Mobile Threat Report Q1 2013 — Android becomes more and more like Windows

mobile_report_q1_2013Our latest Mobile Threat Report is out and the findings show that the Android malware ecosystem is more and more resembling the Windows ecosystem.

New mobile threat families and variants rose by 49% from last quarter, from 100 to 149. 136, or 91.3% of these were Android and 13, or 8.7% Symbian. Q1 2013 numbers are more than double that of a year ago in Q1 2012.

While the “walled-gardens” of the iOS and Windows Phone, where apps require approval before sale, have prevented malware threats to develop for the iPhone or Nokia models running those systems, Android threats are increasing and becoming more likely to affect average users.

“I’ll put it this way: Until now, I haven’t worried about my mother with her Android because she’s not into apps,” F-Secure Security Advisor Sean Sullivan said. “Now I have reason to worry because with cases like Stels, Android malware is also being distributed via spam, and my mother checks her email from her phone.”

You can get the entire report here and as you read through it, listen to our Chief Research Officer Mikko Hypponen and Sean Sullivan walk through the report in this exclusive preview. (Sorry, there is a odd echo for the first few minutes of the recording.)

Here’s a look at profit-motivated threats. Is anyone surprised that mobile malware authors are mostly motivated by money?

As far as the types of threats our Labs is seeing, Trojans continue to dominate:


We protect your mobile devices from all common threats. Get F-Secure Mobile Security free for 30 days or download it at Google Play .


More posts from this topic

Facebook Phone Number

Why Does Facebook Want My Phone Number?

Facebook has become the most popular social network in the history of known universe for a pretty simple reason: It appeals to our egos. Our egos love to be connected, recognized and comforted. But those needs are generally tiny compared to our desire to be flattered. And one way Facebook continually flatters us is by asking for our phone number -- continually. Like all the time. But like any stranger seeking your digits, the site may have ulterior motives. Ask Facebook, "Why am I being asked to add my phone number to my account?" and its help page will tell you this: Adding your phone number to your account will help keep your account secure, make it easier for you to connect with friends and family on Facebook and make it easier to regain access to your account if you have trouble logging in. That's true. But are there other reason that it might want this piece of information -- reasons that appeal directly to Facebook's bottom line? Almost certainly. In fact, the business case for getting your phone number may be so strong that it's likely at least part of the reason for the change in terms and conditions for WhatsApp, which is owned by the technology giant. So what does Facebook get when it gets your phone number? Potentially lots and lots of information about you -- possibly even your favorite breakfast cereal. Watch our chief research office Mikko Hypponen break down what the data scientists that help social networks sell ads learn about you from your number. [youtube https://www.youtube.com/watch?v=pbF0sVdOjRw?rel=0&start=762&end=&autoplay=0] Even if you don't mind being marketed at with ruthless efficiency, there may be other ways Facebook could use your number that you might want to consider. You might have heard about the therapist who began seeing her patients pop in Facebook's "People You May Know" module. How did this happen? Fusion's Kashmir Hill suggests that "an algorithm analyzing this network of phone contacts might reasonably assume all these people are connected." And in this case the therapist didn't even remember giving her number to the site, but she had. If you're logged in, you can check if Facebook has your number here. This still could be some value to you in handing over your number. Two-factor authentication is generally a smart strategy for any account you want to protect -- and you need to offer your smartphone number to access the SMS messages you'll need to use. But remember: If you make your number available on Facebook, people can find you by searching it. So if you do use Facebook's two-factor authentication, you should consider hiding your phone number for anyone but yourself. To do this, go to your profile page, click "About" under your cover image and then in the left column click on "Contact and Basic Info". Next to your mobile number, click "Edit" and select "Only Me". This will make sure strangers won't find your number through your profile or vice versa. But it won't stop Facebook from knowing what your favorite breakfast cereal is. {Image by HighwaysEngland | Flickr]

September 9, 2016
iphone untrackable

Update your iPhone right now — especially if you’re an activist

A little iPhone history was made this month -- a iOS device was infected by just clicking on a link. This sort of attack had previously only worked on devices where the owner had purposely installed a "jailbreak" hack. So before you do anything -- even read the rest of this post -- you should update your iOS software to the latest version of iOS 9, or iOS 10 beta, which has some nice new privacy features. Here's how this historic attack happened, according to The Verge: Earlier this month, an Emirati human rights activist named Ahmed Mansoor got a suspicious text. It promised new details of torture in the country’s state prisons, along with a link to follow if he was interested. If Mansoor had followed the link, it would have jailbroken his phone on the spot and implanted it with malware, capable of logging encrypted messages, activating the microphone and secretly tracking its movements. To our cyber security advisor Erka Koivunen, this is a glaring example of a threat that is not "advanced" -- as in APT, advanced persistent threat. Think about what goes into a real APT. "They do reconnaissance properly and understand what the victim is susceptible to. They have good timing and only create visible noise when it suits their interest," he told us. "And they have a plan B ready in case someone starts snooping their activities." Here, the the most exploitable iPhone vulnerability ever known has now been exposed and patched -- for what? It's a bit baffling to Erka who compares it to throwing "expensive exploits at this guy like kids throwing rocks." You just don't see zero-day vulnerabilities like this -- especially on what had been one of the more secure platforms available -- that often. This has some security researchers thinking: Perverse incentives: Should I take up political activism so I get more interesting 0day sent my way? /me wonders — halvarflake (@halvarflake) August 26, 2016 //platform.twitter.com/widgets.js So, if you haven't already, update now. And if you're involved in politics in *any way* whatsoever, realize that someone will try to hack you -- sooner or later. So beware of those links in strange texts and email attachments in general. [Image by Sean MacEntee via Flickr]

August 26, 2016
Father lecturing son in bedroom

F2P can cost parents thousands of Euros – read this to avoid it

This is really an old problem, but it’s in the headlines again. Pokémon Go is yet another example of a “free” game with a business model based on in-app purchases. These games are also known as F2P, standing for free-to-play. You can start playing, and get hooked, for free. But soon you run into a situation where you can’t proceed without buying virtual stuff in the game. The stuff you buy is virtual but the payment is very real money. This is no doubt a profitable model. Pokémon Go went straight to the top and for example Finland-based Supercell, maker of Clash of Clans, has constantly reported nice profits. This can naturally cause trouble for addicted adults, but the real problems arise when kids get hooked. There are numerous public stories about kids making purchases for hundreds or even thousands of Euros, often without even understanding how much they have spent. And the sinister part is that this can go on for a while until you get the credit card bill, and it’s too late. Your chances to get a refund are somewhere between slim and none. But how can this happen? Let’s take a look at the most common scenarios. Your kid has set up the new device and created the needed account with Apple or Google. Everything is fine until he or she needs an app that isn’t free. You enter your credit card on the kid’s device and make the purchase, but you don’t pay any attention to the security settings. This may give your kid carte blanche to buy anything he or she likes, and you pay the bill. You have entered your credit card but set up the kid’s store account so that a password only you know is required for every purchase. But there are some convenient settings that allow purchases without a password within a limited time window after the password has been entered. Kids learn very quickly to utilize this opportunity. Let’s assume the same setup as in the previous point, but with the correct security settings. Now the password is needed for every purchase. But the store account is still owned by the kid and the password can be reset. The password reset link will be sent to the kid’s mail or phone number. It’s carte blanche again with the new password. Ok, you create an account you own for the kids phone. It’s tied to your mail and phone number, so the password reset trick shouldn’t work anymore. You put down your phone and head for the toilet. Your kid has been waiting for the opportunity and initiates the password reset request. Your phone is there on the table wide open, with the reset link in the mail. You can figure out the rest yourself. And of course the simple alternative. You think the store password on your kid’s device is secret. But in reality it is either too easy to guess or someone has been looking over your shoulder. So there’s many things that can go wrong, but what can we do to avoid it? There are many ways to fight this problem, but this is in my opinion the best approach: Let the kid set up the store account on the device and set own passwords. Just like an adult would use a phone, except that there’s no payment method registered. Never enter your credit card number on the kid’s device. On Android, get familiar with Google Play Family. This feature enables you to purchase stuff for your kid on your own device. On iPhone, send apps or money as gifts. There may be applications that bypass the store and handle credit card transactions directly. This can typically be handled with vouchers or other prepaid payment methods instead. The application usually guides the users and list all supported methods. Let’s also take a look at the hard way. Follow these instructions if you for some reasons must have your credit card registered as a payment method on the kid’s device. Make sure the store is protected with a good password that only you know. Make sure the kid isn’t watching too closely when you enter it. Make sure the store is set up to require the password every time a purchase is made. Make sure the store account is attached to an e-mail only you have access to. Make sure the e-mail password is decent and not known to your kid. Make sure your phone’s security settings are decent. Use a PIN or password your kid doesn’t know and make sure it locks automatically quickly enough. Even better, do not have the e-mail of your kids store account on your phone. Access it through web mail when needed. So this is after all a quite complex issue. There are many variations and other ways to deal with the problem. Did I miss some simple and clever way? Write a comment if you think I did. And finally. Yes, there’s also many ways to lock the kids out of the store completely. This does no doubt solve some problems, but I don’t think it’s a good idea. They will after all live their lives in a world where digital devices and services are as natural as breathing. They deserve the opportunity to start practicing for that right now. Let them browse the store and discover all the fun stuff. And be part of the group and use all the same apps as their friends. Let them have fun with the phone and learn, even if they will learn some things the hard way. Don’t ruin it for them.     Safe surfing, Micke  

August 16, 2016