• Home
  • Cyber Crime
  • Cyber warfare
  • APT
  • Data Breach
  • Deep Web
  • Digital ID
  • Hacking
  • Hacktivism
  • Intelligence
  • Internet of Things
  • Laws and regulations
  • Malware
  • Mobile
  • Reports
  • Security
  • Social Networks
  • Terrorism
  • ICS-SCADA
  • POLICIES
  • Contact me
MUST READ

McDonald’s job app exposes data of 64 Million applicants

 | 

Athlete or Hacker? Russian basketball player accused in U.S. ransomware case

 | 

U.S. CISA adds Citrix NetScaler ADC and Gateway flaw to its Known Exploited Vulnerabilities catalog

 | 

UK NCA arrested four people over M&S, Co-op cyberattacks

 | 

PerfektBlue Bluetooth attack allows hacking infotainment systems of Mercedes, Volkswagen, and Skoda

 | 

Qantas data breach impacted 5.7 million individuals

 | 

DoNot APT is expanding scope targeting European foreign ministries

 | 

Nippon Steel Solutions suffered a data breach following a zero-day attack

 | 

Iranian group Pay2Key.I2P ramps Up ransomware attacks against Israel and US with incentives for affiliates

 | 

Hackers weaponize Shellter red teaming tool to spread infostealers

 | 

Microsoft Patch Tuesday security updates for July 2025 fixed a zero-day

 | 

Italian police arrested a Chinese national suspected of cyberespionage on a U.S. warrant

 | 

U.S. CISA adds MRLG, PHPMailer, Rails Ruby on Rails, and Synacor Zimbra Collaboration Suite flaws to its Known Exploited Vulnerabilities catalog

 | 

IT Worker arrested for selling access in $100M PIX cyber heist

 | 

New Batavia spyware targets Russian industrial enterprises

 | 

Taiwan flags security risks in popular Chinese apps after official probe

 | 

U.S. CISA adds Google Chromium V8 flaw to its Known Exploited Vulnerabilities catalog

 | 

Hunters International ransomware gang shuts down and offers free decryption keys to all victims

 | 

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 52

 | 

Security Affairs newsletter Round 531 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 
  • Home
  • Cyber Crime
  • Cyber warfare
  • APT
  • Data Breach
  • Deep Web
  • Digital ID
  • Hacking
  • Hacktivism
  • Intelligence
  • Internet of Things
  • Laws and regulations
  • Malware
  • Mobile
  • Reports
  • Security
  • Social Networks
  • Terrorism
  • ICS-SCADA
  • POLICIES
  • Contact me
  • Home
  • Cyber Crime
  • Malware
  • Security
  • Cyber threats in mobile environment

Cyber threats in mobile environment

Pierluigi Paganini April 20, 2012

Today I desire to share with you the results of a study of Trend Micro security firm focused on mobile threat incidents related to the first quarter of 2012. The large diffusion of mobile devices and the leak of awareness on the principal cyber threats have produced an increasing interest of the cybercrimein mobility sector, Android platform is the most one interested with more over 5000 new malicious apps. The study analyzes every kind of mobile devices like laptops, tablets and global positioning system (GPS) devices. Companies and governments must be aware on the risks related to a wrong usage of powerful instruments that could expose sensible information if the owners hot take necessary precautions. The true revolution in information technology world is the development and deployment of mobile systems, machines characterized by processing capacity equal to a common desktop. Why we believe the mobile systems are so precious? They are somehow an extension of our person, follow us everywhere, track our position, they know our contacts (email, phone numbers), manage our appointments, and when we surf on the web through these devices indirectly we provide them information on our customs and traditions. As announced, the study reveals that Android-based smartphones suffered from more cybercriminal attacks due the increasing of their exposition to cyber threats. Smartphones and tablets due to their convenience are becoming the preferred tools for browsing the Internet, the percentage of accesses to the network from these mobile devices has increased significantly, trend was evident in all countries, with the UK showing the largest increase in smartphone usage from 30 to 45% of the total populations.

  We have observer an increasing attention of cybercrime in mobile sector, cyber criminals are often exploiting security vulnerabilities in legitimate mobile apps, making data extraction and information gathering easier. The purpose is to stole sensible information to the users like banking credentials but not only, cyber espionage is another phenomenon that is exploded, cyber criminals and government spies have discovered that is really comfortable to spy on an individual simply controlling its mobile. Malicious apps are able to control emails, sms messages, GPS location and voice communications. Another threat of serious concern is the rapid spread of botnet based on mobile devices, it is favored by the almost total absence of protection mechanisms so difficult to tackle and by the difficult to trace the agents composing the network. This cyber threats must alert private industry but especially institutional environment, the risk of data exposure is really high and due the young growth of the sector we are still too vulnerable. Cyber ​​criminals and government agencies are aware of the importance of information gained from our mobile and therefore are showing high interest in the field. Hacker groups like Anonymouswill pose a bigger threat to organizations that protect highly sensitive data, targeting companies and individuals for various political reasons. We have registered an exponential growth of malware designed to attack mobile systems and steal sensitive information, useful for the accomplishments of frauds, very impressed the banking sector. Don’t forget that hacktivism is considered one of the most serious threat by all the governments of the world.

