Essentially All Mobile Malware Still Targets Android: F-Secure

Nearly All New Mobile Threats in Q1 2014 Targeted Android Users; Cybercriminals Continue to Innovate With Mobile Threats

The fact that Android has been the preferred platform for attackers looking to target mobile devices is nothing new, and a report released this week by F-Secure reiterates how Android is almost the only mobile OS targeted by attackers at scale.

According to F-Secure’s Q1 2014 Mobile Threat Report, more than 99 percent of new mobile threats discovered by the security firm in the first quarter of 2014 targeted Android users.

During Q1 2014, F-Secure discovered 277 new threat families and variants, 275 of which Targeted Android. Of the two threats that didn’t target Googe’s popular mobile OS, one targeted iPhone, and one targeted Symbian.

By comparison, F-Secure discovered 149 new threat families and variants, of which 91 percent targeted Android, during Q1 2013.

“Mobile malware development in Q1 2014 continues to focus exclusively on the Android platform, continuing the inexorable trend we’ve seen in the last couple years,” the report noted.

“The vast majority of the malicious Android samples we analyzed were Trojans of one kind or another,” the report continued. “Even though most of these don’t technically fall in the families explicitly focused on SMS-sending (e.g., SMSSender), almost 83% of the Trojans performed surreptitious SMS-sending anyway, making it by far the most common objectionable activity.”

F-Sure also highlighted a number of “firsts” for Android malware that were discovered throughout the quarter, including: 

• The first cryptocurrency miner, which hijacks the device to mine for virtual currencies such as Litecoin.

• The first bootkit, which affects the earliest stages of the device’s bootup routine and is extremely difficult to detect and remove.

• The first Tor Trojan and the first Windows banking Trojan hopping over to Android.

According to the report, the most common malicious activities that mobile Trojans engage in are:

• Sending SMS messages to premium-rate numbers

• Downloading or installing unsolicited files or apps onto the device

• Silently tracking device location or audio or video to monitor the user

• Pretending to be a mobile AV solution but actually having no useful functionality

• Silently connecting to websites in order to inflate the site’s visit counters

• Silently monitoring and diverting banking-related SMS messages for fraud

• Stealing personal data like files, contacts, photos and other private details

• Charging a ‘fee’ for use, update or installation of a legitimate and usually free app

“These developments give us signs to the direction of malware authors,” said Mikko Hyppönen, Chief Research Officer at F-Secure. “We’ll very likely see more of these in the coming months. For example, mobile phones are getting more powerful, making it possible for cybercriminals to profit by using them to mine for cryptocurrencies.”

According to the report, the UK experienced the highest level of mobile malware measured by F-Secure in Q1, with 15-20 malware files blocked per 10,000 users there. The United States, India and Germany all had five to 10 malware blocked for every 10,000 users. And in Saudi Arabia and the Netherlands, two to five malware were blocked per 10,000 users.