Mobile World Congress is next week and F-Secure is jazzed to be participating again – it promises to be another awesome expo. But while the tech world buzzes about which devices will be unveiled by the top handset makers, leave it to us to interrupt the conversation to remind you about security perils, even on those snazzy new smartphones.
Last year, Android malware locked people’s devices for ransom and pilfered their money in SMS-sending fraud, among other devious activities. F-Secure Labs’ Top 10 Android Threats of 2015 list is out today, giving us a look at how attackers have been taking aim at Android users.
The number one Android malware threat family in 2015 was the SmsSend trojan, which made up 15% of our labs’ detections. The name, while lacking creativity, is apt. Attackers profit by setting up their own premium rate phone number. Once infected, a device sends text messages to the number, racking up charges on the device owner’s phone bill that ultimately profit the attacker.
SmsSend is not the only SMS-sending family on the list – further down are also Fakeinst, SmsPay, and SmsKey, all of which operate in a pretty similar fashion.
There’s almost no way to know if your device is infected with an SMS-sending trojan. The malware doesn’t slow down the device or otherwise affect its performance at all. A check of the Sent messages folder will most likely reveal nothing suspicious because once sent, the messages are usually deleted automatically. Of course, once you get your shockingly high phone bill you’ll know something is wrong.
SmsSend trojans infect either via apps posing as games in third party app stores, or via porn-related apps.
Number two on our list is the ransomware family Slocker, which rose to prevalence in 2015 with 2.46% of detections.
Slocker encrypts a device’s image, document and video files, and then displays a message accusing the user of breaking the law by having visited pornographic sites. It demands the victim pay a penalty of $500 to unlock the device. To further intimidate, it claims it has photos of the victim’s face and knows their location. You can see an interesting sequence of Slocker screenshots here on the Labs blog.
Slocker infects via porn-related apps, and also via spam emails claiming to be an Adobe Flash Player update.
According to Zimry Ong, Senior Analyst in F-Secure Labs, ransomware is the main difference between mobile malware seen in 2014 and 2015. Says Zimry, “In 2014 ransomware were not at all prevalent, but in 2015 we began seeing them in our detection report almost every day.”
Rounding out the Top 10 list are the information-stealing GinMaster, two exploits that obtain device root access, and a backdoor that gives the attacker access to a device to do as they please.
Here’s the full list:
Currently, most mobile malware can be avoided if you stay away from shady app stores and porn apps. But that could be changing (and incidentally, the newly discovered Mazar malware is another example of this). Zimry predicts banking trojans, although not new, will become more prevalent this year. The most common type of attack would be an app pushed at you while making a purchase on a perfectly legitimate website – one that’s been hacked.
“When you go to the checkout, instead of the usual checkout process, the website would push an app at you, asking you to use the app to complete your transaction,” Zimry says. “If you do so, the attacker of course obtains the credit card and personal information you enter.”
This technique may be easy to fall for given that the app would appear to be from a legitimate source. But like Zimry says, “If you’re shopping on a familiar website and there is suddenly a change from the usual checkout process, it’s a red flag that something is amiss.”
Now that we’ve reminded you about some security pitfalls of mobile, back to Mobile World Congress. We’ll be showcasing some of our coolest security products there, SAFE and Freedome, which will keep your devices free of Internet baddies. We’ll also be showing off new F-Secure Sense to secure your smart home and all its IoT-connected devices and things.
We’ll be at Hall 6, Stand B60. See you in Barcelona!
WannaCry is back in the news, building on initial reports attributing the now infamous crypto-ransomware…
May 23, 2017
Last week’s WannaCry outbreak caused havoc in many parts of the world before subsiding thanks…
May 18, 2017