• TREND MICRO
  • ABOUT
Search:
  • Latest Posts
  • Categories
    • Android
    • AWS
    • Azure
    • Cloud
    • Compliance
    • Critical Infrastructure
    • Cybercrime
    • Encryption
    • Financial Services
    • Government
    • Hacks
    • Healthcare
    • Internet of Everything
    • Malware
    • Microsoft
    • Mobile Security
    • Network
    • Privacy
    • Ransomware
    • Security
    • Social Media
    • Small Business
    • Targeted Attacks
    • Trend Spotlight
    • Virtualization
    • Vulnerabilities
    • Web Security
    • Zero Day Initiative
    • Industry News
  • Our Experts
    • Ed Cabrera
    • Rik Ferguson
    • Greg Young
    • Mark Nunnikhoven
    • Jon Clay
    • William “Bill” Malik
  • Research
Home   »   Industry News   »   Current News   »   A look at mobile malware: Worst samples of 2014 and predictions for 2015

A look at mobile malware: Worst samples of 2014 and predictions for 2015

  • Posted on:January 25, 2015
  • Posted in:Current News, Industry News
  • Posted by:
    Trend Micro
0

In the current environment, there’s little doubt that users the world over are relying more on their mobile devices. This extends to the consumer market, where individuals leverage their smartphones and tablets for mobile Web browsing, online shopping, social media and games. At the same time, corporate workers are increasingly utilizing their mobile hardware to connect with co-workers while on the go and boost their productivity. In each case, however, users must look out for threats that impact the mobile platform.

With so many people using their mobile devices for a range of purposes, the platform becomes an increasingly attractive target for hackers. This is particularly true in the enterprise world, where staff members might leverage their smartphones and laptops to share mission-critical, sensitive information that provides just the motivation hackers need to take aim at businesses and their mobile activities. Such was the case last year, and experts predict that these threats will continue in 2015.

In this spirit, let’s take a look back at some of the mobile malware trends that emerged in 2014 and what experts predict is in store for mobile users this year.

2014 mobile malware environment: Top cybercriminal strategies
Although hackers used a range of different techniques to attack the mobile platform, a few of these approaches were seen more often than others. McAfee blog contributor Lianne Caetano noted that these mobile malware trends impacted users of both Android and iOS devices, and many of these instances involved malware-laced mobile advertisements.

According to Caetano, a recent study revealed that last year, the main attack strategy used for mobile malware infection was malicious ads, or “malvertisements.”

“Mobile ads accompany a significant amount of content, and whether you find them annoying or amusing, cybercriminals have turned their attention toward using them to spread malware to unsuspecting users,” Caetano wrote.

These malicious ads may not seem like a high-level threat, but the fact that the infectious sample can be masked so that the ads are delivered through legitimate advertising networks make them a formidable risk. In this way, the networks providing these ads are unknowingly and unwittingly offering up malware to users, which when clicked up, leads individuals to malicious websites through Trojans contained in the ads. For example, that banner in a program advertising a new online game might be delivering more than just an exciting gaming experience – it could also be tricking users into downloading malware onto their smartphones or tablets.

Another leading mobile malware strategy that gained the attention of white hats last year was an approach that targeted iOS devices using keylogging technology. Despite being one of the least-attacked operating systems, threats to Apple’s iOS has been increasing recently, and the iOS keylogger is just one example. Last year, security researchers discovered the potential for hackers to exploit the way applications run in the background on Apple devices, leveraging them for keylogging. In this way, any information the user might type on their screen – his or her username, passwords, payment card details or other sensitive data – is recorded by cybercriminals and can be saved and used later for fraudulent purposes. Thankfully this flaw cannot be exploited by the run-of-the-mill hacker – Caetano noted that it would take considerable skill to install and utilize keylogging malware on Apple’s mobile platform.

Mobile malware in 2015: Trends and predictions
Although these were the strategies of choice for hackers last year, experts predict that 2015 will bring new infection approaches, including the use of mobile ransomware. By now, many remember the computer-based ransomware, such as the widely known Cryptolocker sample. These infections lock down a device and all of its files with encryption, and demand that user pays a ransom for the safe return of their files. In many cases, even if victims did pay the fine, their desktops were not unlocked.

According to ZDNet contributor Adrian Kingsley-Hughes, this attack initiative will move from PCs to mobile devices, using the same tell-tale signals.

“We have already seen mobile malware variants that encrypt phone data and demand payment to retrieve,” Kingsley-Hughes wrote. “Pre-existing phone backup options will make this threat less severe, however many users still might be willing to pay to get their data back.”

