Web. Paul Pajares and Max Goncharov. Connection. Edition. ios platform are also at risk, as. numbers via browser-based social.



Similar documents
A number of factors contribute to the diminished regard for security:

Correlation and Phishing

43% Figure 1: Targeted Attack Campaign Diagram

Everyone s online, but not everyone s secure. It s up to you to make sure that your family is.

When attackers have reached this stage, it is not a big issue for them to transfer data out. Spencer Hsieh Trend Micro threat researcher

This document has been provided by the International Center for Not-for-Profit Law (ICNL).

The Mobile Cybercriminal Underground Market in China

As threat actors target various types of networks, companies with improperly configured network infrastructures risk the following repercussions:

DIGITAL LIFE E-GUIDE. Keeping Your Cloud Data in Check

How Do Threat Actors Move Deeper Into Your Network?

Cloud Security Primer MALICIOUS NETWORK COMMUNICATIONS: WHAT ARE YOU OVERLOOKING?

Trend Micro Incorporated Research Paper Adding Android and Mac OS X Malware to the APT Toolbox

Latest Business Compromise Malware Found: Olympic Vision

THE SOUTH KOREAN FAKE BANKING APP SCAM

The Dark Side of Trusting Web Searches From Blackhat SEO to System Infection

FastPOS: Quick and Easy Credit Card Theft

Control Traffic from Grey Routes and Boost Enterprise Messaging Revenue

2016 Trends in Cybersecurity: A Quick Guide to the Most Important Insights in Security

Network Detection Evasion Methods

Security Threats to Business, the Digital Lifestyle, and the Cloud. Trend Micro Predictions for 2013 and Beyond

Addressing Big Data Security Challenges: The Right Tools for Smart Protection

Modern Cyber Threats. how yesterday s mind set gets in the way of securing tomorrow s critical infrastructure. Axel Wirth

How Attackers are Targeting Your Mobile Devices. Wade Williamson

Big Data in Action: Behind the Scenes at Symantec with the World s Largest Threat Intelligence Data

A Trend Micro Research Paper Ice 419 Cybercriminals from Nigeria Use Ice IX and the 419 Scam Loucif Kharouni (Forward-Looking Threat Research Team)

Secure Your Mobile Workplace

Fraud Threat Intelligence

The Android Developers Guide to 3 rd -Party SDK Assessment and Security

MOBILE MALWARE REPORT

Types of cyber-attacks. And how to prevent them

Streamlining Web and Security

Solving the SMS Revenue Leakage Challenge

Mobile App Reputation

Terms of Service. This online privacy policy applies only to information collected through our website and not to information collected offline.

Follow the Data: Analyzing Breaches by Industry

TRAFFIC DIRECTION SYSTEMS AS MALWARE DISTRIBUTION TOOLS

Dragonfly: Energy Companies Under Sabotage Threat Symantec Security Response

G Data Mobile MalwareReport. Half-Year Report July December G Data SecurityLabs

End to End Security do Endpoint ao Datacenter

Malware, Phishing, and Cybercrime Dangerous Threats Facing the SMB State of Cybercrime

Terms & Conditions. Introduction. The following terms and conditions govern your use of this website (VirginiaHomeRepair.com).

G DATA MOBILE MALWARE REPORT THREAT REPORT: Q1/2015

Terms and Conditions

Protecting against Mobile Attacks

WEBTHREATS. Constantly Evolving Web Threats Require Revolutionary Security. Securing Your Web World

The dramatic growth in mobile device malware. continues to escalate at an ever-accelerating. pace. These threats continue to become more

You are authorised to view and download one copy to a local hard drive or disk, print and make copies of such printouts, provided that:

Symantec's Secret Sauce for Mobile Threat Protection. Jon Dreyfus, Ellen Linardi, Matthew Yeo

G DATA MOBILE MALWARE REPORT

Internet Explorer Exploit Protection ENTERPRISE BRIEFING REPORT

Kaspersky Fraud Prevention: a Comprehensive Protection Solution for Online and Mobile Banking

Webroot Security Intelligence for Mobile Suite. Cloud-based security solutions for mobile management providers

Mobile Malware and Spyware: Working Through the Bugs. Detective Cindy Murphy

Kaspersky Security 10 for Mobile Implementation Guide

Mobile Protection. Driving Productivity Without Compromising Protection. Brian Duckering. Mobile Trend Marketing

Symantec Mobile Security

Security Intelligence Services.

