Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Mobile Vulnerabilities

  • Zero-Day Alerts

  • Recent Posts

  • Calendar

    August 2015
    S M T W T F S
    « Jul    
  • Email Subscription

  • About Us

    Author Archive - Rowena Diocton (Technical Communications)

    These days, when you see someone staring intently or tapping at their mobile phones, chances are that they’re busy with an app. This comes as no surprise as 80% of consumers’ time on mobile devices apps is spent in apps for gaming, news, productivity, utility, social networking, and more.

    Safe and Risky Apps

    We are currently seeing almost 11 million samples in existence as of October 2014. Of these samples, 64% are considered safe, while 23% are considered high risk or adware. The app permissions given to these types of apps may be used to cause potentially unwanted routines. Of all the malicious apps we detected, 13% are outright malicious, or categorized as malware. These types of apps are known to originate from third-party app stores, or simply put, non-Google Play stores.

    Figure 1. Cumulative Malware and High Risk/Adware App Detections Based on Unique Samples, October 2014

    For the month of October, we counted more than 532,000 new Android samples. Almost a third, 29%, are malware, while a third, 30%, are adware. Less than half, 41%, of the apps checked were considered safe.


    Figure 2. Malware and High Risk/Adware App Detections Based on Unique Samples, October 2014

     These threats fall in either one of the seven types of malicious apps we know, as follows:

    Figure 3. Android Malware Types

    We also continued to see desktop threats that can latch onto mobile devices as well, or vice versa. The USBATTACK malware for Android is one such threat. It poses as a device cleaner but actually does otherwise. This malware steals device information, downloads AUTORUN malware on the SD card, and then runs itself on a connected PC so it can use its microphone to record media.

    What drives these threats?

    For one, mobile app adoption continues to flourish. This results to an attractive market ripe for cybercriminal threats and scams. App stores also serve as catalysts for mobile usage, given that these house the apps that consumers are so fond of using.

    Based on our observations, third-party app stores are quite popular to mobile users this month. The number of downloaded apps from third-party app stores (4.17 million) is more than the number downloaded from Google Play (2.58 million) or than those downloaded from all other app stores (4.13 million).

    The expanding adoption of third-party app stores can be quite problematic for mobile users given that many cybercriminal app developers can easily distribute apps using these channels.

    Is a careful examination of apps really needed?

    In the technology industry, the process of vetting apps, or tracking which ones are secure and identifying those that are not, is a valid option to ensure the safety of app stores. The diagram below shows how the vendor Blackberry, for instance, makes use of the technology of vetting mobile apps:

    Figure 4. How Trend Micro Mobile App Reputation Service works

    Vetting helps with app validation before they are submitted to app stores to vet out the risky and/or malicious ones. Categories are also used, such as malware, private data leak, battery usage, etc., which consumers might find helpful in order to gauge which apps are not only safe but also optimal for use on their devices.

    Now that the shopping season is looming closer, more cybercriminals are expected to come up with rogue, malicious apps that target mobile payments. What better time to attack consumers but during the height of their shopping for Black Friday or Cyber Monday? Vetting apps is a way for app store operators can ensure the safety of their users, and at the same time, users can ensure the safety of the apps they download.

    Read more about the mobile landscape and threats found in October and the app categories that are used for vetting apps in our report, How Vetting Mobile Apps Works for App Stores and Its Users.


    Posted in Mobile | Comments Off on Good App/Bad App: Is Investigating Mobile Apps Necessary?

    The existence of fake mobile apps poses privacy and financial risks to users of the mobile web. As experts figure out the dangers of the consumerization and the lack of security of mobile devices, fake apps continue to grow.

    Fake apps usually ride on the popularity of legitimate apps—for example, recently fake emails said that users had received voice mail from WhatsApp. These fake messages try to trick users to download them onto their mobile devices, from which they usually perform a combination of these malicious routines:

    • send text messages to premium-rate numbers,
    • steal data,
    • control device for botnet operations,
    • alter default text and background,
    • lock device,
    • send GPS location, and more.

    Russia, a Big Fake Apps Player

    Recent Trend Micro research on SMS fraud found that fake apps that abuse premium mobile services have their roots in Russia and are expanding from there. Russia is the top target for premium service abusers in part because there are few standard app stores in the country, which makes third-party app stores popular.

