{"id":11462,"date":"2016-03-02T09:00:27","date_gmt":"2016-03-02T14:00:27","guid":{"rendered":"https:\/\/www.kaspersky.com\/blog\/?p=11462"},"modified":"2017-09-24T08:08:38","modified_gmt":"2017-09-24T12:08:38","slug":"mobile-malware-evolution-2015","status":"publish","type":"post","link":"https:\/\/www.kaspersky.com\/blog\/mobile-malware-evolution-2015\/11462\/","title":{"rendered":"The continual evolution of mobile malware"},"content":{"rendered":"<p>Nowadays PCs are protected much better than before. The up-to-date Windows 8.1 comes with a built-in firewall and a type of anti-virus protection delivered via Defender. Browser developers continue to think about security as well: for example, Chrome tries to detect suspicious sites and warn you before opening them, and it\u2019s sandboxing system is supposed to prevent malware from going out from one tab and infecting all the others.<\/p>\n<p><a href=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/92\/2016\/03\/06022817\/mobile-malware-evolution-FB.jpg\" rel=\"attachment wp-att-11464\"><img decoding=\"async\" src=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/92\/2016\/03\/06022817\/mobile-malware-evolution-FB.jpg\" alt=\"The continual evolution of mobile malware\" width=\"1280\" height=\"1280\" class=\"aligncenter size-full wp-image-11464\"><\/a><\/p>\n<p>Of course, these levels of protection aren\u2019t perfect and in many cases they frequently fail. That\u2019s why people install complex security solutions and let those solutions protect them. The problem is that smartphones and tablets do not look like PCs \u2014 and maybe that\u2019s why only a few treat their security seriously.<\/p>\n<p>Actually, your smartphone is a computer \u2013 a rather powerful one for that matter. It is connected to your financial accounts and in addition it\u2019s almost certainly poorly protected. Unfortunately, cybercriminals know that as well. In 2015 the number of mobile Trojans of all stripes dramatically increased. Throughout the year our solutions detected and stopped 2,961,727 malicious installation packages.<\/p>\n<blockquote class=\"twitter-tweet\" data-width=\"500\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\">My risky gamble: 24 hours without a <a href=\"https:\/\/twitter.com\/hashtag\/smartphone?src=hash&amp;ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">#smartphone<\/a> <a href=\"https:\/\/t.co\/eze99as560\" target=\"_blank\" rel=\"noopener nofollow\">https:\/\/t.co\/eze99as560<\/a> <a href=\"https:\/\/twitter.com\/hashtag\/digitalamnesia?src=hash&amp;ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">#digitalamnesia<\/a> <a href=\"http:\/\/t.co\/RupoKf9LAO\" target=\"_blank\" rel=\"noopener nofollow\">pic.twitter.com\/RupoKf9LAO<\/a><\/p>\n<p>\u2014 Kaspersky (@kaspersky) <a href=\"https:\/\/twitter.com\/kaspersky\/status\/623850450085920768?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">July 22, 2015<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>In other words, we prevented Trojans from infecting mobile devices for almost <b>3 million<\/b> times. That\u2019s a lot, and those are the stats for malware detected by Kaspersky Lab alone. Just imagine how big these figures would be for the whole world! What\u2019s worse, we expect this trend to continue and to grow \u2014 even more mobile devices will be at risk in the year 2016.<\/p>\n<h3>Fake mobile banks steal money<\/h3>\n<p>In 2015 we detected 7,030 new mobile banking Trojans. This kind of malware is getting quite smart and learning new hurtful tricks. For example, certain Trojans are capable of overlaying the on-screen display of a legitimate banking app with a fake copy, created for phishing purposes. The victim sees a familiar interface, enters the credit card data and stays with card balance reset to 0.<\/p>\n<p>OpFake is one of the most notable examples of such programs as it can imitate the interface of more than 100 legitimate banking and financial apps. The <a href=\"https:\/\/www.kaspersky.com\/blog\/acecard-android-trojan\/11368\/\" target=\"_blank\" rel=\"noopener nofollow\">Acecard family<\/a> is also quite qualified: it can spoof at least 30 banking apps as well as overlay any app following the C&amp;C server commands.