Kingsley-Hughes also predicted that this year will see a considerable rise in mobile banking Trojans, a continuation of a threat that began in 2014. As more users leverage their devices for increasingly sensitive activities like banking, hackers are more motivated to take advantage. Oftentimes, attacks in this space take place through the use of legitimate-looking mobile sites that trick users into entering their personal information. With the individual’s username and password in hand, the cybercriminal can do whatever they please with the information – sell it to other hackers on an underground marketplace, or use it themselves to drain funds from the victim’s account.

Mobile malware: Just a lot of hype?
While it’s clear that the threat of mobile malware is out there, a number of experts have noted that the number of samples being created doesn’t automatically equate to the same amount of infections. For instance, New York Times contributor Molly Wood noted that although there was a 197 percent rise in mobile malware samples from 2012 to 2013, the number of infections didn’t increase at the same rate. Even one of the top infections during that time was only able to infect an estimated 20,000 to 40,000 users, a small percentage of the total number of devices being used.

Security firm Damballa supported Wood’s findings, noting that a recent study showed that less than 1 percent – 0.65 percent, to be exact – of the 7 billion devices in the world have been impacted by mobile malware. As such, this threat might not be as bad as many make it seem.

However, users should still make every effort to protect their mobile activities and prevent infection.

“[T]his doens’t negate the need for users and IT organizations to do their due diligence,” Damballa noted. “Most of this involves using common sense.”

Users and businesses can better protect their mobile devices and tasks by leveraging screen locks and authentication credentials for their applications and ensuring that they are careful about what they download. In addition, just as with computers, users should exercise caution when opening links and attachments and regularly install available security patches and updates. This can help mitigate the risk of mobile malware and keep information stored on corporate devices secure.

Related posts:

  1. Malware in 2015: More advanced, easier to leverage
  2. Virus and malware outlook 2014: Top samples, infection symptoms and prevention strategies
  3. Looking back on 2014’s worst data breaches
  4. Looking back at mobile malware and Web attacks from 2014

Security Intelligence Blog

  • Our New Blog
  • How Unsecure gRPC Implementations Can Compromise APIs, Applications
  • XCSSET Mac Malware: Infects Xcode Projects, Performs UXSS Attack on Safari, Other Browsers, Leverages Zero-day Exploits

Featured Authors

Ed Cabrera (Chief Cybersecurity Officer)
Ed Cabrera (Chief Cybersecurity Officer)
  • Ransomware is Still a Blight on Business
Greg Young (Vice President for Cybersecurity)
Greg Young (Vice President for Cybersecurity)
  • Not Just Good Security Products, But a Good Partner
Jon Clay (Global Threat Communications)
Jon Clay (Global Threat Communications)
  • This Week in Security News: Ransomware Gang is Raking in Tens of Millions of Dollars and Microsoft Patch Tuesday Update Fixes 17 Critical Bugs
Mark Nunnikhoven (Vice President, Cloud Research)
Mark Nunnikhoven (Vice President, Cloud Research)
  • Twitter Hacked in Bitcoin Scam
Rik Ferguson (VP, Security Research)
Rik Ferguson (VP, Security Research)
  • The Sky Has Already Fallen (you just haven’t seen the alert yet)
William
William "Bill" Malik (CISA VP Infrastructure Strategies)
  • Black Hat Trip Report – Trend Micro

Follow Us

Trend Micro In The News

  • Cloud-based Email Threats Capitalized on Chaos of COVID-19
  • Detected Cyber Threats Rose 20% to Exceed 62.6 Billion in 2020
  • Trend Micro Recognized on CRN Security 100 List
  • Trend Micro Reports Solid Results for Q4 and Fiscal Year 2020
  • Connected Cars Technology Vulnerable to Cyber Attacks
  • Home and Home Office
  • |
  • For Business
  • |
  • Security Intelligence
  • |
  • About Trend Micro
  • Asia Pacific Region (APAC): Australia / New Zealand, 中国, 日本, 대한민국, 台灣
  • Latin America Region (LAR): Brasil, México
  • North America Region (NABU): United States, Canada
  • Europe, Middle East, & Africa Region (EMEA): France, Deutschland / Österreich / Schweiz, Italia, Россия, España, United Kingdom / Ireland
  • Privacy Statement
  • Legal Policies
  • Copyright © 2017 Trend Micro Incorporated. All rights reserved.