aggressive adware, other high-risk number of parties privy to private information, which tools also became prominent this year. While not can lead to misuse. inherently malicious, these apps can be exploited by However, efforts have been made to remedy these malicious individuals for their own gain. High-risk issues. Some of the top mobile ad networks enforced tools may be viewed as the mobile equivalent of compliance measures in line with Google’s revised PC grayware. They can track user data like device developer policy. Their new software developer kits location, phone calls, and messages. One particular (SDKs) had opt-in mechanisms, giving users the app, Spy Phone PRO+, gained notoriety because ability to either allow or forbid ad networks to collect despite clearly stating its purpose, it was downloaded data and display ads outside apps. more than 100,000 times from Google Play.24 7
  • 10. Other Mobility Issues Just as desktop and laptop users have concerns App Use and Privacy beyond malware, so do mobile users. Privacy is a App use has become the cornerstone for smartphone concern for both platform users, given the amount ownership. A Nielsen study showed that the number of data sent online. Desktop and laptop users often of apps U.S. smartphone users install increased worry about the speed and performance of their from 32 in 2011 to 41 in 2012.25 Research from Flurry computers. Mobile users, meanwhile, are concerned revealed that the average amount of time spent on with device battery consumption. apps grew 35% in 2012.26 But while apps continue Early desktop users were rarely concerned with OS to rise in popularity, users may not be aware that version updates as these often came several years in- they can put personal data at risk.27 Apps like “Angry between. Mobile users now face the task of regularly Birds” and “Angry Birds Space” can access data like a updating their devices as platform refreshes come in phone’s IMEI number and a user’s location. at a much faster rate. The issue of data access is made more difficult because each user has a different definition of privacy. What may seem invasive to one user may be viewed as routine by another. It is up to users to decide the how much information they are willing to disclose to their apps. Top 10 Countries at Risk of Privacy Exposure India topped the list, followed by Turkey and the Philippines. Other countries in the top 30 include Germany (15), Australia (16), and the U.K. (19). The ranking was based on the percentage of apps rated as high-risk over the total number of apps scanned per country. The ranking was limited to countries with at least 10,000 scans. The rating was based on the yearly analysis of real-time threat detection via Trend Micro™ Mobile Security Personal Edition. 8
  • 11. Managing Battery Life Privacy wasn’t the only concern of users. A Trend A study by Purdue University and Microsoft stated Micro study found that battery drainage was the that more energy is consumed by third-party ads biggest smartphone concern of more than 60% of in free apps than the apps themselves.29 Recent the respondents.28 While users can tweak their device findings from Trend Micro™ Longevity for Android™ settings to lower power consumption, they fail to app showed that 18% of the apps users downloaded realize that app use also causes battery drainage. rated ”poor” in battery utilization. Top 10 Countries with the Most Battery-Draining Apps The country with the most battery-draining apps is Thailand. Other countries in the list include Japan, Singapore, and the U.S. The rating was based on yearly analysis of data collated via Trend Micro Longevity for Android. The ranking was limited to countries with at least 10,000 scans. 9
  • 12. Security by Mobile Platform Performance and ease of use are not the only Jelly Bean 4.2, the latest version of the Android things now considered when buying a smartphone. OS, offers users control over app access rights and Security has also become a major factor to consider, access to files on a shared device. Jelly Bean had especially in the presence of mobile threats. In 2012, an improved setup that divided permissions into mobile OS vendors released platform refreshes with two categories—privacy and device access. It also upgraded or new security and privacy features. came with real-time malicious app scanning that complemented Bouncer, a service that scans Google Apple has long taken an aggressive stance when it Play for potentially malicious apps.30 comes to securing its iOS platform. Its most recent version, iOS 6, gives users more control over their Windows 8 boasts of multiple layers of security, privacy. The new privacy settings let users decide including three key security features—extended which apps can access