The third quarter of 2013 was a turning point for malware writers specializing in mobile platforms.
- In June experts discovered the new Svpeng Trojan, capable of gaining access to a victim’s bank account directly from his or her smartphone. This is a much simpler approach than the conventional smartphone-plus-computer route usually used by this type of malware.
- In September we detected the first cases of third-party botnets being used to distribute Trojans. This significantly increases the area of infection and was key to the spread of Obad, the most sophisticated Android Trojan identified so far.
Unlike other malware of this type (ZitMo, SitMo), Spveng allows perpetrators to steal money after infecting just one device – the victim’s smartphone. The malware checks the account balance via a mobile banking service, receives a reply offering to top up the victim’s mobile account, and transfers money from the user’s bank account to the cybercriminal’s mobile account. The cybercriminals can send this money to their digital wallets and cash it in. This Trojan can easily cost its victims thousands of dollars.
According to Kaspersky Lab, 99.9% of all attacks on mobile platforms target Android OS. Viktor Chebyshev, virus analyst at Kaspersky Lab, commented: “The majority of Android malware is designed to steal money or, as a secondary aim, steal personal data. All the familiar infection, distribution and cover-up mechanisms are swiftly migrating from PCs. To date, cybercriminals are doing all they can to steal as much as possible. Virus writers are likely to keep increasing the number of botnets, infecting more and more Android users.”
While cybercriminals working with mobile platforms are developing ever more sophisticated tricks, web-based attacks are still relying on the sheer volume of incidents. Kaspersky products detected a total of 500,284,715 attacks in Q3 2013. Ten countries proved to be home to 81.5% of web resources used to distribute malware, with the USA, Russia and Germany leading the way.
Targeted Attacks/APT in Q3 2013
In September Kaspersky Lab discovered Icefog, a small yet energetic APT group that focuses on targets in South Korea and Japan and hits the supply chains of Western companies. The ‘hit and run’ nature of the Icefog attacks demonstrate a new emerging trend: smaller gangs that go after specific information with surgical precision.
Also in Q3 Kaspersky Lab’s security research analyzed an active cyber-espionage campaign primarily targeting South Korean think tanks. This campaign, named Kimsuky, is limited and highly targeted. According to technical analysis, the attackers were mostly interested in organizations based in South Korea as well as two groups in China. Clues found by Kaspersky Lab experts suggest that the attackers are North Korean.
Find out more about the developments in malware in Q3 2013 in the full report, available at securelist.com.