The existence of fake mobile apps poses privacy and financial risks to users of the mobile web. As experts figure out the dangers of the consumerization and the lack of security of mobile devices, fake apps continue to grow.

Fake apps usually ride on the popularity of legitimate apps—for example, recently fake emails said that users had received voice mail from WhatsApp. These fake messages try to trick users to download them onto their mobile devices, from which they usually perform a combination of these malicious routines:

• send text messages to premium-rate numbers,
• steal data,
• control device for botnet operations,
• alter default text and background,
• lock device,
• send GPS location, and more.

Russia, a Big Fake Apps Player

Recent Trend Micro research on SMS fraud found that fake apps that abuse premium mobile services have their roots in Russia and are expanding from there. Russia is the top target for premium service abusers in part because there are few standard app stores in the country, which makes third-party app stores popular.

Figure 1. Countries most affected by SMS fraud

Cybercriminals will continue to broaden their coverage to other countries and regions. Given the lucrative ways that mobile devices can be abused, it is highly likely that many cybercriminals will move to mobile platforms as their primary income source. This month’s mobile review talks about why searching for popular apps is becoming dangerous – thanks to fake apps.

Inside a Premium Service Abuse Infection

Fake apps that abuse premium mobile services go through a series of stages before enrolling a user without their consent. Our infographic The High Cost of Premium Service Abusers conveniently explains the four stages of a premium service abuse infection and why downloading these apps is just the first of a list of concerns.

As globalization drives Brazilian industries forward, it also invites threats that aim on the weaknesses of growing market economies. Financial crimes have always topped the list of cyber security issues in Brazil, but as the country’s economy grows more people are exposed to the perks and problems of the latest computing technologies.

The recent Trend Micro paper “Brazil, Cybersecurity Challenges Faced by a Fast-Growing Market Economy” reveals that the country underwent a dramatic increase in cybercrime. Brazil has one of the fastest growing Internet user bases in the world—both a blessing and a curse when it comes to cyber security. The more Brazilians are able to access the Internet, the larger the cybercriminal market base becomes. With most displaying poor Internet usage habits, the Brazilian online market becomes a harvesting spot for cybercriminals.

The report discussed how this phenomenon has already gained ground by way of unpatched systems and old malware tricks. One major indicator of this is the major presence of the Conficker/DOWNAD malware, which underscores concerns surrounding users who overlook critical basic cyber security practices. As patches needed to remove Conficker/DOWNAD have been available for more than four years now, its presence indicates widespread failure to follow best practices on software patching, including running security software and updating it.

Brazil’s cybercrime landscape is partly a result of unsafe web practices and a thriving underground market. Today, Brazil sends out the most number of spammed messages in Latin America. Almost two out of five (38%) malicious emails from the region comes from Brazil. In addition, majority (58%) of malicious URLs are also hosted in Brazil. The country is also known as an active ground for command-and-control (C&C) servers and compromised computers that take part in large data-stealing botnet operations.

Figure 1. Heat Map of Latin American spam-sending country share breakdown, based on spam-sending IPs

The underground cybercriminal operations in Brazil revolve around gaining financial and personally identifiable information (PII) for profit. Their hacker forums are rife with exchanges for credit card information, virtual private server (VPS) hosting services, phishing kits, and others. For instance, the report reveals that information from ten credit cards amount to an average of R$700.

Online banking theft is especially rampant in the country, whose history of hyperinflation has once led to an early adoption of online financial systems and a large online banking community. In Brazil, cybercriminals prefer using the BANCOS online banking malware strain over ZeuS and other popular crimeware kits.

The emergence of the sophisticated crimeware kit, Picebot, has also revealed that cross-regional underground activities actively happen between hackers in Brazil—the start of a more mature and structured underground ecosystem.

Cybercriminals in Brazil are also known to add a local flavor to their data-stealing methods. These include using the local language in social scams, Orkut as an underground forum, and the Brazilian “Boleto” payment scheme as a money-making target.

Figure 2. Sample boleto used for financial transactions in Brazil. Highlighted sections show codes usually stolen/faked by cybercriminals

Cyber Security Steps in Progress

These risks to individuals, companies, governments, and information and communication technology (ICT) systems, have caused the Brazilian government to take action. The National Strategy of Defense was established in 2008 to protect public administration networks. Two laws, the Azeredo and Carolina Dieckman, were passed to establish police structure against cybercrime and criminalize unauthorized access to sensitive information, respectively. Numerous government research and incident groups were also created for cyber security infrastructure development and incident investigations.

As we broadly saw within the Latin American Region in “Latin American and Caribbean Cybersecurity Trends and Government Responses,” successfully meeting the challenges in Brazil requires political will, law enforcement resources, and a robust, ongoing public-private partnership (PPP) with Internet service providers (ISPs), security companies, and hardware and software vendors.

Find out more about the threat landscape in Brazil on our paper “Brazil, Cybersecurity Challenges Faced by a Fast-Growing Market Economy“.

For more information on the state of cybersecurity in Latin America, you may refer to our research paper (in cooperation with the Organization of American States) Latin American and Caribbean Cybersecurity Trends and Government Responses.

Check out the TrendLabs 2Q 2013 Security Roundup.

Threats on mobile platforms, devices, and applications have been swelling up over the past years; but this quarter, they have finally gone full throttle. Cybercriminals have found more sophisticated ways to bypass mobile security, and it’s not just through malicious applications anymore.

Android Updates Lag, Users Suffer Critical Flaws

Proof of the Android “Master Key” vulnerability rose with the discovery that cybercriminals can exploit the flaw to update original apps with malicious ones. The multicomponent OBAD malware, on the other hand, exploits an administration flaw to run complex stealth and propagation routines.

