MOBILE MALWARE REPORT



Similar documents
G DATA MOBILE MALWARE REPORT THREAT REPORT: Q1/2015

G DATA MOBILE MALWARE REPORT

G Data Mobile MalwareReport. Half-Year Report July December G Data SecurityLabs

The Increasing Threat of Malware for Android Devices. 6 Ways Hackers Are Stealing Your Private Data and How to Stop Them

WHITE PAPER: Cyber Crime and the Critical Need for Endpoint Security

Comodo Mobile Security for Android Software Version 3.0

SNOOPWALL FLASHLIGHT APPS THREAT ASSESSMENT REPORT

How we keep harmful apps out of Google Play and keep your Android device safe

Malware & Botnets. Botnets

Corporate Account Takeover & Information Security Awareness. Customer Training

In 2015, just under half (43%) of the world s population has an Internet connection: 3.2 billion people, compared to 2.9 billion in July 2014.

Security+ Guide to Network Security Fundamentals, Third Edition. Chapter 2 Systems Threats and Risks

10 Quick Tips to Mobile Security

AV-TEST Examines 22 Antivirus Apps for Android Smartphones and Tablets

When you listen to the news, you hear about many different forms of computer infection(s). The most common are:

BE SAFE ONLINE: Lesson Plan

Endpoint Security and the Case For Automated Sandboxing

Five Trends to Track in E-Commerce Fraud

Secure Your Mobile Workplace

ITSC Training Courses Student IT Competence Programme SIIS1 Information Security

TRAINING FOR AMERICAN MOMENTUM BANK CLIENTS. Corporate Account Takeover & Information Security Awareness

Contact details For contacting ENISA or for general enquiries on information security awareness matters, please use the following details:

Understanding Computer Viruses: What They Can Do, Why People Write Them and How to Defend Against Them

Perception and knowledge of IT threats: the consumer s point of view

Malware Trend Report, Q April May June

Cyber Security in Taiwan's Government Institutions: From APT To. Investigation Policies

The information contained in this session may contain privileged and confidential information. This presentation is for information purposes only.

Deploy secure, corporate access for mobile device users with the Junos Pulse Mobile Security Suite

AVOIDING ONLINE THREATS CYBER SECURITY MYTHS, FACTS, TIPS. ftrsecure.com

Guideline on Safe BYOD Management

What you need to know to keep your computer safe on the Internet

Mobile Device Management

Running Head: AWARENESS OF BYOD SECURITY CONCERNS 1. Awareness of BYOD Security Concerns. Benjamin Tillett-Wakeley. East Carolina University

IT TRENDS AND FUTURE CONSIDERATIONS. Paul Rainbow CPA, CISA, CIA, CISSP, CTGA

2012 NORTON CYBERCRIME REPORT

Online Security Awareness - UAE Exchange - Foreign Exchange Send Money UAE Exchange

F-Secure Anti-Virus for Mac 2015

Protecting against Mobile Attacks

Ibrahim Yusuf Presales Engineer at Sophos Smartphones and BYOD: what are the risks and how do you manage them?

F-Secure Mobile Security. Android

Lecture Embedded System Security A. R. Darmstadt, Introduction Mobile Security

Almost 400 million people 1 fall victim to cybercrime every year.

Reducing the cost and complexity of endpoint management

Tutorial on Smartphone Security

Mobile App Reputation

10 best practice suggestions for common smartphone threats

CYBERCRIMINAL IN BRAZIL SHARES MOBILE CREDIT CARD STORE APP

Kaspersky Security 10 for Mobile Implementation Guide

Hesperbot. Analysts at IKARUS Security Software GmbH successfully removed a self-locking Android Malware from an infected smartphone

Simplifying the Challenges of Mobile Device Security Three Steps to Reduce Mobile Device Security Risks

Types of cyber-attacks. And how to prevent them

Simplifying the Challenges of Mobile Device Security

Guideline for Prevention of Spyware and other Potentially Unwanted Software

Cyber Security. An Executive Imperative for Business Owners. 77 Westport Plaza, St. Louis, MO p f

Information Security Awareness

Joint Universities Computer Centre Limited ( JUCC ) Information Security Awareness Training - Session One

Cyber Essentials Scheme

Securing mobile devices in the business environment

The dramatic growth in mobile device malware. continues to escalate at an ever-accelerating. pace. These threats continue to become more

Protecting your Identity, Computer and Property

Monitoring mobile communication network, how does it work? How to prevent such thing about that?

Don t Fall Victim to Cybercrime:

Smartphone Hacks and Attacks: A Demonstration of Current Threats to Mobile Devices

The McAfee SECURE TM Standard

Webroot Security Intelligence for Mobile Suite. Cloud-based security solutions for mobile management providers

ENTERPRISE MOBILE THREATS. 2014: A Year In Review. I. Introduction. Methodology. Key Highlights ENTERPRISE

COMPUTER-INTERNET SECURITY. How am I vulnerable?