<\/p>\n<blockquote class=\"twitter-tweet\" data-width=\"500\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\"><a href=\"https:\/\/twitter.com\/hashtag\/Android?src=hash&amp;ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">#Android<\/a> trump card: Acecard <a href=\"https:\/\/t.co\/yHxyACMslU\" target=\"_blank\" rel=\"noopener nofollow\">https:\/\/t.co\/yHxyACMslU<\/a> <a href=\"https:\/\/twitter.com\/hashtag\/banking?src=hash&amp;ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">#banking<\/a> <a href=\"https:\/\/t.co\/DmnUAOJvSM\" target=\"_blank\" rel=\"noopener nofollow\">pic.twitter.com\/DmnUAOJvSM<\/a><\/p>\n<p>\u2014 Kaspersky (@kaspersky) <a href=\"https:\/\/twitter.com\/kaspersky\/status\/701795013223694341?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">February 22, 2016<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>Sometimes Trojans come together with official apps from your bank. For example, the <a href=\"https:\/\/securelist.com\/analysis\/quarterly-malware-reports\/71610\/it-threat-evolution-q2-2015\/\" target=\"_blank\" rel=\"noopener\">SmsThief<\/a> malware, detected in Q2 2015, was embedded in a legitimate banking app. This was done without affecting its operation, making this malware more difficult to detect. As it\u2019s clear from its name, this Trojan <a href=\"http:\/\/securitywatch.pcmag.com\/mobile-security\/326291-mobile-threat-monday-android-app-uninstaller-reads-your-texts\" target=\"_blank\" rel=\"noopener nofollow\">steals victim\u2019s\u2019 messages<\/a> and sends them to the attackers together with other information like the device model and some personal data.<\/p>\n<p>Another approach utilized by criminals is to target a broader circle of apps, not just the Internet banking applications. For example, FakeInst Trojan displays a message, presumably from Google, demanding that the user opens Google Wallet and goes through an \u2018identification\u2019 procedure, which involves entering credit card details. The reasons can be quite different including even the need to combat cybercrime. This window cannot be removed until the victim enters the credit card details and\u2026 you know what comes next.<\/p>\n<h3>Mobile Ransomware to blackmail<\/h3>\n<p>The amount of Trojan-Ransom families doubled in 2015 compared to the previous year, while the number of detected modifications increased 3.5 times. Moreover, in 2015 the amount of victims increased fivefold. It looks like those cybercriminals who were already creating Ransomware continued to do so, and their profit lures new players to the market.<\/p>\n<blockquote class=\"twitter-tweet\" data-width=\"500\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\">10 tips to protect your files from ransomware <a href=\"https:\/\/t.co\/o0IpUU9CHb\" target=\"_blank\" rel=\"noopener nofollow\">https:\/\/t.co\/o0IpUU9CHb<\/a> <a href=\"https:\/\/twitter.com\/hashtag\/iteducation?src=hash&amp;ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">#iteducation<\/a> <a href=\"https:\/\/t.co\/I47sPIiWFF\" target=\"_blank\" rel=\"noopener nofollow\">pic.twitter.com\/I47sPIiWFF<\/a><\/p>\n<p>\u2014 Kaspersky (@kaspersky) <a href=\"https:\/\/twitter.com\/kaspersky\/status\/671348678607642624?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">November 30, 2015<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>When one of these Trojans blocks a device, the user is often accused of committing some alleged misdemeanor, like failing to protect their devices. They also have to pay to unblock their gadget \u2013 the ransom ranging from $12 to $100. In such a way your child photos or sweetheart\u2019s selfies can cost you a dinner or a fashion item, and bring millions to criminals, who gather money from hundreds and thousands of victims.<\/p>\n<p>Mobile ransomware is likely to continue evolving in 2016. The popularity of these programs among attackers is growing and this leads to future expansion.