2013 mobile malware evolution and mobile devices security

Mobile devices security – Lookout proposed an interesting analysis for the mobile threats observed during 2013, specifically for adware and chargeware.

Mobile is probably one of most pervasive technology, during 2013 for the first time we saw the overcoming in the number of mobile devices over those desktops in some countries, the downside is that the mobile platforms suffered an increasing number of attacks. Mobile threat campaigns became increasingly targeted, their level of sophistication has grown like never before.

Last year new attack patterns have been identified for the mobile industry, cybercrime started to specialize its effort. As usual the different law frameworks implemented by governments make difficult the coordination of an efficient action against growing mobile cybercrime. Regulation varies from country to country, persecution of criminal gangs is very difficult, while in Western Europe there is strong regulation against mobile crimes, in East Europe and Asian countries there is a gray area in which benefiting the “cybercrime industry“.

“In places where regulation is tough, they identified different ways to operate, often dropping more traditional monetization strategies like premium rate SMS fraud and leveraging “grey area” tactics that are actually legal.”

The different pressure operated by law enforcement and different regulation caused the adoption of different tactics by cyber criminals, for example, in Western Europe “chargeware”, often built on the back of legal premium SMS services, is the primary offender.

Russia and China are source of sophisticated attacks on mobile devices, France, Britain, the US and Germany came next on the list.

“Unlike countries such as Russia, China and parts of Asia, strong regulation exists in Western Europe to combat premium SMS fraud. This forces the criminals in Western Europe to employ other tactics. For example, in Western Europe “chargeware”, often built on the back of legal premium SMS services, is the primary offender.”  

Chargeware are intentionally very unclear about how they charge users and victims often ignore that huge fees are applied.

“In 2013, hundreds of thousands of Lookout users encountered apps of this nature (an encounter rate of 13% in France and 20% in the UK). SMSCapers, one of the more prolific chargeware campaigns, first hit the market in late 2012 mostly in France and the UK, luring victims in with racy photos and a hard-to-read EULA (end user license agreement).”

Aggressive and often malicious advertising SDK’s were offered to app developers with a financial reward for their inclusion, unfortunately in many cases, adware exploited this deployment agreement for the diffusion of malicious agents designed to steal personal data. During the Q3 2013 Adware began to decrease, but in Q4 principal offenders like LeadBolt, and RevMob updated their advertising SDKs providing a less intrusive experience for users.

Another factor to consider is that the risk of encountering mobile threats is highly dependent on user behavior, mobile users have a low perception of cyber threats so they often ignore the necessity to protect their handset.

Security experts believe bad actors will continue to take advantage of the wrong users’ habits and lack of an efficient law framework globally shared among local law enforcement. It is expected that cybercrime ecosystem will define new monetization methods and will improve an existing one.

We must consider the mobile threats very insidious because mobile devices are a fundamental component of our life, mobile platforms are essential instruments for business and government offices, they extend the operation of employees, but at same time they enlarge the surface of attack.

“As BYOD becomes more commonplace, rather than attacking traditional, heavily monitored network services, criminals will evolve once again using mobile devices as an easy way to get into the enterprise and access valuable data.”

“With the recent news of both ad SDKs inside apps and the mobile apps themselves leaking personal and corporate data, businesses are more aware than ever of the need to implement solutions that minimize data leakage and loss. To combat these rising concerns around data leakage, businesses large and small will look to rapidly adopt products to help control data leakage on phones.”

Let me propose again a few suggestions for improve the security of your mobile devices.

• Use applications to increase the safety of the device. The principal antivirus companies are producing applications that allow even inexperienced users to avoid nasty surprises.
• Be careful visiting third-party app stores. These are the favorites places for malware writers because usually every control on the quality of the apps is absent.The likelihood of you encountering malware on an alternative app store is really high.
• Avoid to downloading utility and porn applications from unverified sources because these types of apps are most likely to have malware hidden inside.
• Be careful clicking on a shortened URL in an SMS message or on a social networking site. Social network platformare preferential place for malware spreading.
• Pay attention to all interactions required by our mobile applications, make sure to authorize only necessary transactions.
• Be careful clicking on in-app advertisements. When clicking on ads, you need to confident that the ad directs to where you expect to be directed.

Pierluigi Paganini

(Security Affairs –  Mobile device security, malware)