The scenario of a mobile attack is always the same, the App stores that is the sites for software download and the mobile apps serve as programs users download onto our mobile devices. Users who download from app stores may downloading compromised app infected by malware. The number of application available on the store is increasing day by day especially for the open platforms like android.   Let’s consider also that there are also third-party stores that provide alternative apps for users, but downloading from these unofficial channels it’s very dangerous for final users. The main problem related alternative app stores are that they are not sufficiently controlled or that can be managed by cyber criminals to provide fake copy of legitimated application modified to realize the fraud. Due the different malware targeting the Android OS several companies have tried to categorized them depending on the fraud and attack schema implemented. Following the categorization proposed by Trend Micro.   As previously mentioned, Android Market has less restrictions when it comes to registering as a developer. The strategy is implemented to encourage app developers to adopt the platform, of course this also makes it is easier for cybercriminals to  upload their malicious apps or their Trojanized counterparts.  Following some of noteworthy incidents, listed by Trend Micro, that leveraged this loophole:

  • We analyzed several Trojanized applications found in the Android Market detected as ANDROIDOS_LOTOOR.A. One of these apps is the game Falling Down, which renders similar to the clean version. Once installed, the Trojanized version asks for more access permissions. It also gathers device information like IMEI and IMSI numbers and roots affected devices.
  • One of the malware variants found in the Android Market is the notorious DroidDreamLight variant. Trend Micro researchers found an app that promotes itself as a .APK file management tool. However, instead of helping users, this app (detected as ANDROIDOS_DORDRAE.M) collects device-related information and uploads it to remote servers. It was immediately taken off the Android Market.
  • Google released the Android Market Security Tool in the Android Market. Cybercriminals, on the other hand, were not deterred by this tool and even released a Trojanized version. Detected as ANDROIDOS_BGSERV.A, it acts as a backdoor that gathers information from the device and sends these to a remote URL.

Cybercriminals have also created and distributed malware using the names of popular apps that are not yet available on the Android Market. Android users anticipating these games are the likely victims of this ruse. A recent example is a fake version of Temple Run we found in the Android Market. The reports alert mobile users regarding the extention of common threat to mobile environments like advanced persistent threats (APTs). For the implicit nature of the attacks they are considered “campaigns” rather than singular “incidents,”. The introduction of mobile devices has considerably incremented the attack surface making this attacks most frequent. Mobile are simple to infect trought any infected media.

The report provides some interesting data related to the “Luckycat Campaign” linked to 90 attacks targeting several industries in Japan and India as well as Tibetan activists in 2011. The attacks exploited several vulnerabilities in Microsoft Office as well as Adobe Reader, Acrobat, and Flash Player via specially crafted email attachments.

But mobile is synonimous of social, the social networks are the application that most benefit of mobility revolutionizing the concept of privacy. The imperative are “be social” and “share”, two concepts that expose million of unsuspecting users to serious cyber threats. Exploiting with different techniques the “social” model its is possible to reveal personal data to other parties.
This situation is most dangerous if we consider that the accesses are made via mobile devices. We have discovered a lot vulnerabilities related to this platforms and the application that run on it, let’s also considere the increment of malware developed with the specific intent to steal any kind of information from this instruments.

As predicted cyber criminals are exploiting new vector to spread their attacks, the report end with some interesting data on email spam and ramsonware, two cyber threats in constant growing. Mobile phone spam is a form of spamming directed at the text messaging service of a mobile phone. It is described as mobile spamming, SMS spam, text spam or mspam. Through spam can ensnare a user into visiting infected or link to download a malicious application.

The quick overview of the mobile universe has the purpose to spread awareness on emerging cyber threats, unfortunately today it is still low. The increased diffusion of mobile devices and the increasing processing capacity represent an high motive of interest on the part of cybercrime and even governments to spy on users.
For now, the concept of security and mobility clashing and there is still much to do …

Pierluigi Paganini


facebook linkedin twitter

advanced persistent threats Anonymous APT Botnets Cyber attacks Cyber Crime cyber espionage cyber threat cyber threats Cybercrime Hacktivism Luckycat malware mobile mobile threat social networks Trend Micro

you might also like

Pierluigi Paganini July 12, 2025
McDonald’s job app exposes data of 64 Million applicants
Read more
Pierluigi Paganini July 11, 2025
U.S. CISA adds Citrix NetScaler ADC and Gateway flaw to its Known Exploited Vulnerabilities catalog
Read more

leave a comment

newsletter

Subscribe to my email list and stay
up-to-date!

    recent articles

    McDonald’s job app exposes data of 64 Million applicants

    Hacking / July 12, 2025

    Athlete or Hacker? Russian basketball player accused in U.S. ransomware case

    Uncategorized / July 11, 2025

    U.S. CISA adds Citrix NetScaler ADC and Gateway flaw to its Known Exploited Vulnerabilities catalog

    Hacking / July 11, 2025

    UK NCA arrested four people over M&S, Co-op cyberattacks

    Cyber Crime / July 10, 2025

    PerfektBlue Bluetooth attack allows hacking infotainment systems of Mercedes, Volkswagen, and Skoda

    Hacking / July 10, 2025

    To contact me write an email to:

    Pierluigi Paganini :
    pierluigi.paganini@securityaffairs.co

    LEARN MORE

    QUICK LINKS

    • Home
    • Cyber Crime
    • Cyber warfare
    • APT
    • Data Breach
    • Deep Web
    • Digital ID
    • Hacking
    • Hacktivism
    • Intelligence
    • Internet of Things
    • Laws and regulations
    • Malware
    • Mobile
    • Reports
    • Security
    • Social Networks
    • Terrorism
    • ICS-SCADA
    • POLICIES
    • Contact me

    Copyright@securityaffairs 2024

    We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept All”, you consent to the use of ALL the cookies. However, you may visit "Cookie Settings" to provide a controlled consent.
    Cookie SettingsAccept All
    Manage consent

    Privacy Overview

    This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities...
    Necessary
    Always Enabled
    Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
    Non-necessary
    Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
    SAVE & ACCEPT