Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Mobile & Wireless

Essentially All Mobile Malware Still Targets Android: F-Secure

Nearly All New Mobile Threats in Q1 2014 Targeted Android Users; Cybercriminals Continue to Innovate With Mobile Threats

Nearly All New Mobile Threats in Q1 2014 Targeted Android Users; Cybercriminals Continue to Innovate With Mobile Threats

The fact that Android has been the preferred platform for attackers looking to target mobile devices is nothing new, and a report released this week by F-Secure reiterates how Android is almost the only mobile OS targeted by attackers at scale.

According to F-Secure’s Q1 2014 Mobile Threat Report, more than 99 percent of new mobile threats discovered by the security firm in the first quarter of 2014 targeted Android users.

During Q1 2014, F-Secure discovered 277 new threat families and variants, 275 of which Targeted Android. Of the two threats that didn’t target Googe’s popular mobile OS, one targeted iPhone, and one targeted Symbian.

By comparison, F-Secure discovered 149 new threat families and variants, of which 91 percent targeted Android, during Q1 2013.

“Mobile malware development in Q1 2014 continues to focus exclusively on the Android platform, continuing the inexorable trend we’ve seen in the last couple years,” the report noted.

“The vast majority of the malicious Android samples we analyzed were Trojans of one kind or another,” the report continued. “Even though most of these don’t technically fall in the families explicitly focused on SMS-sending (e.g., SMSSender), almost 83% of the Trojans performed surreptitious SMS-sending anyway, making it by far the most common objectionable activity.”

F-Sure also highlighted a number of “firsts” for Android malware that were discovered throughout the quarter, including: 

• The first cryptocurrency miner, which hijacks the device to mine for virtual currencies such as Litecoin.

• The first bootkit, which affects the earliest stages of the device’s bootup routine and is extremely difficult to detect and remove.

• The first Tor Trojan and the first Windows banking Trojan hopping over to Android.

According to the report, the most common malicious activities that mobile Trojans engage in are:

• Sending SMS messages to premium-rate numbers

• Downloading or installing unsolicited files or apps onto the device

• Silently tracking device location or audio or video to monitor the user

• Pretending to be a mobile AV solution but actually having no useful functionality

• Silently connecting to websites in order to inflate the site’s visit counters

• Silently monitoring and diverting banking-related SMS messages for fraud

• Stealing personal data like files, contacts, photos and other private details

• Charging a ‘fee’ for use, update or installation of a legitimate and usually free app

“These developments give us signs to the direction of malware authors,” said Mikko Hyppönen, Chief Research Officer at F-Secure. “We’ll very likely see more of these in the coming months. For example, mobile phones are getting more powerful, making it possible for cybercriminals to profit by using them to mine for cryptocurrencies.”

According to the report, the UK experienced the highest level of mobile malware measured by F-Secure in Q1, with 15-20 malware files blocked per 10,000 users there. The United States, India and Germany all had five to 10 malware blocked for every 10,000 users. And in Saudi Arabia and the Netherlands, two to five malware were blocked per 10,000 users.

Written By

For more than 10 years, Mike Lennon has been closely monitoring the threat landscape and analyzing trends in the National Security and enterprise cybersecurity space. In his role at SecurityWeek, he oversees the editorial direction of the publication and is the Director of several leading security industry conferences around the world.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.

Register

Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.

Register

Expert Insights

Related Content

Mobile & Wireless

Infonetics Research has shared excerpts from its Mobile Device Security Client Software market size and forecasts report, which tracks enterprise and consumer security client...

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

Mobile & Wireless

Technical details published for an Arm Mali GPU flaw leading to arbitrary kernel code execution and root on Pixel 6.

Mobile & Wireless

Apple’s iOS 12.5.7 update patches CVE-2022-42856, an actively exploited vulnerability, in old iPhones and iPads.

Mobile & Wireless

The February 2023 security updates for Android patch 40 vulnerabilities, including multiple high-severity escalation of privilege bugs.

Mobile & Wireless

Two vulnerabilities in Samsung’s Galaxy Store that could be exploited to install applications or execute JavaScript code by launching a web page.

Mobile & Wireless

South Dakota Gov. Kristi Noem says her personal cell phone was hacked and linked it to the release of documents by the January 6...

Cybercrime

Pig Butchering, also known as Sha Zhu Pan and CryptoRom, is an ugly name for an ugly scam.