Commoditization increasingly seen in mobile malware

Posted by   Virus Bulletin on   May 16, 2013

Number of malicious samples and families increase, as Android remains most popular mobile platform.

As the number of mobile malware samples in existence continues to grow faster than ever, the mobile threat landscape is looking more and more like that of Windows.

Five years ago, a poll of visitors to this website found that fewer than 30% of smartphone users ran an anti-virus application on their phone.

This wasn't just a case of users not following experts' advice: there was a big debate among industry experts as to whether the threat from mobile malware was significant enough to warrant paid-for security software. Even those who sold such software readily admitted that the threat was low, and that for 'regular' users, there was no pressing need to install AV protection on their mobile devices.

How things have changed.

In the latest edition of its quarterly 'Mobile Threat Report', F-Secure highlights the fast growth of mobile malware: the company has now detected 149 different mobile malware families. F-Secure is not alone in seeing the number of mobile threats increase: Fortinet says it sees more than 1,000 new mobile malware samples every day, with the total number of samples having exceeded 150,000.

However, it isn't just the quantity that worries the authors of the F-Secure report - they also note the increased commoditization of mobile malware. Examples of this include the Stels trojan - which masquerades as a Flash Player update and spreads via spam sent by the Cutwail botnet - and Pekele, a banking trojan that can help circumvent two-factor authentication and which is sold to gangs running smaller Zeus-based botnets.

There are other ways in which the mobile threat landscape has started to resemble that of Windows. The report mentions mobile malware being used to propagate job offer scams, while Chuli is an information-stealing trojan that was used in a targeted attack against Tibetan activists.

Of course, one major way in which the mobile landscape differs from that of Windows is in the fact that no single mobile operating system has anything approaching a monopoly. However, mobile malware is not evenly distributed among all operating systems - the vast majority (136 of the 149 families detected by F-Secure) targets the Android platform (which will come as little surprise to those that follow the security news). While a policy of only installing apps from the official Google Play store will help to keep most threats at bay, it won't guarantee that the apps you install don't include a malicious payload.

Mobile malware has been a popular subject at Virus Bulletin conferences since it first became an issue. The VB2013 programme includes a morning dedicated to papers on various aspects of mobile malware and security.

VB2013 takes place 2-4 October 2013 in Berlin, Germany. Registration is available here.

Posted on 16 May 2013 by Martijn Grooten

twitter.png
fb.png
linkedin.png
hackernews.png
reddit.png

 

Latest posts:

VB2019 conference programme announced

VB is excited to reveal the details of an interesting and diverse programme for VB2019, the 29th Virus Bulletin International Conference, which takes place 2-4 October in London, UK.

VB2018 paper: Under the hood - the automotive challenge

Car hacking has become a hot subject in recent years, and at VB2018 in Montreal, Argus Cyber Security's Inbar Raz presented a paper that provides an introduction to the subject, looking at the complex problem, examples of car hacks, and the…

VB2018 paper and video: Android app deobfuscation using static-dynamic cooperation

Static analysis and dynamic analysis each have their shortcomings as methods for analysing potentially malicious files. Today, we publish a VB2018 paper by Check Point researchers Yoni Moses and Yaniv Mordekhay, in which they describe a method that…

VB2019 call for papers closes this weekend

The call for papers for VB2019 closes on 17 March, and while we've already received many great submissions, we still want more!

Registration open for VB2019 ─ book your ticket now!

Registration for VB2019, the 29th Virus Bulletin International Conference, is now open, with an early bird rate available until 1 July.

We have placed cookies on your device in order to improve the functionality of this site, as outlined in our cookies policy. However, you may delete and block all cookies from this site and your use of the site will be unaffected. By continuing to browse this site, you are agreeing to Virus Bulletin's use of data as outlined in our privacy policy.