    Figure 1. Countries most affected by SMS fraud

    Cybercriminals will continue to broaden their coverage to other countries and regions. Given the lucrative ways that mobile devices can be abused, it is highly likely that many cybercriminals will move to mobile platforms as their primary income source. This month’s mobile review talks about why searching for popular apps is becoming dangerous – thanks to fake apps.

    Inside a Premium Service Abuse Infection

    Fake apps that abuse premium mobile services go through a series of stages before enrolling a user without their consent. Our infographic The High Cost of Premium Service Abusers conveniently explains the four stages of a premium service abuse infection and why downloading these apps is just the first of a list of concerns.

    Posted in Bad Sites, Malware, Mobile | Comments Off on Connecting the Dots: Fake Apps, Russia, and the Mobile Web

    As globalization drives Brazilian industries forward, it also invites threats that aim on the weaknesses of growing market economies. Financial crimes have always topped the list of cyber security issues in Brazil, but as the country’s economy grows more people are exposed to the perks and problems of the latest computing technologies.

    The recent Trend Micro paper “Brazil, Cybersecurity Challenges Faced by a Fast-Growing Market Economy” reveals that the country underwent a dramatic increase in cybercrime. Brazil has one of the fastest growing Internet user bases in the world—both a blessing and a curse when it comes to cyber security. The more Brazilians are able to access the Internet, the larger the cybercriminal market base becomes. With most displaying poor Internet usage habits, the Brazilian online market becomes a harvesting spot for cybercriminals.

    The report discussed how this phenomenon has already gained ground by way of unpatched systems and old malware tricks. One major indicator of this is the major presence of the Conficker/DOWNAD malware, which underscores concerns surrounding users who overlook critical basic cyber security practices. As patches needed to remove Conficker/DOWNAD have been available for more than four years now, its presence indicates widespread failure to follow best practices on software patching, including running security software and updating it.

    Brazil’s cybercrime landscape is partly a result of unsafe web practices and a thriving underground market. Today, Brazil sends out the most number of spammed messages in Latin America. Almost two out of five (38%) malicious emails from the region comes from Brazil. In addition, majority (58%) of malicious URLs are also hosted in Brazil. The country is also known as an active ground for command-and-control (C&C) servers and compromised computers that take part in large data-stealing botnet operations.

    Figure 1. Heat Map of Latin American spam-sending country share breakdown, based on spam-sending IPs

    The underground cybercriminal operations in Brazil revolve around gaining financial and personally identifiable information (PII) for profit. Their hacker forums are rife with exchanges for credit card information, virtual private server (VPS) hosting services, phishing kits, and others. For instance, the report reveals that information from ten credit cards amount to an average of R$700.

    Online banking theft is especially rampant in the country, whose history of hyperinflation has once led to an early adoption of online financial systems and a large online banking community. In Brazil, cybercriminals prefer using the BANCOS online banking malware strain over ZeuS and other popular crimeware kits.

    The emergence of the sophisticated crimeware kit, Picebot, has also revealed that cross-regional underground activities actively happen between hackers in Brazil—the start of a more mature and structured underground ecosystem.

    Cybercriminals in Brazil are also known to add a local flavor to their data-stealing methods. These include using the local language in social scams, Orkut as an underground forum, and the Brazilian “Boleto” payment scheme as a money-making target.

    Figure 2. Sample boleto used for financial transactions in Brazil. Highlighted sections show codes usually stolen/faked by cybercriminals

    Cyber Security Steps in Progress

    These risks to individuals, companies, governments, and information and communication technology (ICT) systems, have caused the Brazilian government to take action. The National Strategy of Defense was established in 2008 to protect public administration networks. Two laws, the Azeredo and Carolina Dieckman, were passed to establish police structure against cybercrime and criminalize unauthorized access to sensitive information, respectively. Numerous government research and incident groups were also created for cyber security infrastructure development and incident investigations.

    As we broadly saw within the Latin American Region in “Latin American and Caribbean Cybersecurity Trends and Government Responses,” successfully meeting the challenges in Brazil requires political will, law enforcement resources, and a robust, ongoing public-private partnership (PPP) with Internet service providers (ISPs), security companies, and hardware and software vendors.

    Find out more about the threat landscape in Brazil on our paper “Brazil, Cybersecurity Challenges Faced by a Fast-Growing Market Economy.

