Successful cybercriminals always have an acute awareness of the latest technology trends sweeping through consumer circles and professional communities. By studying which devices, websites, searches and transactions are most popular at any given time, they are better positioned to design economical attacks that generate larger returns from smaller investments of their time and skill. As a result, Internet security experts have recognized for some time that the most popular online activities tend to be a magnet for cybercriminal plots as well.
The logic and anecdotal evidence underlying this assumption has been bolstered in recent times by an influx of new empirical confirmations. For example, Microsoft's latest security intelligence report outlined a direct correlation between the license key generator (Keygen) tools commonly used to facilitate free access to software and a rash of malware infections. Now, TrendLabs' 3Q 2012 Security Roundup has added fresh insight to the discussion by outlining the spike in cybercrime that has arisen in direct correlation to user preferences and developer habits.
Sixfold spike in Android malware
Android continues to be the dominant mobile operating system in the American marketplace, supporting 52.6 percent of all U.S. smartphone subscribers according to comScore's latest figures. However, it is no secret that this popularity has come at a price. With cybercriminals inclined to shift their focus in the direction where the majority of users are assembled, Google has spent much of the year answering questions regarding the explosion of malware that has been exploiting weaknesses in its proprietary mobile platform and associated application marketplace.
The news did not get any better in the third quarter, with TrendLabs researchers identifying a sixfold increase in Android malware during that time. The fact that approximately 30,000 malicious and potentially dangerous apps were circulating back in June was already a major point of concern, but as of September that figure has ballooned to nearly 175,000 unique variations.
"It's becoming increasingly clear that the mobile space is the next great frontier for malicious activity," Trend Micro's Erica Benton explained in a related blog post. "And the cybercriminals are clearly favoring Android as their preferred target in this space. After the findings in this quarter's report, it's also clear that mobile devices need active protection just like PCs do."
As the report alluded to, there have been several telling clues that suggest elaborate, PC-based threats are being adapted for mobile platforms. For example, the malicious programmers behind the Luckycat campaign appear to be developing Android application files capable of executing commands sent from remote command-and-control servers to harvest device data.
In line with this emphasis on trawling smartphone contents for information that could inform future attacks, cybercriminals are also profiting from their understanding of how legitimate mobile ad campaigns are designed.
One of the most notable commercial benefits of expanded mobility has been the rise of the so-called "app economy." By creating simple, but useful productivity tools and fun games, mobile application developers have proven capable of generating everything from a respectable second income to small fortunes. One increasingly attractive and viable way to achieve these results is to offer programs for free and profit from the inclusion of sponsored ads.
As such strategies have taken off in recent months, cybercriminals have inserted themselves into the equation with more aggressive mobile adware. While legitimate ads will collect a certain amount of personal information from users who supply their consent, hackers are going above and beyond to mine deeper into device data without owner approval.
"Apps that access your call history without informing you via and end-user license agreement (EULA) or their user interface (UI) constitute malicious behavior from a security perspective and are detected. Ad networks present a unique challenge though," the report stated. "Unfortunately, in-app networks provide sometimes gather more information than developers declare. While in some instances this oversight is unintentional, failure to alert users of data-gathering behavior introduces privacy risks."
With developers and ad networks still trying to iron out these discrepancies, cybercriminals are capitalizing on the confusion. According to the report, the fact that just one in five Android device owners use a dedicated data security application only put hackers farther ahead.
While mobile devices seem to be the primary backdrop for this "price of popularity" phenomenon, some issues apply across platforms. Most notably, social media continues to serve up a variety of enticing opportunities for savvy cybercriminals.
For example, TrendLabs researchers discovered that LinkedIn was the most popular target of hackers leveraging the Blackhole Exploit Kit. In fact, the professional networking site was used more than twice as frequently as more ostensibly finance-focused entities such as PayPal, Intuit and ADP.
Not surprisingly, researchers also observed a continued rise in Facebook scams that could help cybercriminals gather sensitive personal information and build extensive target profiles. Even Tumblr users have become victims of baiting tactics that leverage fraudulent web apps and malicious banner ads to trick them into supplying the kind of information that could help hackers guess security questions or launch full-scale identify theft.
"Survey scams live on because the payoff – getting tons of personal data from users – is something the bad guys can't pass up on," the report concluded.
Security News from SimplySecurity.com by Trend Micro