A quick guide to mobile malware (part 2)

This is the second article in a 3-part series on mobile malware.

Why (should I be worried)?

Worm:iOS/Ikee.A changed the phone's wallpaper

Last week I gave a brief summary of the kinds of threats a user might encounter on the smartphones of today. This week’s article is supposed to cover the reasons why a user would worry about mobile malware, so let me give the short answer now:

Usually, mobile malware attacks are motivated by: Bragging rights; money; stealing personal information that can be sold for money. For the user that gets hit by the malware, it means: Losing control over your phone; losing your money; someone else might be using your personal details for who-knows-what.

So let’s assume your phone’s been infected. Just how much should you be worried? Well, that kind of depends on your luck and what kind of malware you’re dealing with.

“Hey folks! Look what I can do!”

Like PC-based malware, the first threats to appear on the phone are often the product of some technically-minded person finding a loophole in the phone’s operating system, writing a program to exploit it, then releasing it to the general public to, basically, prove that it can be done. A prank for bragging rights, more or less. There may also be more subtle motivations involved, but if your phone is on the receiving end, you probably wouldn’t care.

Sometimes, if you’re lucky, that first malicious program doesn’t do anything worse than changing the phone’s wallpaper (Worm:iOS/Ikee.A is a good example here). So, for the user, the cost for the malware creator’s bragging rights is: time spent dealing with the problem and probably a massive headache.

Not a good loss, but bearable. Unfortunately, the next two potential losses for a user hit by mobile malware – money and/or personal data – are more serious.

“Give me back my phone!”

As other attackers get hold of that pioneer program and modify it to be more malicious, the next few versions (or variants) of it usually get more ‘risky’ to the user. If the malware is really malicious, it can alter the phone’s functionality to the point that the device is basically ‘bricked’ – it can’t be used for anything other than a paperweight.

Some examples we saw on the Symbian platform – which, by virtue of being the first widely used smartphone platform, also suffered the most threats – were Cardtrap, Skulls, Romride and Locknut. At this point, if the damage isn’t recoverable, the user is also out by the price of the phone and loss of the data stored on the phone itself. Ouch.

SMSes = $$$

Still, not everyone has to be concerned about data loss, if they have their contacts backed up elsewhere and they don’t keep financial or confidential details on their phone. What if you do, though? Say, you do mobile bank transactions, or store your PINs or account log-in details on the phone? Can an attacker find a way to pull confidential data off the phone?

‘Early generation’ smartphones – for the sake of this article, let’s say they’re the ones that sent data out by WAP  – didn’t give crooks a lot of options for getting hold of data they could make money from.  On these phones, the ‘traditional’ way for crooks to make money was through what amounts to SMS fraud (an example is the Redoc trojan family).

In this kind of scheme, the attackers has to plant a trojan on the device that forces it to send SMS messages to a premium phone number, which can wrack up a high phone bill for the user. Though effective, these attacks tend not to be very widespread, as they are limited by the geographical location and size of the telecom networks and target-able users. If you’re not in the target group, the threat is almost nonexistent.

Stealing data

Nowadays though, ‘new generation’ smartphones – as in ones with fast data connections back up by unlimited or cheap data packages from telco providers, making it convenient for a user to just leave the data connection open – offer a crook more options. Instead of bothering with SMS fraud, they can create malware that find and retrieve specific information stored on the device, which could potentially give far greater returns. Case in point is the very next Ikee variant, Ikee.B, which stole financially-sensitive information stored on the phone.

In this case, the loss is hard to estimate as fortunately, this type of malware isn’t common and the risk they pose is highly individual, depending on what details you store on your phone. It would probably also depend on how the attacker would be able to convert the details stolen into hard cash – sell it off in bulk together with details stolen from others? Find a way to log into a compromised account and withdraw the money?

There’s no ‘standard scenario’ here, so it’s hard for a user to realistically evaluate the fallout of having data stolen off their phone. All that can be reliably said is that personal and financial details are major targets on a PC and they’re probably no less attractive on mobile devices; it’s just that up until now, attackers didn’t have a way to scam these details out of someone on a mobile device.

Going straight for the money

As with PC threats, the main motivation for mobile threats seems to have transitioned from bragging rights to making money. And in a totally unscientific personal observation, it sure seems like mobile malware made that transition much faster than PC threats did. As a very rough comparison:

  • Brain, the first PC-based malware, came out in 1986; it was only in the early 2000’s that profit-motivated malwares became prevalent (though there doesn’t seem to be any agreement on which was the first).
  • By comparison, the iOS was launched in early 2007; its first trojan (of the bragging rights variety) came out almost exactly a year later; and shortly thereafter came Ikee.B, which was more malicious (but only on jailbroken iPhones).
  • The Android OS was launched in late 2007; its first trojan was also the first to try an SMS fraud scam, and it appeared in August of 2010.

