Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Mobile & Wireless

Essentially All Mobile Malware Still Targets Android: F-Secure

Nearly All New Mobile Threats in Q1 2014 Targeted Android Users; Cybercriminals Continue to Innovate With Mobile Threats

Nearly All New Mobile Threats in Q1 2014 Targeted Android Users; Cybercriminals Continue to Innovate With Mobile Threats

The fact that Android has been the preferred platform for attackers looking to target mobile devices is nothing new, and a report released this week by F-Secure reiterates how Android is almost the only mobile OS targeted by attackers at scale.

According to F-Secure’s Q1 2014 Mobile Threat Report, more than 99 percent of new mobile threats discovered by the security firm in the first quarter of 2014 targeted Android users.

During Q1 2014, F-Secure discovered 277 new threat families and variants, 275 of which Targeted Android. Of the two threats that didn’t target Googe’s popular mobile OS, one targeted iPhone, and one targeted Symbian.

By comparison, F-Secure discovered 149 new threat families and variants, of which 91 percent targeted Android, during Q1 2013.

“Mobile malware development in Q1 2014 continues to focus exclusively on the Android platform, continuing the inexorable trend we’ve seen in the last couple years,” the report noted.

“The vast majority of the malicious Android samples we analyzed were Trojans of one kind or another,” the report continued. “Even though most of these don’t technically fall in the families explicitly focused on SMS-sending (e.g., SMSSender), almost 83% of the Trojans performed surreptitious SMS-sending anyway, making it by far the most common objectionable activity.”

F-Sure also highlighted a number of “firsts” for Android malware that were discovered throughout the quarter, including: 

Advertisement. Scroll to continue reading.

• The first cryptocurrency miner, which hijacks the device to mine for virtual currencies such as Litecoin.

• The first bootkit, which affects the earliest stages of the device’s bootup routine and is extremely difficult to detect and remove.

• The first Tor Trojan and the first Windows banking Trojan hopping over to Android.

According to the report, the most common malicious activities that mobile Trojans engage in are:

• Sending SMS messages to premium-rate numbers

• Downloading or installing unsolicited files or apps onto the device

• Silently tracking device location or audio or video to monitor the user

• Pretending to be a mobile AV solution but actually having no useful functionality

• Silently connecting to websites in order to inflate the site’s visit counters

• Silently monitoring and diverting banking-related SMS messages for fraud

• Stealing personal data like files, contacts, photos and other private details

• Charging a ‘fee’ for use, update or installation of a legitimate and usually free app

“These developments give us signs to the direction of malware authors,” said Mikko Hyppönen, Chief Research Officer at F-Secure. “We’ll very likely see more of these in the coming months. For example, mobile phones are getting more powerful, making it possible for cybercriminals to profit by using them to mine for cryptocurrencies.”

According to the report, the UK experienced the highest level of mobile malware measured by F-Secure in Q1, with 15-20 malware files blocked per 10,000 users there. The United States, India and Germany all had five to 10 malware blocked for every 10,000 users. And in Saudi Arabia and the Netherlands, two to five malware were blocked per 10,000 users.

Written By

For more than 15 years, Mike Lennon has been closely monitoring the threat landscape and analyzing trends in the National Security and enterprise cybersecurity space. In his role at SecurityWeek, he oversees the editorial direction of the publication and is the Director of several leading security industry conferences around the world.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Mobile & Wireless

Infonetics Research has shared excerpts from its Mobile Device Security Client Software market size and forecasts report, which tracks enterprise and consumer security client...

Mobile & Wireless

Samsung smartphone users warned about CVE-2023-21492, an ASLR bypass vulnerability exploited in the wild, likely by a spyware vendor.

Malware & Threats

Apple’s cat-and-mouse struggles with zero-day exploits on its flagship iOS platform is showing no signs of slowing down.

Fraud & Identity Theft

A team of researchers has demonstrated a new attack method that affects iPhone owners who use Apple Pay and Visa payment cards. The vulnerabilities...

Mobile & Wireless

Critical security flaws expose Samsung’s Exynos modems to “Internet-to-baseband remote code execution” attacks with no user interaction. Project Zero says an attacker only needs...

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

Mobile & Wireless

Two vulnerabilities in Samsung’s Galaxy Store that could be exploited to install applications or execute JavaScript code by launching a web page.

Mobile & Wireless

Asus patched nine WiFi router security defects, including a highly critical 2018 vulnerability that exposes users to code execution attacks.