Managing Web Security in an Increasingly Challenging Threat Landscape

Terms & Conditions Template

GFI White Paper. How Web Reputation increases your online protection

How To Protect Your Online Banking From Fraud

Kaspersky Fraud Prevention platform: a comprehensive solution for secure payment processing

The Police Trojan AN IN-DEPTH ANALYSIS

App Terms and Conditions!

WHITEPAPER. Fraud Protection for Native Mobile Applications Benefits for Business Owners and End Users

Rogue DNS servers a case study

T E C H N I C A L S A L E S S O L U T I O N

Addressing APTs and Modern Malware with Security Intelligence Date: September 2013 Author: Jon Oltsik, Senior Principal Analyst

Transcription:

RESEARCHBRIEF Fake Apps, Russia, and the Mobile Making the SMSS Fraud Connection Paul Pajares and Max Goncharov Web News of an SMS fraud service affecting many countries first broke out in Russia in 2010. It has since put users at risk through popular online activities like social networking and downloading content. These fraud services are knownn as premiumm servicee abusers, mobile malware that subscribe users to premium-rated short message services. Some of them also connect to premiumm numbers without the user s consent, which leads to additional and unwanted charges. Premium service abusers may favor malicious domains as hosts but they can also spread as fake apps downloaded from third-party or legitimate app stores. Users often get them from poisoned search engine results that lead to fake app download sites, which then install malware. Premiumm service abusers comprise over 40% of o the global threats to Android devices. They not only affect Android, but also the Java Microo Edition (formerly J2ME) platform. Users of the ios platform are also at risk, as shown by a rogue Angry Birds Star Wars app that tricks them into giving out their mobile numbers via browser-based social engineering tactics. Premiumm service abusers prove the active dynamics of mobile cybercrime, which grows alongside the increasing mobile traffic. Seeingg that mobile threats can be agile, jumping fromm PCs to mobile devices, it is only wise for individuals and companies alike to use comprehensive solutions that protect both.

Why Russia? Premium service abusers primarily target Russia. This is partly due to the lack of standard app stores in the country, which makes third-party app stores popular. With over 2,800 unique infections from November 20122 to May 2013 alone, the threat aggravates the risks in the Russian mobile landscape. Other top targets include Russian-speakingg countries, Ukraine and Uzbekistan. Figure 1 shows that more people are downloading malicious.apk and.jar files. These are mostly hosted in the Czech Republic and Germany. Still, research suggests that there are onlyy a couple of servers that dominate most domains. This indicates that only a handful of o players control the large fraud services market. 2,500 2,000 1,500 1,000 500 JAR APK 0 Nov Dec Jan Feb Mar Apr May Figure 1: Distribution of.apk and.jar files downloadedd from November 2012 to May 2013 Figure 2: Top SMS fraud host countries most affected by SMS fraud Figure 3: Countries most affected by SMS fraud 2

Free Content Search Leads to Malware They use advertising network affiliates to pushh Fake apps are often obtained when users get malicious links via mobile apps, providers, sites, redirected to file download sites. The sites use SMS, QR codes, and links in spam. They thenn blackhat search engine optimization (SEO) to get paid via these affiliate networks without the appear as top search resultss for popular users consent. keywords like Bad Piggies and Download Flash for Android. Some apps also gather device information like International Mobile Station Equipment These download sites are either constructed Identityy (IMEI) number, International Mobile blog sites with Russian text, a fake Google Play Subscriber Identity (IMSI) number, brand, site, rogue app stores, or specific download sites model, manufacturer, and OS software for apps usually defined on the host name. Cybercriminals usually trick users to subscribe development kit (SDK) version. Mobile numbers and other personal informationn to free content then charge recurring payments. exorbitant or are then sold in the underground cybercrime market.. MOBILE DATA 1M numbers 10K numbers PRICE US$70 US$10 Customized database with personal data US$ $35 for 1,000 numbers Figure 4: Fake Adobe Flash Player for Androidd tricks users into downloading malware Table 1: Underground prices of collected mobile numbers from Russian network operators TYPES OF MALICIOUS DOWNLOAD SITES Malicious apps in a constructed blog site with Russian text Roguee Google Play app store Specific app download site Table 2: Types off malicious download sites 3