It’s early days yet for mobile threats so we really don’t know how they are going to evolve.

It would probably be a safe bet to say that there are going to be more new threats though, and not all of them are going to be as benign as a plastering on a Rick Astley wallpaper.

Next week, the last in this series – How (can I protect myself)?

More posts from this topic

Screen Shot 2014-09-20 at 9.12.30 AM

GameOver ZeuS: The Kind of Game You Don’t Want On Your Computer

Unlike Team Fortress 2 or Doom, two of the most popular PC games of all time, GameOver ZeuS is not a game you can buy online or would willingly download on to your computer. What is GameOver ZeuS? While we’ve talked about banking Trojans before, none have been as detrimental to users as the GameOver ZeuS or GOZ Trojan, which initially began infecting users in 2012. Gameover ZeuS is designed to capture banking credentials from infected computers, and make wire transfers to criminal accounts overseas. It was allegedly authored by Russian hacker Evgeniy Bogachev, who then implanted it on computers all around the world; building a network of infected machines - or bots - that his crime syndicate could control from anywhere. It’s predominately spread through spam e-mail or phishing messages. So far, it’s been estimated to scam people out of hundreds of millions of dollars and it’s only getting worse. It doesn’t stop there; Gameover ZeuS can also be modified by hackers to load different kinds of Trojans on to it. One such Trojan is a ransomware called CryptoLocker, which is a devastating malware that locks a user’s most precious files by encrypting all the files until he or she pays the hacker a ransom. In June 2014, the FBI, Europol, and the UK’s National Crime Agency announced they had been working closely with various security firms and academic researchers around the world and took action under a program dubbed “Operation Trovar.” This initiative temporarily disrupted the system that was spreading the Trojan and infecting computers, allowing a temporary pause in additional computers from being infected. However, computers that were already infected remained at risk, as they were still compromised. What’s next? The disruption of the GameOver ZeuS botnet was a great success in many ways, but it’s not over. Our security advisor, Sean Sullivan, worries that this temporary disruption was actually more dangerous than completely taking it down. “Without arresting Bogachev, Gameover ZeuS is still a huge threat and likely to evolve to become more dangerous. The hackers can just as easily program a future version of the Trojan to initiate a “self-destruct” order (like destroy every file on a computer) if the ransom isn’t paid, or if authorities try to intervene.” What can we do to protect our digital freedom? Beware of malicious spam and phishing attempts — don’t open any attachments within emails unless you are specifically expecting something. Check email attachments carefully, and make sure you don’t open any files that automatically launch, which frequently end in .exe Have an Internet security solution in place and keep it up to date Keep your Windows operating system and your Internet browser plugins updated Back up all of your personal files regularly Also, check your machines to be sure you do not carry the Gameover ZeuS Trojan. For more information on how this powerful Trojan works and how it is spread, check out this this video. [protected-iframe id="888198d18fd45eae52e6400a39fb4437-10874323-9129869" info="//www.youtube-nocookie.com/v/JhiPDbTIsqw?hl=en_US&version=3&rel=0" width="640" height="360"] Have more questions? Ask us here on the blog.  

