Weekly Mobile Security News Roundup

This week’s summary sheds light on several emerging trends in the mobile malware world. As it grows and develops, malware is becoming the means to a new end (Crypto-Currency Mining for instance). The second major point focuses on the growing and evolving business of mobile malware – reputation, reliability and innovation are expected and required from malware creators and distributors.

  • Automatic App installation from Google Play poses a substantial risk
    Android users usually download and install applications via the Google Play store through several interactions with the service – including viewing the app’s description and granting specific permissions to each App.


Recent reports reveal the existence of a suspicious app on Google Play that almost automatically downloads, installs, and launches other apps from Google Play without any of these interactions.


Why is this significant?
This particular automatic downloads scheme seems to be part of an advertising and pay-per-download scheme and doesn’t include malware. However, this is a major step forward in the potential capabilities of future malware. Bypassing the user controlled process of a download leaves one less barrier between the mobile device and attackers.

  • 9% of Android apps tested for Nokia X contain malwareEarlier this week, Nokia made sure that everyone knew that while performing compatibility testing for the new Nokia X, 9% of the 100,000 apps they tested, from multiple Android app stores, were infected with some form of malware.

    It must be said that Nokia would want to highlight the security issues with Android apps, as it’s trying to tempt users away from Google’s OS . However, several previous studies have already backed up the same points, warning of the huge number of malicious Android apps out there.


Why is this significant?
This is another reminder about how even careful users can be duped when downloading an App. Whether from the Google Play Store or from a 3rd party marketplace, things like developer details, reviews, logical download numbers aren’t always enough. As an enterprise, your employees will almost certainly inadvertently download illegitimate apps and potentially expose the org to security flaws and compliance breaches.

  • A new mobile Remote Access Trojan(mRAT) called Dendroid (Android.Dendoroid) is making waves in several underground forums. Interestingly, , Dendroid is also a word meaning something is tree-like or has a branching structure which hints at the mRATs own development history.Dendroid shares several characteristics with Android.Dandro, which when released, was the first mRAT to fully incorporate an APK binder (allowing the attacker it fuse the malicious payload to any app).

    Via a sophisticated control panel, Dandroid enables the attacker to:

      1. Delete call logs
      2. Call a phone number
      3. Open Web pages
      4. Record calls and audio
      5. Intercept text messages
      6. Take and upload photos and videos
      7. Open an application


    Why is this significant?
    Putting aside the advanced surveillance techniques Dendroid enables, it actually the presentation that’s worth paying attention to. Mobile malware is becoming a much more demanding and substantial business and therefore has to provide “better looking” and sharper tools. This is one of the leading signs of a field that is getting stronger.

  • iBanking Mobile Bot Source Code Leaked
    Researchers have recently traced a forum post leaking the iBanking mobile bot control panel source-code.iBanking mobile bot is a relative new-comer to the mobile malware scene, and has been available for sale in the underground for $5,000 since late last year. Disguising itself as a “Security App”, it’s another example of the ongoing developments in the mobile malware ecosphere – boasting web-based control panels and packing more data-collecting features.


    Why is this significant?
    The fact that iBanking’s source code has been leaked means that anyone and everyone can now use it for free. Furthermore, it can now be customized at will, making discovery more difficult. Finally, the widespread distribution of an advanced, accomplished mRAT makes Malware as a Service (MaaS) that much easier and more tempting.

  • Mobile devices have now begun to be targeted as crypto-currency miners.
    The popularity of digital currencies is on the increase, as is their attractiveness to malware authors. Until recently, malware was usually focused on data theft. There is now a brand new motivation for some attackers – hijacking the device and using it do mine (create) crypto-currency.This week, a malware infected copy of TuneIn Radio appeared on several download platforms with the aim of mining a new crypto-currency named Dogecoin. Besides the data usage, one of the potential effects of this can be physical damage to the device due to overheating and/or extreme usage.


Why is this significant?
Crypto-Currency is definitely on the rise. With mobile wallets also becoming a popular trend, now’s the time to make sure that both our data and our devices themselves aren’t being exploited.

  • Adverts overtake porn as largest mobile security threat
    Mobile adverts have overtaken pornography as the biggest threat to mobilde device security, according to new research. Porn viewing makes up only 1% of mobile browsing activity and accounts for 16% of all malicious attacks. By comparison, Web ads comprise 12% of requested mobile content and a whopping 20 % of attacks.http://news.techworld.com/security/3505329/rogue-ads-overtake-porn-as-top-mobile-malware-attack-method/?olo=rss

    Why is this Significant?
    Mobile Ads are one of the most efficient forms of social engineering and can be the source of various kinds of malware attacks. The fact that users are spending larger amounts of time for recreational activities like shopping and browsing exposes them to far more ads. It makes a lot of sense that attackers and malware distributers are targeting those exact channels.