data like user location, Information Rights Management (IRM) and automatic contacts, photos, Bluetooth-shared files, Tweets, and device encryption, real-time phishing filtering, and Facebook posts. iOS 6 used Identifier for Advertisers Kids Corner. Extended IRM and device encryption (IFA) tracking technology, which allows users to control the amount of access allowed to specific switch off mobile tracking and be marked as unwilling emails and documents hosted on a Windows participants in advertisers’ data-gathering process. server. Real-time phishing filtering uses Microsoft’s IFA only kept track of online habits, a marked SmartScreen URL reputation system to notify users difference from the previously used Unique Device every time they land on phishing sites. Kids Corner Identifiers (UDIDs), which paired devices to users’ allows children access to only the apps and media personal information. content a parent selects. 10
  • 13. The Future of Android Malware As the popularity of Android continues to grow, so More devices (and more threats) in the workplace: will the number of threats its users face. The volume Bring your own device (BYOD) is fast becoming a of malicious and high-risk Android apps will reach norm for many organizations.32 But rather than 1 million in 2013.31 Aside from increasing in number, having uniform devices, users will opt to bring here are additional predictions about Android multiple devices that run on different platforms.33 malware: Cybercriminals and attackers will take advantage of the multiple devices and platforms at work to spread New delivery methods: Social networking apps malware. now allow users to sync various social networking accounts. Malicious individuals will take advantage More sophisticated malware: Android malware will this feature to simultaneously post mobile malware continue to evolve to avoid detection by security links to different social networks. apps and bypass platform security measures. This evolution will come in the form of rootkits. Security QR codes will also be exploited by malicious researchers have published a proof-of-concept (POC) individuals to spread Android malware. rootkit, which shows how rootkits can be used by Combined mobile-desktop threats: Android malware authors to gain full control of a mobile malware will also become part of attack chains device without being detected.34 involving desktop threats, particularly for attacks New targets: More malware attacks will focus on new targeting online banking transactions. payment methods like near-field communications (NFC) to steal financial information. 11
  • 14. Protecting Your Mobile Devices With the constant changes in the mobile threat landscape, smartphone owners should secure their devices. Here are some steps to protect devices against mobile threats: • Use your device’s built-in security features. • Regularly check for software updates. Opt for phones that have security features and Software updates are usually released to address use them. Built-in security features like password, issues like vulnerabilities or improve software pattern, or PIN lock options prevent outsiders performance. from accessing your data should your phone get • Invest in a security app. Security apps can misplaced or stolen. inform you if an app has malicious or suspicious • Do research on apps before downloading them behaviors. Some apps even protect data with even from trusted sources. Cybercriminals features like remote wipe or privacy scanner. often disguise malware by spoofing popular • Set BYOD policies at work. Organizations should apps. Familiarize yourself with details of popular decide which employees will only be allowed to apps (e.g., the name of the developer) to ensure bring devices and what types of devices they will that you download the legitimate version. It is support. Set up procedures to take if a device is advisable to download from reputable app stores stolen, lost, or damaged. like Google Play than third-party ones. • Read permissions before installing apps. Malicious apps usually seek access to various kinds of data stored in a mobile device. Read permissions to check what type of actions an app will perform once installed. Be wary of apps that require more permissions than necessary (e.g., a calendar app that seeks access to your call logs). 12