It s 2 o clock: Who Has Your Data? Josh Krueger Chief Technology Officer Integrity Technology Solutions

The Hidden Dangers of Public WiFi

Kaspersky Fraud Prevention: a Comprehensive Protection Solution for Online and Mobile Banking

CONSUMER SECURITY RISKS SURVEY 2014: MULTI-DEVICE THREATS IN A MULTI-DEVICE WORLD. July, 2014

Transcription:

TRUST IN MOBILE MALWARE REPORT THREAT REPORT: H2/2014

CONTENTS At a Glance 03-03 Forecasts and trends 04-04 Current situation: 4.500 new Android malware instances every day 05-05 Third-party App-Stores 06-07 Yet another smartphone with malware in the firmware 08-08 2

TRUST IN AT A GLANCE MARKET SHARE FOR ANDROID- SMARTPHONES AND -TABLETS 1.301 billion smartphones were purchased globally in 2014 according to market analysts 702 million in the second half of the year alone. 1 During this period, the smartphone market share for Android stood at 81 percent on average. 2 In terms of processor, 569 million of the smartphones purchased had an Android operating system installed, as did a total of 91.6 million Android tablets purchased. 3 MALWARE NUMBERS FOR ANDROID DEVICES Definitive malware numbers for Android devices: G DATA security experts identified and analysed 796,993 new malware samples in the second half of the year. This represents an increase of 6.1 percent (751,136) compared to the first half of the year. In total, over 1.5 million new Android malware programs were investigated by G DATA experts in 2014. This represents an increase in new Android malware instances of almost 30 percent compared to 2013 as a whole. THIRD PARTY MARKETS FOR ANDROID APPS Third-party markets for Android apps: European and American providers come out better compared to markets in China or Russia. Up to a quarter of some app markets in China are infected with malware and PUPs (Potentially Unwanted Programs). PRE-INSTALLED SPYWARE G DATA security experts have again discovered a smartphone from a renowned provider with a permanently installed digital spy on it. The malware hides in a fake app and sends data to third parties. 1 http://www.idc.com/getdoc.jsp?containerid=prus25407215 2 http://blogs.strategyanalytics.com/wss/post/2015/01/29/android-shipped-1-billion-smartphones-worldwide-in-2014.aspx 3 http://www.strategyanalytics.com/default.aspx?mod=pressreleaseviewer&a0=5617, http://www.strategyanalytics.com/default.aspx?mod=pressreleaseviewer&a0=5640 3

FORECASTS AND TRENDS ABSOLUTE NUMBER OF NEW MALWARE INSTANCES EXPLODES G DATA security experts expect a rapid increase in numbers of new malware instances in 2015. A figure of over 2 million new Android malware strains is realistic. Users are ever more frequently using popular Android devices for everyday Internet usage when banking or shopping online. Cyber criminals make strenuous efforts to get malware into circulation here. ADVERTISE, SPY, MANIPULATE: ADWARE BECOMING MORE REFINED Adware is annoying for many users. This category is becoming more and more refined. Current cases on computers indicate that SSL encryption is being rendered ineffective by adware. Cyber criminals can exploit this to spy on sensitive data, such as that used for online banking or on social networks. The security experts expect that this trend will spread to mobile devices as well. USERS INCREASINGLY RELYING ON ENCRYPTION Awareness of security and privacy has grown following the revelations regarding spying and cyber crime. Encryption is increasingly becoming the standard. Users can easily secure and encrypt their data, especially on Android devices. Android already offers a function in the settings for securing all the data on the internal and external memories against access. CROSS-PLATFORM MALWARE: THE KEY TO THE COMPANY NETWORK In 2015, multi-target malware (malware that can be used both on PCs and on mobile devices) is being used more frequently by cyber criminals to gain access to company networks. Cross-platform infections will increase significantly, in the opinion of G DATA. "QUANTIFIED SELF" DATA MUCH SOUGHT-AFTER BY CRIMINALS Fitness apps and accessories are popular on smartphones. Personal data ("quantified self") is being recorded and analysed more and more often. G DATA security experts are concerned that data theft in this area will increase. SPECIAL MALWARE TARGETS BANK DATA 2015 will be characterised by special malware that targets bank and financial data. In 2014, around a third of all bank customers used their mobile device for online banking transactions and the trend is increasing. 4 Cyber criminals are relying on fake or manipulated banking apps that specifically target this development. 4 http://www.statista.com/statistics/380803/online-banking-penetration-in-the-eu/ 4

TRUST IN CURRENT SITUATION: 4,500 NEW ANDROID MALWARE INSTANCES EVERY DAY During the second half of 2014, G DATA security experts recorded 796,993 new malware types. On average, the experts discovered almost 4,500 new Android malware files every day in the second half of the year. This represents an increase of 6.1 percent (751,136) compared to the first half of the year. Consequently the number of new malware program types has risen by 18 percent compared to the second half of 2013 (672,940). In 2014 as a whole, the security experts identified 1,584,129 new Android malware samples. This represents an increase in new mobile malware instances of almost 33 percent compared to 2013 (1,192,035). 5