Patching these critical vulnerabilities is proving to be a problem given the sluggish Android update process. Android’s fragmentation issue pushes security patches through slow manufacturer-developer paths before reaching users.

To add to these, the malicious and high-risk Android app total continues to break records with this quarter’s 718,000 count. Users of the OS can expect that cybercriminals will continue in pursuit knowing that in just six months, malware apps have increased by 350,000—a feat that once took three years to achieve.

Timeline comparison of Android and Windows malware

This quarter’s mobile events are sure to cause lasting security problems. It doesn’t help that the mobile experience involves a large human factor involvement, from which many disastrous insecure habits are formed.

Online Banking Malware Up, More Threats Revamped

This quarter’s online banking threat count increased by nearly a third compared to last quarter. These threats claimed most of their victims from the United States, Brazil, Australia, and France.

Many of the big threats known to the industry return with revamped schemes and tricks. Looking at the underground market, experts saw malware kits pricing decrease over time. Some, like SpyEye, are even being bundled free if you buy other known kits. The Blackhole Exploit Kit (BHEK) uses a new FAREIT malware variant which is known to steal file transfer protocol (FTP) credentials and any personal information on a target computer. Targeted campaigns, like Safe, continue to attack enterprises. Server-side applications, Plesk, Ruby on Rails, and ColdFusion®, had vulnerabilities exploited. Social engineering threats now target multiple account access services, as Digsby, and use numerous blogging platforms as fake streaming pages.

These changes in the threat landscape call for proactive, clear-cut, and custom defense solutions. Find out more about this quarter’s mobile, cybercrime, APT, and other threats through our TrendLabs 2Q 2013 Security Roundup, Mobile Threats Go Full Throttle: Device Flaws Lead to Risky Trail. Check out key findings from all the research done in Q2, and learn more about all the details in our full report.

Trend Micro CTO Raimund Genes further discusses important points about the Security Roundup below.

Don’t forget to join our Facebook and Twitter discussions using the hashtags, #trendlabsroundup and #2Qlabnotes!

Deviating from its usual window-style interface, Microsoft’s Windows 8 operating system (OS) has excited customers with its tiled design and its promise of built-in security. The company released its new OS before November started, just in time to generate buzz before Black Friday and Cyber Monday. As a result, we saw Windows 8 devices making it to best deal offers from Sony, Costco, and Best Buy.

Now that Windows 8 is out in the market, the discourse turns from what’s new to why bother. What’s new is that Windows 8 offers a sleek computing experience while it answers longtime security problems, syncs to the well-loved cloud, and allows for easy sharing, among others. Some critics however find that many customers might not see the worth in shifting to the new OS, especially after they’ve grown to love Windows 7.

Still, security features in Windows 8 may just change the mind of many. We saw the platform offer several key security improvements, which, though mostly unseen by users, can be very effective in warding off threats. Our CTO Raimund Genes also mentioned this in his 2013 predictions, although he also noted that the improved security will be enjoyed mostly by consumers, since adopting to a new operating system is something that enterprises are known to have difficulty handling.

Read the rest of this entry »

Who goes on a shopping frenzy when seeing low-priced electronics and houseware just in time for the gift-giving season? Obviously a lot of people, as evidenced by the $1.25 billion total online spending seen on Cyber Monday last year, the heaviest in U.S. history. This year, entrepreneurs and consumers anticipate another record-breaking Cyber Monday as the holiday season approaches.

What’s more is that this online holiday shopping explosion is slowly spreading across the world. In Australia, a one-day online sale, Click Frenzy, is about to kick off Christmas shopping for the first time. At around the same time as Cyber Monday, online retailers in China offer large discounts on November 11, Singles Day.

Popular price comparison site, PriceGrabber, predicts that almost two in 10 consumers will shop using a mobile device—and of those mobile shoppers, seven in 10 will actually buy something! Building on the popularity of online shopping, mobile shopping is steadily catching on as a convenient and profitable trend.

Deal Breakers

How easy is it to shop on your mobile device? A few steps are all it takes to find a deal and buy it. But risks lie in the nicks and cracks where threat actors can butt in and pretend they care about getting you your product. You might not know it yet, but simply using free Internet connection or clicking paid search links can get you and your financial information into a lot of trouble.

Even now, we are already seeing product fraud and fake offers that use the US holiday, Black Friday, on spammed messages. Like last year’s fake Black Friday and Cyber Monday discount offers that led to malware, we believe cybercriminals will take advantage of this year’s Cyber Monday.

Risks Not Taken

It’s a good thing you’re not entirely powerless against these mobile sniffing dogs. To help you take advantage of online deals minus the fear of information theft, we make sure you are safe every step of the way.

Our recent infographic, “Manic Monday,” features a flow chart for secure mobile shopping. Here are also some security measures from our helpful e-guide, “Enjoy a Hassle-Free Mobile Shopping Spree!”

• Go straight to the source for the best deals in town. Deal aggregator apps are convenient, but make sure to download them direct from their developer’s webpages. This eliminates the chances of you downloading a fake app riddled with malicious code.
• Beware of mobile adware. You may end up getting swindled by one if you’re not careful. A security app like Trend Micro™ Mobile Security Personal Edition can detect these for you.
• Paying a fee is safer than getting Wi-Fi access for free. Be cautious with connecting to unsecured, ‘free’ Wi-Fi networks, as you may end up giving your personal information away to cybercriminals.Connect to legitimate, secured networks instead, even if it means paying a fee. Your privacy is worth it.