Permissions, Privacy, and a Little Push Most premium service abusers exploit app permissions for malicious activities like sending, receiving, and reading text messages as well as obtaining access to contacts and locations. The proliferation of FAKE and BOXER malware, meanwhile, show the prevalence of Russian SMS fraud services in the overall mobile threat landscape. Push notifications can also be dangerous for users, as many malware and high-risk apps push ads that can lead to malicious downloads. Aggressive adware like ARPUSH and LEADBLT variants use push notifications to Figure 5: Sample push notification that can be usedd victimize mobile users as well. to redirect users to malicious mobile sites What Can Users Do? Russian SMS fraud services and malicious apps from legitimate and/or third-party app stores can cause users to suffer financial losses from sending messages to premium numbers. Similarly, user privacy and reputation are put at risk with the amount of access that malicious apps can obtain and use for cybercriminal activities. But they can be effectively fought off with a robust and comprehensive threat solution anchored on reliable, global threat intelligence. Individuals and businesses can both benefit from using accurate web and IP reputation technologies that can correlate threats and block access to malicious app sources like standalone websites and third-party app stores. It is also important to collect mobile threat intelligence and use a mobile app reputationn technology to identify malicious and high-riskk apps. Proper discretion should be applied whenn searching for and downloading seemingly malicious and high-risk apps. Check appp permissions and only download from official app stores. Look at the routines of the apps youu download as well and exercise caution when it i comes to push ads that appear as notifications. More importantly, user devices can be further protected by threatt solutions that not only proactively block threats on a single device type but across all possible threat vectors. 4

TREND MICRO LEGAL DISCLAIMER The information provided herein is for general information and educational purposes only. It is not intended and should not be construed to constitute legal advice. The information contained herein may not be applicable to all situations and may not reflect thee most current situation. Nothing contained herein should be relied on or acted upon without the benefit of legal advice based on the particular facts and circumstances presented and nothing herein should be construed otherwise. Trend Micro reserves the right to modify the contents of this document at any time without prior notice. Translations of any material into other languages are intended solely as a convenience. Translation accuracy is not guaranteed nor implied. If any questions arise related to the accuracy of a translation, please refer to the original language official version of the document. Any discrepancies or differences created in the translation are nott binding and have no legal effect for compliance or enforcement purposes. Although Trend Micro uses reasonablee efforts to include accurate and up-to-date information herein, Trendd Micro makes no warranties or epresentations of any kind as to its accuracy, currency, or completeness. You agree that access to and use of and reliance on this document and the content thereof is at your own risk. Trend Micro disclaims all warranties of any kind, express or implied. Neither Trend Micro nor any party involved in creating, producing, or delivering this document shall be liable for any consequence, loss, or damage, including direct, indirect, special, consequential, loss of business profits, or special damages, whatsoever arising out of access to, use of, or inability to use, or in connection with the use off this document, or any errors or omissions in the content thereof. Use of this informationn constitutes acceptance for use in an as is condition. Trend Micro Incorporated, a global leader in security software, strives to make the world safe for exchanging digital information. Our innovative i solutions for consumers, businesses and governmentss provide layered content security to protect information on mobile devices, endpoints, gateways, servers and the cloud. All of our solutions are powered by cloud-based global threatt intelligence, thee Trend Micro Smart Protection Network, and are supported by over 1,200 threat experts aroundd the globe. For more information, visitt www.trendmicro.com. 2013 by Trend Micro, Incorporated. All rights reserved. Trend Micro and the Trendd Micro t-ball logoo are trademarks or egistered trademarks of Trend Micro, Incorporated. All other product or companyy names may be trademarks or registered trademarks of their owners. 10101 N. De Anza Blvd. Cupertino, CA 95014 U.S. toll free: 1 +800.228.5651 Phone: 1 +408.257.1500 Fax: 1 +408.257.2003

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information