Sep 20, 2014
Unbenannt-1

16 ways SAFE protects your devices, your family and you

In the early twenty-first century, when hackers were mostly pranksters, having security software on your PC was mostly about saving you some trouble. In 2014, international crime syndicates regularly co-opt millions of computers in order to systematically steal banking information, take identities and hold files for ransom, security isn't about convenience. It's about giving our families the freedom to live our lives online with out the threat of strangers invading our lives, hijacking our time and money. An anti-virus on one PC is a good step. But who just uses one PC now? Many of us three different devices before breakfast. That's why we created F-Secure SAFE -- it's built to protect all the devices and all of the people in your family. The latest update of SAFE is designed to make it easier to install on infected computers for a smoother overall experience. It also gives your tools to keep your devices and family safe wherever they go. Since SAFE is such a dramatic expansion of what our traditional F-Secure Internet Security does we wanted to cover 16 ways it protects you, your family and your devices. And to celebrate the new SAFE launch, we're giving away one SAFE hoodie and a free year of SAFE on our Facebook page every day for 16 days beginning on September 16. Please read the rules and enter now. Here's how SAFE protects you, your devices and your family: PCs and laptops 1. Protection against ransomware Thanks to browsing protection, F-Secure SAFE protects you against malicious software that impersonates authorities, such as Interpol or the FBI, and may block your computer, demanding ransom for unblocking it and preventing you from accessing your files until you pay. Thanks to F-Secure SAFE, all known versions of this insidious type of malware can't get on your computer. 2. Protect your home computer in the same way your office computer is protected Your office computer is protected by software that safeguards it against viruses and protects corporate data against theft by criminals. SAFE gives you the same options on your home computer. 3. Limit the time your children spend on the Internet. If you think that your children may spend too much time browsing the internet or playing online games, SAFE will let you decide for how many hours they are allowed to do it every day. You can easily define in which hours exactly they connect to the Internet. If they try to go online during unapproved times, the computer will not connect to the Internet. 4. Online banking protection your bank knows you need Do you know that most banks recommend in terms of security is using paid anti-virus software when banking online? SAFE ensures you meet these recommendations. 5. Safeguard your memories  F-Secure Safe protects the photos and videos of your children or grandchildren against falling into the wrong hands. The built-in anti-virus application and protection against as-yet-unknown threats ensure that all of the memories collected on your computer are fully protected. Your files will never be destroyed, encoded to demand payment for decoding them, or intercepted in order to be published or to gain profit from distributing them. 6. Protect your children against adult content Define which sort of content can be accessed by your children, whether you're monitoring them or not. 7. Shop online without worry Thanks to protection against spyware and browsing protection, your credit card number is invisible to criminals. Now you can relax when shopping online, booking hotels or buying air tickets. Tablets 1. Control which apps your kids can install Keep games that involve virtual violence, sex or gambling off your child's device with a simple setting. 2. Decide which sites your child can visit  Even if they use tablets in their rooms, you can be sure that they visit no websites inappropriate for their age. 3. Protect your device against malware with browsing protection. Protect yourself from phishing scams, ransomware and malicious apps that could be triggered by visiting the wrong site. 4. Keep login data and online banking passwords secure SAFE protects your tablet against spyware that steals your bank login data. Smartphones 1. Find your missing phone. Locate your lost phone and make sure no one can access your data should your device be stolen. 2. Find your child Check the location of your child’s phone from our simple web portal. 3. Avoid surprising charges Are you concerned that your children may install games than require additional payments? F-Secure Safe lets you control which software is installed on their phones. 4. Block calls and text messages from unwanted numbers Start your own "Do not call" list with this feature that allows you decide who has access to you through your phone. 5. Keep your phone malware free More than 99 percent of all mobile malware targets Android, which is the second most targeted platform in the world behind Windows. With SAFE, you have protection from increasingly complex ransomware and trojans designed to get inside your phone then your wallet. You can try F-Secure SAFE for free now. Cheers, Sandra

Sep 15, 2014
Unbenannt-2

Why your Apple Watch will probably never be infected by malware

On Tuesday Apple announced its latest iPhone models and a new piece of wearable technology some have been anxiously waiting for -- Apple Watch. TechRadar describes the latest innovation from Cupertino as "An iOS 8-friendly watch that plays nice with your iPhone." And if it works like your iPhone, you can expect that it will free of all mobile malware threats, unless you decide to "jailbreak" it. The latest F-Secure Labs Threat Report clears up one big misconception about iOS malware: It does exist, barely. In the first half of 2014, 295 new families and variants or mobile malware were discovered – 294 on Android and one on iOS.  iPhone users can face phishing scams and Wi-Fi hijacking, which is why we created our Freedome VPN, but the threat of getting a bad app on your iOS device is almost non-existent. "Unlike Android, malware on iOS have so far only been effective against jailbroken devices, making the jailbreak tools created by various hacker outfits (and which usually work by exploiting undocumented bugs in the platform) of interest to security researchers," the report explains. The iOS threat that was found earlier this year, Unflod Baby Panda, was designed to listen to outgoing SSL connections in order to steal the device’s Apple ID and password details. Apple ID and passwords have been in the news recently as they may have played a role in a series of hacks of celebrity iCloud accounts that led to the posting of dozens of private photos. Our Mikko Hypponen explained in our latest Threat Report Webinar that many users have been using these accounts for years, mostly to purchase items in the iTunes store, without realizing how much data they were actually protecting. But Unflod Baby Panda is very unlikely to have played any role in the celebrity hacks, as "jailbreaking" a device is still very rare. Few users know about the hack that gives up the protection of the "closed garden" approach of the iOS app store, which has been incredibly successful in keeping malware off the platform, especially compared to the more open Android landscape. The official Play store has seen some infiltration by bad apps, adware and spamware -- as has the iOS app store to a far lesser degree -- but the majority of Android threats come from third-party marketplaces, which is why F-Secure Labs recommends you avoid them. The vast majority of iPhone owners have never had to worry about malware -- and if the Apple Watch employs the some tight restrictions on apps, the device will likely be free of security concerns. However, having a watch with the power of a smartphone attached to your body nearly twenty-four hours a day promises to introduce privacy questions few have ever considered.    

Sep 9, 2014
BY Jason