Categories: Security

Mobile cyber threats, from risky apps to black market activity

Mobile is probably technology that is having the greatest growth, an increasing number of users execute any kind of application on their devices in mobility. The categories of applications are various, they are used at work and during leisure time and offer any kind of feature of various complexity.

These applications, the technologies they use and their configurations have a great impact on the surface of exposure to various cyber threats, McAfee has proposed on the topic exposing principal risks using its extensive global threat intelligence network (GTI) to analyze mobile security data from the last three quarters.

The security firm studiedsophisticated and complex risky apps containing multi-faceted scams, black market crimes, drive-by downloads and near-field communication threats” identifying new methods used by attackers to steal sensitive and personal information and realize complex cyber frauds.

Mobile are considered privileged targets for cyber criminals due the lack of awareness of users on principal cyber threats, according to IDC, mobile devices are surpassing PCs as preferred devices used to access the Internet and the number of mobile users will increase by 91 million over the next four years.

“Cybercriminals are exhibiting greater levels of determination and sophistication leading to more destructive, multi-faceted hacks that are harder to spot, and thus warrant a greater degree of security and vigilance. Our goal in releasing this report is to help consumers understand the risks they face and learn ways they can stay safe and compute with confidence on all of their devices.” said Luis Blando, vice president of mobile product development at McAfee.

The principal problems related mobile are the almost total absence of defense systems and risky behavior of users such as jailbreak practices and downloading apps from third party store.

Recent Threat Report H2 2012 published by F-Secure revealed that mobile threat landscape continues to be focused mainly on two platforms, Android, which accounted for 79% of all new malware variants identified in 2012 and Symbian, with 19% of the remaining new variants.  In Q2 2012, China officially surpassed the United States as the world’s largest market for smartphone consumers. Android handsets accounted for 81% of that market and it’s therefore probably not surprising that many of the new malware families detected last year were targeted specifically to Android users in mainland China.

In this context of uncontrolled growth is very difficult to mitigate the cyber threats that targeting users with an increasing level of sophistication.

Following the key findings proposed by the study:

  • Unlike the email- and website-based infections typical of PCs, mobile malware is distributed primarily through infected apps today.
  • 3 percent of malware-infected apps in our overall mobile app zoo came from the Google Play store
  • Within the fairly conservative McAfee user community, 75 percent of malware-infected apps were downloaded from Google Play.
  • Crooked app stores use black hat search engine optimization (SEO).
  • Based on the experience of McAfee users, typical consumers have at least a 1 in 6 chance of downloading apps that include malware or suspicious URLs.
  • Almost 1/4 of the risky apps that contain malware also contain suspicious URLs.
  • 40 percent of malware families misbehave in more than one way, showing the sophistication and determination of the criminals.23 percent of mobile spyware joins a botnet or opens a backdoor, increasing the risk of data loss or device abuse.

Risky Apps Defined: Malware and Suspicious URLs

Risky apps are the primary channel used by cyber criminal to spread malware, hacker tools and links to compromised websites. Risky apps usually have the capability to compromise the victims installing bot agents, to steal sensitive information and implement fraud schema. Phishing on mobile is increasing at a fast pace, many risky apps may contain infected URLs lead to sites with drive-by downloads and around 25% of the risky apps that contain malware also contain suspicious URLs.

“Most malware on a web page still needs to be “accepted” by the user, giving consumers the chance to back out. However, we saw our first mobile drive-by downloads in 2012 and expect more in 2013.”

McAfee Lab researchers found that 75% of the malware-infected apps downloaded, the infected apps were housed in the Google Play store but what is more concerning  is that the average user has a one in six chance of downloading a risky app. Nearly 25 percent of the risky apps that contain malware also contain suspicious URLs, and 40 percent of malware families misbehave in more than one way.

Black market activity.

Exactly as for any PC in the underground market it is possible to acquire various exploit kits that allow to criminals to recruit machines for botnet architectures or to organize prolific scam, typically premium SMS and click fraud. The casuistry is wide from spam distribution to the sale of malicious code for data theft or for stealing of banking credentials, many agents present a multi-feature profile that allow the implementation of these features in a single flexible malware.

Near Field Communication

In 2013, and in the incoming year mobile platforms will be used for micro payments, due this reason experts from McAfee expect to see criminals abuse the tap-and-pay near field communications (NFC) technology used in payment processes.

The Report states:

“This scam could involve worms that propagate through proximity, what we call “bump and infect.”  This distribution path could quickly spread malware through a trainload of passengers or a theme park. When the newly infected device is used to “tap and pay” for the next purchase, the scammer collects the details of the wallet account and secretly reuses these credentials to steal from the wallet.”

The data collected demonstrate the risk of exposure to cyber threats of mobile device user, cyber criminals are increasing their activities targeting mobile platforms, the future will see a further increase of menaces and what is more concerning is related level of sophistication that will be the same for ordinary PCs.

Pierluigi Paganini

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.

Recent Posts

Cisco addressed high-severity flaws in IOS and IOS XE software

Cisco addressed multiple vulnerabilities in IOS and IOS XE software that can be exploited to…

3 hours ago

Google: China dominates government exploitation of zero-day vulnerabilities in 2023

Google's Threat Analysis Group (TAG) and Mandiant reported a surge in the number of actively…

10 hours ago

Google addressed 2 Chrome zero-days demonstrated at Pwn2Own 2024

Google addressed two zero-day vulnerabilities in the Chrome web browser that have been demonstrated during…

21 hours ago

INC Ransom stole 3TB of data from the National Health Service (NHS) of Scotland

The INC Ransom extortion group hacked the National Health Service (NHS) of Scotland and is threatening…

1 day ago

CISA adds Microsoft SharePoint bug disclosed at Pwn2Own to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a Microsoft SharePoint vulnerability disclosed at the…

1 day ago

The DDR Advantage: Real-Time Data Defense

This is the advantage of Data Detection and Response (DDR) for organizations aiming to build…

1 day ago

This website uses cookies.