The continual evolution of mobile malware

A look at the evolution of mobile threats in 2015 and some predictions for 2016

The continual evolution of mobile malware

Nowadays PCs are protected much better than before. The up-to-date Windows 8.1 comes with a built-in firewall and a type of anti-virus protection delivered via Defender. Browser developers continue to think about security as well: for example, Chrome tries to detect suspicious sites and warn you before opening them, and it’s sandboxing system is supposed to prevent malware from going out from one tab and infecting all the others.

The continual evolution of mobile malware

Of course, these levels of protection aren’t perfect and in many cases they frequently fail. That’s why people install complex security solutions and let those solutions protect them. The problem is that smartphones and tablets do not look like PCs — and maybe that’s why only a few treat their security seriously.

Actually, your smartphone is a computer – a rather powerful one for that matter. It is connected to your financial accounts and in addition it’s almost certainly poorly protected. Unfortunately, cybercriminals know that as well. In 2015 the number of mobile Trojans of all stripes dramatically increased. Throughout the year our solutions detected and stopped 2,961,727 malicious installation packages.

In other words, we prevented Trojans from infecting mobile devices for almost 3 million times. That’s a lot, and those are the stats for malware detected by Kaspersky Lab alone. Just imagine how big these figures would be for the whole world! What’s worse, we expect this trend to continue and to grow — even more mobile devices will be at risk in the year 2016.

Fake mobile banks steal money

In 2015 we detected 7,030 new mobile banking Trojans. This kind of malware is getting quite smart and learning new hurtful tricks. For example, certain Trojans are capable of overlaying the on-screen display of a legitimate banking app with a fake copy, created for phishing purposes. The victim sees a familiar interface, enters the credit card data and stays with card balance reset to 0.

OpFake is one of the most notable examples of such programs as it can imitate the interface of more than 100 legitimate banking and financial apps. The Acecard family is also quite qualified: it can spoof at least 30 banking apps as well as overlay any app following the C&C server commands.

Sometimes Trojans come together with official apps from your bank. For example, the SmsThief malware, detected in Q2 2015, was embedded in a legitimate banking app. This was done without affecting its operation, making this malware more difficult to detect. As it’s clear from its name, this Trojan steals victim’s’ messages and sends them to the attackers together with other information like the device model and some personal data.

Another approach utilized by criminals is to target a broader circle of apps, not just the Internet banking applications. For example, FakeInst Trojan displays a message, presumably from Google, demanding that the user opens Google Wallet and goes through an ‘identification’ procedure, which involves entering credit card details. The reasons can be quite different including even the need to combat cybercrime. This window cannot be removed until the victim enters the credit card details and… you know what comes next.

Mobile Ransomware to blackmail

The amount of Trojan-Ransom families doubled in 2015 compared to the previous year, while the number of detected modifications increased 3.5 times. Moreover, in 2015 the amount of victims increased fivefold. It looks like those cybercriminals who were already creating Ransomware continued to do so, and their profit lures new players to the market.

When one of these Trojans blocks a device, the user is often accused of committing some alleged misdemeanor, like failing to protect their devices. They also have to pay to unblock their gadget – the ransom ranging from $12 to $100. In such a way your child photos or sweetheart’s selfies can cost you a dinner or a fashion item, and bring millions to criminals, who gather money from hundreds and thousands of victims.

Mobile ransomware is likely to continue evolving in 2016. The popularity of these programs among attackers is growing and this leads to future expansion.

SMS Trojans subscribe people to unnecessary services

This type of malware remains a serious threat, though its share in the overall flow of mobile threats is gradually declining. In case you don’t know, these programs send paid text messages from an infected device or subscribe the victims to paid services. Of course, the users stay unaware of what is going on and why the money is written off their accounts.

Podec is one of the most popular SMS Trojans among cybercriminals. We’ve detected it in Q1 2015 and kept track of it’s development. This malware was earning money on forced paid subscriptions, it was capable of bypassing Captcha and used a very powerful legitimate system to protect itself against analysis and detection. As you can see, it was a very capable Trojan. You can read more about it in this post.

Malicious apps in official stores to put off your guard

One of the first recommendations that every security expert gives is not to install apps from non-official stores. The thing is that this advice doesn’t provide you with 100% protection — not at all, in fact. Despite all Google’s efforts to protect it, malware is found upside down and sideways its Play Store.

Moreover, last year the Apple’s secure garden was also compromised, all thanks to a smart deceit — no advance technology was needed. As a result, dozens of applications were infected, including very popular ones. And that happened several times.

What to expect in 2016?

As you can see, criminals are up-and-doing. You’ll find even more details about the mobile malware evolution in 2015 in our full report, published on Securelist.

As the functionality of mobile devices and mobile services grows, cybercriminals will continue to profit from mobile malware. Their appetites will only grow. As their main aim is to make money, they will work hard and find new ways to steal from other people.

That’s why using an insecure mobile device is extremely risky and the situation is not going to turn for better in the nearest future. So we highly recommend you install a reliable security solution, especially if you use your gadgets for payments.