Profit leads motives for malware engineers

With mobile malware doubling year after year, NQ Mobile released new data and background information outlining the current threat landscape and projecting trends for the immediate future. Revealing details on infection rates and strains found around the world, the information demonstrates how such threats put sensitive data and bank accounts at risk.

Key statistics for 1H 2014 include:

• 85,970 new pieces of malware were discovered, a 68 percent increase over 1H 2013
• Infections were detected in 37.5 million Android devices in NQ Mobile’s database of 136 million active user accounts worldwide, an increase of 78.6 percent over 1H 2013
• 62 percent of malware falls into categories that can drive financial gain for malware engineers
• 11 percent of threats leaked users’ private data, which is often sold via the dark web.

Ransomware hits mobile users
NQ Mobile discovered the first new mobile malware strain to use file encryption ransomware for its attack. Dubbed “Simpelocker,” this Trojan was packaged with genuine Android apps and would infect the devices of unsuspecting users who unknowingly downloaded the APK file from apps in third-party markets. Once installed, the app would request permissions to perform a variety of actions like writing to external storage devices. The Trojan could also scan the SD card for specific file types (.jpeg; .bmp; .gif; .doc; .docx, etc.) and attempt to encrypt them.

Profit Leads Malware Motives
62 percent of malware in 1H represented categories likely to financially benefit cybercriminals at the expense of smartphone users, often through premium rate services and data overcharges.

Two examples are “Trick Connector” (a.payment.hdcSms.a), which led unsuspecting users to send premium SMS and automatically connect to the Internet, and “Stealth Subscribe” (a.payment.FakeInst.eaz), which would sign users up for recurring-charge services without their knowledge by sending messages in the background.

Scandals put spotlight on privacy threats from data theft
While news headlines throughout the past year have brought to light the ease which one can unwittingly be a victim of data theft or other invasion of privacy, this is nothing new to cybercriminals. In 1H 2014, 11 percent of mobile threats came in the form of a genuine or malicious app with the ability to gather and leak personal information without the device user’s knowledge or consent. This information is often shared or sold on the dark web via P2P, TOR and/or I2P networks to cybercriminals who then use social engineering tactics to gain access to the consumer’s finances.

In 1H 2014, the NQ Security Center captured and quarantined the “Fake Play” (a.privacy.FakeGooglePlay.a) virus, which masqueraded as the Google Play App Store. Once installed, the app could surreptitiously run in the background, intercepting and uploading users’ messages as well as contacts and app data.

Server-side botnets rapid as potential privacy killers
Server-side botnets remain one of today’s most pressing mobile security concerns. Known for their ability to remotely control the infected device, these threats interact with a remote server or client to upload or retrieve malicious codes or scripts and take device information such as IMEI, IMSI, mobile number, system version, to name a few, without user consent.

For example, the “Text Thief” (1.a.remote.Newnovel.a) virus was captured and eradicated by the NQ Security Center in Q1. This virus would automatically load and unpack an encrypted .jar file that could block text messages from designated numbers while sending unauthorized messages to paid subscriber services. It would also try to obtain system root privileges in order to download and silently install .apk files.

Emerging markets with unregulated app markets keep Android on top
Fuelled by rapid market penetration in the absence of consumer education and tightly-controlled app stores, the Android OS has broadened its lead as primary platform for mobile malware, representing 96 percent of all device infections. While this predominance will likely persist until other operating systems rise in popularity, there are signs that user education and secure app marketplaces are stemming the growth of infection rates in mature markets. For example, infection rates of new malware detected in markets with more mature Android penetration such as Russian and China have declined, those where Android is newer in the market such as Indonesia, Nigeria and Vietnam are increasing in new malware significantly.