Mobile malware continues to grow not only in number but in sophistication. We recently spotted botnet malware running on over a million infected smartphones. And while Android users are the main targets, Apple users could soon find themselves victims with reports of pirated apps finding their way on iOS devices. With these recent developments, our prediction of 1 million malicious detections by the end of 2013 hardly seems far-fetched.

But should users be concerned about malware only? No, they should also be concerned about their data. Given some of the activities done on smartphones involve a lot of information—email, gaming, and social networking—protecting data on mobile devices should be a priority.

While data stealing malware is a threat to privacy, legitimate apps can also put user data at risk. But these aren’t the only ways that information can go public. Common user behavior such as connecting to public WiFi networks and playing games on social media sites can allow others to view online activities. Browsing histories can be collected to send targeted ads to users. Even online profiles can become a risk, if users post too many details.

Read the rest of this entry »

In 2010, we noted CARBERP’s noteworthy features, including its capability to install itself without Administrator Privileges, effectively defeating Windows 7 and Vista’s User Account Control (UAC) feature. In 2012, however, a positive turn of events occurred as 8 individuals involved with CARBERP operations were arrested by Russia’s Ministry of Internal Affairs. This arrest should have put the final nail into CARBERP’s coffin.

But just recently, CARBERP is making news again, with an improved (and costly) versions and mobile app variants available in the wild.

Detected as BKDR_CARBERP.MEO, this malware downloads new plugins to complement its information stealing routines, including vnc.plug and vncdll.plug that help a possible attacker to remotely access an infected system and Ifobs.plug used in monitoring Internet banking.

This backdoor also connects to certain control-and-command (C&C) servers to get commands from a possible remote user. Like other CARBERP variants, it targets Russian banks.

In an attempt to take advantage of the growing number of mobile device users, mobile versions of CARBERP were also found on certain app providers including Google Play (first seen around December last year). These apps (detected as ANDROIDOS_CITMO.A) check for specific SMS messages like authentication codes sent by banks and forward this to a remote server.

Read the rest of this entry »