• Trend Micro
  • About TrendLabs Security Intelligence Blog
Search:
  • Home
  • Categories
    • Ransomware
    • Vulnerabilities
    • Exploits
    • Targeted Attacks
    • Deep Web
    • Mobile
    • Internet of Things
    • Malware
    • Bad Sites
    • Spam
    • Botnets
    • Social
    • Open source
Home   »   Malware   »   Mobile Malware and High Risk Apps Reach 2M Mark, Go for “Firsts”

Mobile Malware and High Risk Apps Reach 2M Mark, Go for “Firsts”

  • Posted on:March 26, 2014 at 12:41 pm
  • Posted in:Malware, Mobile
  • Author:
    Abigail Pichel (Technical Communications)
0

Just six months after mobile malware and high risk apps reached the one million mark, we have learned that that number has now doubled.


Figure 1. The number of malicious and high risk apps reaches the 2M mark

This milestone comes at the heels of the “tenth anniversary” of mobile malware. 2004 saw the first mobile malware—a proof-of-concept (PoC) malware named SYMBOS_CABIR—which infected Nokia phones. But it wasn’t until during the start of the smartphone era that mobile malware exploded onto the threat landscape. From relatively harmless pop-up messages, mobile malware has since evolved to include premium service abuse, information theft, backdoors, and even rootkits.

And the threats continue to evolve. After hitting the 1M mark, we are now seeing mobile malware veer into pioneer territory. These malware could very well be the bellwether for the kinds of malware we’ll be seeing in the following months.

Anonymity with TORBOT

The Onion Router (more commonly known as TOR) is known as one way for users to become “anonymous” online. It’s also known for its connection to underground markets. Cybercriminals are now using TOR to hide their malicious mobile routines. ANDROIDOS_TORBOT.A is the first mobile malware to use TOR to connect to a remote server. Once connected, it performs routines like make phone calls, intercept and read text messages, and send text messages to a specific number. The use of the TOR network makes it more difficult to track down the activity and trace the C&C server.

Proliferation with DENDROID

We’ve often discussed how the number of mobile malware keeps increasing at a rapid pace. The creation of a particular remote access Trojan (RAT) mobile malware may soon become a significant contributor to that number.

ANDROIDOS_DENDROID.HBT can take screenshots, photos, and video and audio recordings. It can also record calls. But what makes DENDROID notable is that it is also peddled as a crimeware tool. DENDROID is being sold in underground markets for US$300 with the promise of easily “Trojanizing” legitimate apps. DENDROID provides an APK binder tool, an APK client, and a background control panel for would-be buyers to repack created apps. Perhaps making it more alarming is that DENDROID was actually found in the Google Play Store.; the malware was able to bypass Google Bouncer and avoid detection.

Mobile Devices Are Now Miners

Cybercriminals have also branched out to making miners out of mobile devices. ANDROIDOS_KAGECOIN.HBT has the ability to mine cryptocurrencies like Bitcoin, Dogecoin, and Litecoin. The mining only occurs once the mobile device is charging so the excess usage will not be noticeable. However subtle the routine might try to be, the routine takes a definite toll on the mobile device. Mining for digital currencies requires a lot of processing power that most phones do not have so users will end up with phones with sluggish performance.

The New Frontier for Mobile Threats

One thing to note is that the malware discussed in this entry involve topics that are pretty popular within the tech landscape. TOR continues to gain popularity and awareness due to concerns over online privacy. Cryptocurrencies, like Bitcoin and Dogecoin, are fast becoming popular with the public as their monetary values continue to rise (and fall). This only shows that cybercriminals are willing to tap into anything remotely feasible in order to gain new victims.

With mobile threats reaching the 2 million mark , it’s important that users take the time to secure their devices. Scrutinizing apps, avoiding unknown URLs, and deleting suspicious messages and emails can contribute to a device’s security. Paying close attention to reported software vulnerabilities and flaws—such as the ones involving custom permissions and a system crash vulnerability—is also needed as cybercriminals are wont to exploit these. The Trend Micro Mobile Threat Hub provides helpful information about mobile threats and other security tips for smartphones, tablets and other gadgets.

Learn how to protect Enterprises, Small Businesses, and Home Users from ransomware:
ENTERPRISE »
SMALL BUSINESS»
HOME»
Tags: androidAndroid malwareDogecoinMobileTor

Security Predictions for 2020

  • Cybersecurity in 2020 will be viewed through many lenses — from differing attacker motivations and cybercriminal arsenal to technological developments and global threat intelligence — only so defenders can keep up with the broad range of threats.
    Read our security predictions for 2020.

Business Process Compromise

  • Attackers are starting to invest in long-term operations that target specific processes enterprises rely on. They scout for vulnerable practices, susceptible systems and operational loopholes that they can leverage or abuse. To learn more, read our Security 101: Business Process Compromise.

Recent Posts

  • Our New Blog
  • How Unsecure gRPC Implementations Can Compromise APIs, Applications
  • XCSSET Mac Malware: Infects Xcode Projects, Performs UXSS Attack on Safari, Other Browsers, Leverages Zero-day Exploits
  • August Patch Tuesday Fixes Critical IE, Important Windows Vulnerabilities Exploited in the Wild
  • Water Nue Phishing Campaign Targets C-Suite’s Office 365 Accounts

Popular Posts

Sorry. No data so far.

Stay Updated

  • Home and Home Office
  • |
  • For Business
  • |
  • Security Intelligence
  • |
  • About Trend Micro
  • Asia Pacific Region (APAC): Australia / New Zealand, 中国, 日本, 대한민국, 台灣
  • Latin America Region (LAR): Brasil, México
  • North America Region (NABU): United States, Canada
  • Europe, Middle East, & Africa Region (EMEA): France, Deutschland / Österreich / Schweiz, Italia, Россия, España, United Kingdom / Ireland
  • Privacy Statement
  • Legal Policies
  • Copyright © Trend Micro Incorporated. All rights reserved.