Not long ago, we discussed threats to mobile
devices and networks. Brian Prince, contributing writer of Dark
Reading, has reviewed the five most dangerous, sophisticated, and
prolific pieces of mobile malware that have appeared thus far in 2012.
1. FakeInst SMS Trojan and its variants
"FakeInst
disguises itself as popular apps like Instagram, Opera Browser, [and]
Skype, and sends SMS messages to premium-rate numbers," says Jerry Yang,
vice president engineering at mobile security firm TrustGo.
"It
is selected because it has been widely infected. There are many
variants in the FakeInst family, such as RuWapFraud, Depositmobi,
Opfake, and JiFake," Yang says. "Sixty percent of total Android malware
we found belong to the FakeInst family. Geographically, it mainly exists
in Russia. There are also samples found from all over the world."
2. SMSZombie
Also
on the list is SMSZombie, which was recently spotted in third-party
markets in China and has infected more than 500,000 devices in the past
few weeks. The malware works by sending SMS messages to China Mobile's
online payment system and "top-up designated accounts," Yang explains.
Once
installed, it obtains Device Admin privileges and is very difficult to
remove, prompting TrustGo to publish details of a manual removal process
on its blog.
"We expect more Android malware will adopt similar techniques to protect themselves," he says.
3. NotCompatible
Discovered
by Lookout Mobile Security in April, NotCompatible is the first piece
of mobile malware that used websites as a targeted distribution method,
notes Derek Halliday, lead security product manager at Lookout.
"NotCompatible
is automatically downloaded when an Android browser visits an infected
website," he says. "The downloaded application is disguised as a
security update in an attempt to convince the user to install it."
If
it successfully installed, NotCompatible can potentially be used to
gain access to private networks by turning an infected Android device
into a network proxy, and can be used to gain access to protected
information or systems, Halliday says.
4. Android.Bmaster
Bundled
in with legitimate applications, Android.Bmaster was spotted on a
third-party Android app market earlier this year. The majority of the
infected victims were Chinese users. Once on the device, the malware
swiped sensitive data from the phone, including the Cell ID, location
area code, and IMEI (International Mobile Equipment Identity) number,
and caused users to send SMS messages to premium numbers.
"Analysis
of Android.Bmaster's command-and-control servers indicate the total
number of infected devices connected to the botnet over its entire life
span numbered in the hundreds of thousands," says Kevin Haley, director
of Symantec Security Response. "The number of infected devices able to
generate revenue on any given day ranged from 10,000 to 30,000, enough
to potentially net the botmaster millions of dollars annually if the
infection rates are sustained."
5. LuckyCat
LuckyCat
was the name given to a campaign of targeted attacks that struck the
aerospace and energy industries in Japan as well as Tibetan activists
and others. To broaden their attack, the perpetrators have brought the
attack to the Android platform.
Once
installed, the application displays a black icon with the text
"testService," and opens a backdoor on the device to steal information.
With
the direction mobile devices are going, this is one of the largest
issues facing both private and corporate consumers in the world today.
Cited:
Prince, Brian. (2012). Dark Reading: Top 5 Deadliest Mobile Malware Threats of 2012. Retrieved at: http://www.darkreading.com/
No comments:
Post a Comment