<\/p>\n<h3>SMS Trojans subscribe people to unnecessary services<\/h3>\n<p>This type of malware remains a serious threat, though its share in the overall flow of mobile threats is gradually declining. In case you don\u2019t know, these programs send paid text messages from an infected device or subscribe the victims to paid services. Of course, the users stay unaware of what is going on and why the money is written off their accounts.<\/p>\n<blockquote class=\"twitter-tweet\" data-width=\"500\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\">A SMS <a href=\"https:\/\/twitter.com\/hashtag\/Trojan?src=hash&amp;ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">#Trojan<\/a> Bypasses <a href=\"https:\/\/twitter.com\/hashtag\/CAPTCHA?src=hash&amp;ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">#CAPTCHA<\/a> and Steals Money: <a href=\"https:\/\/t.co\/9fjQ0PwZuw\" target=\"_blank\" rel=\"noopener nofollow\">https:\/\/t.co\/9fjQ0PwZuw<\/a> <a href=\"http:\/\/t.co\/r5jKqQUc3y\" target=\"_blank\" rel=\"noopener nofollow\">pic.twitter.com\/r5jKqQUc3y<\/a><\/p>\n<p>\u2014 Kaspersky (@kaspersky) <a href=\"https:\/\/twitter.com\/kaspersky\/status\/578254848203837440?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">March 18, 2015<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>Podec is one of the most popular SMS Trojans among cybercriminals. We\u2019ve detected it in Q1 2015 and kept track of it\u2019s development. This malware was earning money on forced paid subscriptions, it was capable of bypassing Captcha and used a very powerful legitimate system to protect itself against analysis and detection. As you can see, it was a very capable Trojan. You can read more about it in <a href=\"https:\/\/www.kaspersky.com\/blog\/podec-vkontakte-bypasses-captcha\/7963\/\" target=\"_blank\" rel=\"noopener nofollow\">this post<\/a>.<\/p>\n<h3>Malicious apps in official stores to put off your guard<\/h3>\n<p>One of the first recommendations that every security expert gives is <a href=\"https:\/\/www.kaspersky.com\/blog\/android-maximum-security-tips\/6579\/\" target=\"_blank\" rel=\"noopener nofollow\">not to install apps from non-official stores<\/a>. The thing is that this advice doesn\u2019t provide you with 100% protection \u2014 not at all, in fact. Despite all Google\u2019s efforts to protect it, <a href=\"https:\/\/securelist.com\/blog\/incidents\/72458\/stealing-to-the-sound-of-music\/\" target=\"_blank\" rel=\"noopener\">malware is found<\/a> upside down and sideways its Play Store.<\/p>\n<p>Moreover, last year the Apple\u2019s secure garden was also compromised, all thanks to a smart deceit \u2014 no advance technology was needed. As a result, dozens of applications were infected, including very popular ones. And that <a href=\"https:\/\/threatpost.com\/updated-xcodeghost-adds-ios9-support\/115244\/\" target=\"_blank\" rel=\"noopener nofollow\">happened several times<\/a>.<\/p>\n<blockquote class=\"twitter-tweet\" data-width=\"500\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\">Allegedly 40 apps on App Store are infected <a href=\"https:\/\/t.co\/UTSGwvWccj\" target=\"_blank\" rel=\"noopener nofollow\">https:\/\/t.co\/UTSGwvWccj<\/a> <a href=\"https:\/\/twitter.com\/hashtag\/apple?src=hash&amp;ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">#apple<\/a> <a href=\"http:\/\/t.co\/moLosQwB9V\" target=\"_blank\" rel=\"noopener nofollow\">pic.twitter.com\/moLosQwB9V<\/a><\/p>\n<p>\u2014 Kaspersky (@kaspersky) <a href=\"https:\/\/twitter.com\/kaspersky\/status\/646689631333949440?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">September 23, 2015<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<h3>What to expect in 2016?<\/h3>\n<p>As you can see, criminals are up-and-doing. You\u2019ll find even more details about the mobile malware evolution in 2015 in our full report, published on <a href=\"https:\/\/securelist.com\/analysis\/kaspersky-security-bulletin\/73839\/mobile-malware-evolution-2015\/\" target=\"_blank\" rel=\"noopener\">Securelist<\/a>.