Mobile cyber threats, from risky apps to black market activity

Pierluigi Paganini February 26, 2013

Mobile is probably technology that is having the greatest growth, an increasing number of users execute any kind of application on their devices in mobility. The categories of applications are various, they are used at work and during leisure time and offer any kind of feature of various complexity.

These applications, the technologies they use and their configurations have a great impact on the surface of exposure to various cyber threats, McAfee has proposed on the topic exposing principal risks using its extensive global threat intelligence network (GTI) to analyze mobile security data from the last three quarters.

The security firm studiedsophisticated and complex risky apps containing multi-faceted scams, black market crimes, drive-by downloads and near-field communication threats” identifying new methods used by attackers to steal sensitive and personal information and realize complex cyber frauds.


Mobile are considered privileged targets for cyber criminals due the lack of awareness of users on principal cyber threats, according to IDC, mobile devices are surpassing PCs as preferred devices used to access the Internet and the number of mobile users will increase by 91 million over the next four years.

“Cybercriminals are exhibiting greater levels of determination and sophistication leading to more destructive, multi-faceted hacks that are harder to spot, and thus warrant a greater degree of security and vigilance. Our goal in releasing this report is to help consumers understand the risks they face and learn ways they can stay safe and compute with confidence on all of their devices.” said Luis Blando, vice president of mobile product development at McAfee.

The principal problems related mobile are the almost total absence of defense systems and risky behavior of users such as jailbreak practices and downloading apps from third party store.

Recent Threat Report H2 2012 published by F-Secure revealed that mobile threat landscape continues to be focused mainly on two platforms, Android, which accounted for 79% of all new malware variants identified in 2012 and Symbian, with 19% of the remaining new variants.  In Q2 2012, China officially surpassed the United States as the world’s largest market for smartphone consumers. Android handsets accounted for 81% of that market and it’s therefore probably not surprising that many of the new malware families detected last year were targeted specifically to Android users in mainland China.

In this context of uncontrolled growth is very difficult to mitigate the cyber threats that targeting users with an increasing level of sophistication.

Following the key findings proposed by the study:

  • Unlike the email- and website-based infections typical of PCs, mobile malware is distributed primarily through infected apps today.
  • 3 percent of malware-infected apps in our overall mobile app zoo came from the Google Play store
  • Within the fairly conservative McAfee user community, 75 percent of malware-infected apps were downloaded from Google Play.
  • Crooked app stores use black hat search engine optimization (SEO).
  • Based on the experience of McAfee users, typical consumers have at least a 1 in 6 chance of downloading apps that include malware or suspicious URLs.
  • Almost 1/4 of the risky apps that contain malware also contain suspicious URLs.
  • 40 percent of malware families misbehave in more than one way, showing the sophistication and determination of the criminals.23 percent of mobile spyware joins a botnet or opens a backdoor, increasing the risk of data loss or device abuse.


Risky Apps Defined: Malware and Suspicious URLs

Risky apps are the primary channel used by cyber criminal to spread malware, hacker tools and links to compromised websites. Risky apps usually have the capability to compromise the victims installing bot agents, to steal sensitive information and implement fraud schema. Phishing on mobile is increasing at a fast pace, many risky apps may contain infected URLs lead to sites with drive-by downloads and around 25% of the risky apps that contain malware also contain suspicious URLs.

“Most malware on a web page still needs to be “accepted” by the user, giving consumers the chance to back out. However, we saw our first mobile drive-by downloads in 2012 and expect more in 2013.”

McAfee Lab researchers found that 75% of the malware-infected apps downloaded, the infected apps were housed in the Google Play store but what is more concerning  is that the average user has a one in six chance of downloading a risky app. Nearly 25 percent of the risky apps that contain malware also contain suspicious URLs, and 40 percent of malware families misbehave in more than one way.

Black market activity.

Exactly as for any PC in the underground market it is possible to acquire various exploit kits that allow to criminals to recruit machines for botnet architectures or to organize prolific scam, typically premium SMS and click fraud. The casuistry is wide from spam distribution to the sale of malicious code for data theft or for stealing of banking credentials, many agents present a multi-feature profile that allow the implementation of these features in a single flexible malware.

Near Field Communication

In 2013, and in the incoming year mobile platforms will be used for micro payments, due this reason experts from McAfee expect to see criminals abuse the tap-and-pay near field communications (NFC) technology used in payment processes.

The Report states:

“This scam could involve worms that propagate through proximity, what we call “bump and infect.”  This distribution path could quickly spread malware through a trainload of passengers or a theme park. When the newly infected device is used to “tap and pay” for the next purchase, the scammer collects the details of the wallet account and secretly reuses these credentials to steal from the wallet.”

The data collected demonstrate the risk of exposure to cyber threats of mobile device user, cyber criminals are increasing their activities targeting mobile platforms, the future will see a further increase of menaces and what is more concerning is related level of sophistication that will be the same for ordinary PCs.

Pierluigi Paganini

you might also like

leave a comment