Pierluigi Paganini May 16, 2013

F-Secure published the Mobile Threat Report for Q1 2013 that reveals Malware targeting Android devices is rapidly growing in both the number of variants detected and in their complexity and sophistication.

F-Secure has published the Mobile Threat Report for Q1 2013, an interesting document that the security firm periodically issues giving information on the evolution of cyber threat in the mobile landscape.

As expected Android malware has monopolized the mobile scenario, the number of Android active mobile threat families and variants has skyrocketed in just a quarter from 49 out of 74 known threats to 96 out of 100, Android malicious code represent almost totality of menaces.

Curious the tweet sent by Apple marketing chief Phil Schiller, a rarity,  that remarked the results of the Mobile Threat Report referring the security Android OS.

The study reveals that Android accounts in Q1 for 136 out of 149 known threats,  about 91% of overall malware activity registering an increment respect 2012 to 79%.

Remaining malware reported in the Mobile Threat  Report is related to Symbian OS meanwhile no news from other OSs.  The research reveals that mobile threats are mainly motivated by profits,  76.5 % of malicious code are design with specific intent to monetize the victim’s infection.

The report confirmed a concerning trend that I described in the last months thanks to the investigation of Group IB, the cybercriminal black market is specializing its offer in malware that targeted Google’s Android platforms, in particular is increasing the number of “highly specialized suppliers” who “provide commoditized malware services”.

Around the Android world is grown a “commodity malware” business of creating exploit packages sold on the black a market, unlike Apple’s iOS that implements stricter security policy for third party developers.

Mobile Threat Report states that the attackers arranged their attacks exploiting social engineering techniques, fraudsters deceive Android users hijacking them to service, with a job offer or requesting the update of well known components such as Adobe Flash. In this way unsuspecting users explicitly allow the malware to infect their machine, in common scenario the malicious code, once obtained permission from the user, dial toll numbers or install SMS spyware designed to elude banking authentication processes.

F-Secure Mobile Threat  Report also revealed a sensible increase of the number of targeted attacks against Android devices. In March, an Android malware was used against a Tibetan activist and compromising his email account it has been spread to other high profile human rights activists, according the report the next phase for Android malware will be its use against governments.

Mobile Threat Report described various malware malware, one of the most intriguing is

SmSilence,”, a malicious code discovered in South Korea that uses “the guise of ‘coupons’ for a popular coffeehouse chain,”. F-Secure research described with the following statements its way of working:

 “If the so-called coupon app is installed, the malware will check if the phone number has a South Korean country code (+82). If the condition is met, SmSilence will harvest information from the device and forward the details to a server located in Hong Kong.”

Another interesting malware described in the report is Stels, detected in 2012 by F-Secure Mobile Security as Trojan: Android/SmsSpy.K, an Android trojan spread via mail through a classic phishing schema. The fake mail impersonates U.S. Internal Revenue Service-themed mail, the malware uses “an Android crimeware kit to steal sensitive information from the device,” and it is also able to make calls to premium numbers.

Another reason of the vulnerability of the Android platform is that the majority of users never update Google OS and installed application opening the door to various threats, differently Apple designed for iOS a series of  controls that specifically limit apps behavior and data that applications can manage.

Mobile Threat Report provided us with an indication of the main threats that are targeting the mobile universe, the data confirm an increase in terms of occurrences of malware and what worries most is the increase level of sophistication of threats.

It is a must to define new security models to mitigate the threats and at the same time educate users in the proper use of these powerful devices.

Pierluigi Paganini

(Security Affairs – Security)