<\/p>\n<blockquote class=\"twitter-tweet\" data-width=\"500\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\">How did <a href=\"https:\/\/twitter.com\/hashtag\/mobile?src=hash&amp;ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">#mobile<\/a> malware evolve over the last year? <a href=\"https:\/\/t.co\/NOXHULkmSR\" target=\"_blank\" rel=\"noopener nofollow\">https:\/\/t.co\/NOXHULkmSR<\/a> <a href=\"https:\/\/twitter.com\/hashtag\/MWC2016?src=hash&amp;ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">#MWC2016<\/a> <a href=\"https:\/\/twitter.com\/hashtag\/infosec?src=hash&amp;ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">#infosec<\/a> <a href=\"https:\/\/t.co\/ZXZLupIaCC\" target=\"_blank\" rel=\"noopener nofollow\">pic.twitter.com\/ZXZLupIaCC<\/a><\/p>\n<p>\u2014 Securelist (@Securelist) <a href=\"https:\/\/twitter.com\/Securelist\/status\/702188270055268352?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">February 23, 2016<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>As the functionality of mobile devices and mobile services grows, cybercriminals will continue to profit from mobile malware. Their appetites will only grow. As their main aim is to make money, they will work hard and find new ways to steal from other people.<\/p>\n<p>That\u2019s why using an insecure mobile device is extremely risky and the situation is not going to turn for better in the nearest future. So we highly recommend you install a <a href=\"http:\/\/app.appsflyer.com\/com.kms.free?pid=smm&amp;c=kd-com\" target=\"_blank\" rel=\"noopener nofollow\">reliable security solution<\/a>, especially if you use your gadgets for payments.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>A look at the evolution of mobile threats in 2015 and some predictions for 2016<\/p>\n","protected":false},"author":522,"featured_media":11463,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[5,2683],"tags":[734,36,584,76,420,97,45,723],"class_list":{"0":"post-11462","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-news","8":"category-threats","9":"tag-banking-trojans","10":"tag-malware-2","11":"tag-mobile","12":"tag-phishing","13":"tag-ransomware","14":"tag-security-2","15":"tag-smartphones","16":"tag-trojans"},"hreflang":[{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/mobile-malware-evolution-2015\/11462\/"},{"hreflang":"en-us","url":"https:\/\/usa.kaspersky.com\/blog\/mobile-malware-evolution-2015\/6790\/"},{"hreflang":"en-gb","url":"https:\/\/www.kaspersky.co.uk\/blog\/mobile-malware-evolution-2015\/6850\/"},{"hreflang":"es-mx","url":"https:\/\/latam.kaspersky.com\/blog\/mobile-malware-evolution-2015\/6762\/"},{"hreflang":"es","url":"https:\/\/www.kaspersky.es\/blog\/mobile-malware-evolution-2015\/7854\/"},{"hreflang":"it","url":"https:\/\/www.kaspersky.it\/blog\/mobile-malware-evolution-2015\/7629\/"},{"hreflang":"ru","url":"https:\/\/www.kaspersky.ru\/blog\/mobile-malware-evolution-2015\/11076\/"},{"hreflang":"pt-br","url":"https:\/\/www.kaspersky.com.br\/blog\/mobile-malware-evolution-2015\/6140\/"},{"hreflang":"de","url":"https:\/\/www.kaspersky.de\/blog\/mobile-malware-evolution-2015\/7155\/"},{"hreflang":"ja","url":"https:\/\/blog.kaspersky.co.jp\/mobile-malware-evolution-2015\/10604\/"},{"hreflang":"ru-kz","url":"https:\/\/blog.kaspersky.kz\/mobile-malware-evolution-2015\/11076\/"},{"hreflang":"en-au","url":"https:\/\/www.kaspersky.com.au\/blog\/mobile-malware-evolution-2015\/11462\/"},{"hreflang":"en-za","url":"https:\/\/www.kaspersky.co.za\/blog\/mobile-malware-evolution-2015\/11462\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/www.kaspersky.com\/blog\/tag\/trojans\/","name":"trojans"},"_links":{"self":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/11462","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/users\/522"}],"replies":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/comments?post=11462"}],"version-history":[{"count":1,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/11462\/revisions"}],"predecessor-version":[{"id":18837,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/11462\/revisions\/18837"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/media\/11463"}],"wp:attachment":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/media?parent=11462"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/categories?post=11462"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/tags?post=11462"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}