    For more information on the state of cybersecurity in Latin America, you may refer to our research paper (in cooperation with the Organization of American States) Latin American and Caribbean Cybersecurity Trends and Government Responses.

    Posted in Bad Sites, Malware, Spam | Comments Off on Brazil Fights Old Malware, Spam, and Underground Market Growth

    roundupCheck out the TrendLabs 2Q 2013 Security Roundup.

    Threats on mobile platforms, devices, and applications have been swelling up over the past years; but this quarter, they have finally gone full throttle. Cybercriminals have found more sophisticated ways to bypass mobile security, and it’s not just through malicious applications anymore.

    Android Updates Lag, Users Suffer Critical Flaws

    Proof of the Android “Master Key” vulnerability rose with the discovery that cybercriminals can exploit the flaw to update original apps with malicious ones. The multicomponent OBAD malware, on the other hand, exploits an administration flaw to run complex stealth and propagation routines.

    Patching these critical vulnerabilities is proving to be a problem given the sluggish Android update process. Android’s fragmentation issue pushes security patches through slow manufacturer-developer paths before reaching users.

    To add to these, the malicious and high-risk Android app total continues to break records with this quarter’s 718,000 count. Users of the OS can expect that cybercriminals will continue in pursuit knowing that in just six months, malware apps have increased by 350,000—a feat that once took three years to achieve.

    PC-Mobile time comparison
    Timeline comparison of Android and Windows malware

    This quarter’s mobile events are sure to cause lasting security problems. It doesn’t help that the mobile experience involves a large human factor involvement, from which many disastrous insecure habits are formed.

    Online Banking Malware Up, More Threats Revamped

    This quarter’s online banking threat count increased by nearly a third compared to last quarter. These threats claimed most of their victims from the United States, Brazil, Australia, and France.

    Many of the big threats known to the industry return with revamped schemes and tricks. Looking at the underground market, experts saw malware kits pricing decrease over time. Some, like SpyEye, are even being bundled free if you buy other known kits. The Blackhole Exploit Kit (BHEK) uses a new FAREIT malware variant which is known to steal file transfer protocol (FTP) credentials and any personal information on a target computer. Targeted campaigns, like Safe, continue to attack enterprises. Server-side applications, Plesk, Ruby on Rails, and ColdFusion®, had vulnerabilities exploited. Social engineering threats now target multiple account access services, as Digsby, and use numerous blogging platforms as fake streaming pages.

    These changes in the threat landscape call for proactive, clear-cut, and custom defense solutions. Find out more about this quarter’s mobile, cybercrime, APT, and other threats through our TrendLabs 2Q 2013 Security Roundup, Mobile Threats Go Full Throttle: Device Flaws Lead to Risky Trail. Check out key findings from all the research done in Q2, and learn more about all the details in our full report.

    Trend Micro CTO Raimund Genes further discusses important points about the Security Roundup below.

    Don’t forget to join our Facebook and Twitter discussions using the hashtags, #trendlabsroundup and #2Qlabnotes!

    Posted in Bad Sites, CTO Insights, Malware, Mobile, Vulnerabilities | Comments Off on 2Q Security Roundup: Mobile Flaws Form Lasting Security Problems

    Deviating from its usual window-style interface, Microsoft’s Windows 8 operating system (OS) has excited customers with its tiled design and its promise of built-in security. The company released its new OS before November started, just in time to generate buzz before Black Friday and Cyber Monday. As a result, we saw Windows 8 devices making it to best deal offers from Sony, Costco, and Best Buy.

    Now that Windows 8 is out in the market, the discourse turns from what’s new to why bother. What’s new is that Windows 8 offers a sleek computing experience while it answers longtime security problems, syncs to the well-loved cloud, and allows for easy sharing, among others. Some critics however find that many customers might not see the worth in shifting to the new OS, especially after they’ve grown to love Windows 7.

    Still, security features in Windows 8 may just change the mind of many. We saw the platform offer several key security improvements, which, though mostly unseen by users, can be very effective in warding off threats. Our CTO Raimund Genes also mentioned this in his 2013 predictions, although he also noted that the improved security will be enjoyed mostly by consumers, since adopting to a new operating system is something that enterprises are known to have difficulty handling.

    Read the rest of this entry »



    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice