Mobile Malware Rebounds and Keeps Growing, Report Says

What's This?

By Lorenzo Franceschi-Bicchierai2013-08-21 04:09:14 UTC

After suffering a slight drop in the first three months of 2013, mobile malware has rebounded, with 18,000 new malware species detected, according to a new report (.PDF) by security firm McAfee.

This number, among others, indicates that cybercriminals keep focusing their efforts on infecting smartphones rather than computers, as people not only use their phones more frequently, but also because they are starting to use their cellphone for activities that traditionally were only done on a computer, like banking.

See also: Operation 'Dragon Lady' Uncovers Huge Russian Android SMS Fraud Network

"The fuzzy line between your computer and your cellphone is almost blasted away at this point in time," said Adam Wosotowsky a messaging data architect at McAfee. "There's really not that much of a difference between your cellphone and your computer anymore."

That means more and more people do things like banking on their cellphones — and they don't realize that they need to be secure with their phones just like they need to be with their computers.

McAfee detected four new types of malware that can steal banking logins and passwords and then also intercept the text messages sent to the phone with the code used for the two-factor authorization, giving them complete control over the victim's bank account.

As more people do online baking on their phones, cybercriminals have realized that there's a lot of money to make there, more than in traditional cellphone frauds.

"Previously, if you were to infect somebody's phone you were going to make money by premium SMS or premium phone calls – now we're actually seeing banking fraud occurring to your phone because they're basically little computers," Wosotowsky said.

This is usually done with fake apps that pose as legit apps of banks, but actually contain malware designed to steal credentials and intercept the security code sent over by SMS. Wosotowsky noted that this is a big risk especially in Asia, where users rely more on third party app stores because the official one, Google Play, is mostly in English and not in their native language.

And like we've learned before, third party app stores aren't too safe.

"Unfortunately there's not nearly as much of an oversight associated with these unofficial app stores as compared to the normal Android store, which is very tightly controlled from a security perspective," said Wosotowsky.

The first six months of 2013 represent the resurgence of ransomware as well. Ransomware is a special type of malware that once it infects a victim's computer or phone, it locks it, flashing a message requesting the payment of a certain sum of money to unlock it.

From January until June 2013 McAfee discovered 474,744 new samples of ransomeware. That's more than the total amount of ransomware detected in six years, from January 2007, until the end of 2012.

"The primary reason for ransomware’s growth," reads the report, "is that it is a very efficient means for criminals to earn money because they use various anonymous payment services." And also, because a victim is highly tempted to just pay instead of asking for help.

Sometimes, Wosotowsky explained, the cybercriminals ask for less than $40, so it makes more sense to pay than to go to a shop and pay for assistance.

Other notable trends detected in the second quarter of 2013 is the comeback of email spam. McAfee detected 5.5 trillion spam messages, which represented approximately 70% of the global email volume.

To be safe against mobile threats, a user has to avoid as much as possible using third party app stores, or downloading .APK files — which have been used as spyware before.

And users just need to start changing their mindset, said Wosotowsky.

"A lot of people aren't used to thinking about their cellphone as a computer, they're used to thinking about their cellphone as a tool, or an implement that just magically does whatever it's supposed to do, and it's not vulnerable to infections."

Do you have antivirus or any protection software on your smartphone? Let us know in the comments.

Image: iStockphoto, seewhatmitchsee

Topics: malware, McAfee, Mobile, mobile security, ransomware, U.S., US & World, World