THIRD-PARTY APP STORES In the second quarter of 2014, the Android operating system reached a global market share on smartphones of almost 85 percent. 5 Malware programmers try to exploit this trend and specifically develop malware for the Google operating system. The prospect of high financial profits for comparatively little outlay is highest here. Unlike ios or Windows Phone, Android is an open source operating system. Because of this freedom, numerous app stores run by third-party providers have arisen alongside the Google Play store. Google automatically scans all of the apps used in its own store for suspicious content. Such analysis often does not take place in alternative app stores. Many third-party providers are very imprecise, or do not even bother, when it comes to checking whether applications are infected with malware. To be able to use an alternative app market place, users must allow the installation of applications from sources other than the Play store in the Android device's settings. This disables the central protective function for Android and enables malware to find its way onto the mobile device. Malware authors are then able to lure Android users into their trap. Frequently, cheap versions of apps that are actually expensive, or apparently important system updates are used to try to induce smartphone owners to disable the protective function on their device. Users who still want to use a thirdparty provider's store should look into its trustworthiness beforehand. 5 http://www.idc.com/getdoc.jsp?containerid=prus25037214 6

TRUST IN CHINESE APP MARKETS COMMONLY DISTRIBUTE MALWARE G DATA security experts have found malware or potentially unwanted programs (PUPs) such as adware or riskware in just 3.4 percent of applications offered in American and European app stores. In many app stores in the Chinese market place, over 25 percent of applications are infected 13 percent alone with malware. 44 percent of the other malware falls into the PUP category. Adware and riskware are examples of PUPs. Adware means programs that have advertising content and use dishonest methods to display this to the user. These apps are not necessarily malicious, but they are still a nuisance for the user. Riskware, on the other hand, is potentially dangerous software. Installing such apps can lead to damage to the device. Apps in this category may even be legitimate apps that have vulnerabilities or have been compromised. SECURITY IN APP STORES NEEDS TO BE MORE IN FOCUS Few app markets run by third-party providers are currently checked with antivirus scanners. The available statistics are based on known malware. The security experts believe that the actual number is higher. To guarantee security in these markets as well, they need to be continually monitored and analysed. WHICH MALWARE IS DOMINANT IN APP MARKETS? Over half (56 percent) of the malware identified consists of Trojans or other malware. Malware here is an umbrella term for various types of malicious software. These include exploits, Trojans and backdoors. 7

YET ANOTHER SMARTPHONE WITH MALWARE IN THE FIRMWARE In spring 2014, G DATA security experts discovered pre-installed malware on a smartphone for the first time. The device, purchased under the name Star N9500 6, had a comprehensive spyware program built in at the factory itself. Now the experts have come across another device with firmware infected with malware. Some versions of the Xaomi Mi4 came with a pre-installed Trojan. The devices concerned were supplied with German menus and could be purchased in certain online shops. G DATA security experts therefore suspect that an intermediate dealer is behind this scam, installing the manipulated firmware on the devices. MALWARE HIDING IN MANIPULATED TWITTER APP The malware was hiding in a manipulated Twitter app. Unlike the original app, the fake version demanded more rights. Besides accessing the call list, the app tries to track running programs and install and remove applications independently. This means that criminals can access personal data without being noticed, eavesdrop on conversations, read SMS and emails, or remotely control the camera and microphone. The malware can also subsequently install other apps without being noticed. Furthermore the malware sends information about the smartphone, the operating system being used, the language version and location data to anonymous servers. This means that the options for attackers are unlimited. SENSITIVE USER DATA SENT TO ANONYMOUS SERVERS In their analysis, the security experts were able to determine that the data was being sent to Asia. Because it is integrated into the device's firmware, the malware has extensive permissions and can install other applications without the user noticing. The Trojan uninstalls unwelcome apps if necessary. It is not possible to remove the manipulated app and the spyware since they are integrated into the firmware. PREDICTION COMES TRUE When they discovered the Star N9500, G DATA security experts predicted that the smartphone with pre-installed spyware on it would not remain an isolated case. The Xaomi device has reinforced this belief. But the case is not yet closed. The analysts are investigating yet more devices that have been supplied with similar firmware. G DATA INTERNET SECURITY FOR ANDROID detects the manipulated Twitter app. 6 https://blog.gdatasoftware.com/blog/article/android-smartphone-shipped-with-spyware.html Copyright 2015 G DATA Software AG. All rights reserved. This document must not be copied or reproduced, in full or in part, without written permission from G DATA Software AG Germany. Microsoft, Windows, Outlook and Exchange Server are registered trademarks of The Microsoft Corporation. All other trademarks and brand names are the property of their respective owners and must therefore be treated as such. TRUST IN 8

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information