  • 15. References 1 http://www.businesswire.com/news/home/20121101006891/en/Android-Marks-Fourth-Anniversary-Launch- 75.0-Market 2 http://www.av-test.org 3 http://news.cnet.com/8301-27080_3-20048132-245.html 4 http://blog.trendmicro.com/trendlabs-security-intelligence/do-you-know-what-data-your-mobile-app- discloses/ 5 http://about-threats.trendmicro.com/us/mobilehub/mobilereview/rpt_mothly_mobile_review_201209_the_ growing_problem_of_mobile_adware.pdf 6 http://blog.trendmicro.com/trendlabs-security-intelligence/malicious-developers-released-rogue-bad-piggies- versions/ 7 http://blog.trendmicro.com/trendlabs-security-intelligence/rogue-instagram-and-angry-birds-space-for- android-spotted/ 8 http://blog.trendmicro.com/trendlabs-security-intelligence/1730-malicious-apps-still-available-on-popular- android-app-providers/ 9 http://blog.trendmicro.com/trendlabs-security-intelligence/rogue-instagram-and-angry-birds-space-for- android-spotted/ 10 http://blog.trendmicro.com/trendlabs-security-intelligence/malicious-developers-released-rogue-bad-piggies- versions/ 11 http://blog.trendmicro.com/trendlabs-security-intelligence/android-malware-family-downloads-paid-media- and-apps/ 12 http://www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-papers/wp_adding-android-and- mac-osx-malware-to-the-apt-toolbox.pdf 13 http://blog.trendmicro.com/trendlabs-security-intelligence/java-zero-days-and-the-blackhole-exploit-kit/ 14 http://blog.trendmicro.com/trendlabs-security-intelligence/new-ie-zero-day-exploit-leads-to-poisonivy/ 15 http://blog.trendmicro.com/trendlabs-security-intelligence/dirty-ussds-and-the-android-update-problem/ 16 http://windows.microsoft.com/en-US/windows/end-support-help 17 http://www.theregister.co.uk/2012/09/25/samsung_flaw/ 18 http://www.theregister.co.uk/2012/11/08/android_vulnerability_in_adware/ 19 http://blog.trendmicro.com/trendlabs-security-intelligence/exynos-based-android-devices-suffer-from- vulnerability/ 20 http://blog.trendmicro.com/trendlabs-security-intelligence/164-unique-android-adware-still-online/ 21 http://about-threats.trendmicro.com/us/mobilehub/mobilereview/rpt_mothly_mobile_review_201209_the_ growing_problem_of_mobile_adware.pdf 22 http://about-threats.trendmicro.com/us/mobilehub/mobilereview/rpt-monthly-mobile-review-the-hidden-risk- behind-mobile-ad-networks-201212.pdf 23 http://www4.ncsu.edu/~mcgrace/WISEC12_ADRISK.pdf 24 http://blog.trendmicro.com/trendlabs-security-intelligence/17-bad-mobile-apps-still-up-700000-downloads-so- far/ 25 http://blog.nielsen.com/nielsenwire/?p=31891 26 http://blog.flurry.com/bid/92105/Mobile-Apps-We-Interrupt-This-Broadcast 27 http://blog.trendmicro.com/trendlabs-security-intelligence/do-you-know-what-data-your-mobile-app- discloses/ 28 http://fearlessweb.trendmicro.com/2012/misc/report-3rd-party-advertising-in-free-apps-drains-smartphone- battery-power/ 29 http://research.microsoft.com/en-us/people/mzh/eurosys-2012.pdf 30 http://googlemobile.blogspot.com/2012/02/android-and-security.html 31 http://www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/spotlight-articles/sp-trend-micro- predictions-for-2013-and-beyond.pdf 32 http://www.trendmicro.com/cloud-content/us/pdfs/business/white-papers/wp_forrester_measure-value-of- consumerization.pdf 33 http://www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/spotlight-articles/sp-trend-micro- predictions-for-2013-and-beyond.pdf 34 http://www.reuters.com/article/2010/07/30/us-hackers-android-idUSTRE66T52O20100730
  • 16. TREND MICRO INCORPORATED TRENDLABSSM Trend Micro Incorporated (TYO: 4704; TSE: 4704), a global cloud TrendLabs is a multinational research, development, and support security leader, creates a world safe for exchanging digital information center with an extensive regional presence committed to 24x7 threat with its Internet content security and threat management solutions surveillance, attack prevention, and timely and seamless solutions for businesses and consumers. A pioneer in server security with delivery. With more than 1,000 threat experts and support engineers over 20 years’ experience, we deliver top-ranked client, server and deployed round-the-clock in labs located around the globe, TrendLabs cloud-based security that fits our customers’ and partners’ needs, enables Trend Micro to continuously monitor the threat landscape stops new threats faster, and protects data in physical, virtualized and across the globe; deliver real-time data to detect, to preempt, and to cloud environments. Powered by the industry-leading Trend Micro™ eliminate threats; research on and analyze technologies to combat Smart Protection Network™ cloud computing security infrastructure, new threats; respond in real time to targeted threats; and help our products and services stop threats where they emerge—from the customers worldwide minimize damage, reduce costs, and ensure Internet. They are supported by 1,000+ threat intelligence experts business continuity. around the globe. ©2013 by Trend Micro Incorporated. All rights reserved. Trend Micro and the Trend Micro t-ball logo are trademarks or registered trademarks of Trend Micro Incorporated. All other product or company names may be trademarks or registered trademarks of their owners.