Mobile Security Weekly – Mobile Malware goes Global

This week’s summary highlights two main points:

  1. The global reach of malware – and their targets. Users and enterprises in the biggest European and American markets are due to become the most targeted.
  2. Mobile malware is fast becoming as easy-to-use, accessible and as diverse as PC malware. Malware developers are selling their products to the highest bidders and not only ensuring that the malware is successful but also relatively simple to use.

British mobile users most targeted by malware

New reports show that British mobile phone users were targeted by more than double the load of malicious software than people from any other country in the first three months of 2014.

Compared to the 5-10 different malwares aimed at US and German users, British users were targeted with between 15 to 20 pieces of malware per 10,000 users.

Why is this Significant?
Other countries, like Russia and China, are usually those that are associated with mobile attacks. This study shows that western users should stop considering themselves safer than others. Malware is fast becoming a global issue – affecting targets in remote countries as well as major global markets.

Cryptolocker ransomware on Android offers a user friendly attack experience
There’s a substantial new ransomware available to purchase online. Ransomware, which is essentially a type of scareware (albeit with a bit more bite as opposed to just a bark), locks the victim’s device until they pay up.

In this case, Russian developers Reveton Team are offering their malware for rent and offer 24/7 support and detailed statistics to their potential customers. The malware comes in several different versions including a fake mobile AV, a Browser Locker and Fake Codecs.

Besides merely supplying the malware, the Reveton Team also provide methods for infecting devices and distributing the malware. They also take care of the “boring” logistics like the creation of domains for hosting the malware and even payments from victims.

As is usually the case with ransomware – this attack starts with social engineering. The attacker has to convince the victim to first install a malicious APK before granting it maximum permissions. Once the malware is installed, a window claiming the user has been viewing illegal material is presented with logos of well known government agencies.

This is used to convince the victim that the whole thing is legitimate. In the windows there’s a message alerting the user all his files on the device are encrypted and a payment has to be made in order to unlock it. In this case $300 has to be paid using a prepaid credit card from MoneyPak.

Why is this Significant?
This is probably the most advanced ransomware we’ve seen on Android. It serves as an example of just how approachable mobile malware has become. For a relatively small price, an attacker can purchase Reveton’s tools and services and begin to create havoc against both private and enterprise users. The idea that capable attackers are few and far between is no longer relevant.

New advanced app-repackaging infrastructure available to purchase online
A new Russia-based repackaging tool has surfaced. The tool provides the attacker with the opportunity to commit premium-rate SMS fraud on quite a significant scale. The tools enable the insertion of malicious code into legitimate apps that can later be uploaded to the Google Play Store via compromised app-publishing accounts.

Repackaged apps remove the need for even social engineering from a potential attack. Once an app has been uploaded to an official market-place – it becomes legitimate until the moment it decides to attack.

Why is this Significant?
This package costs just over $1400. Considering the potential financial gain from a malicious app being downloaded by thousands of users from the official Google app store, this low price tag for an attack tool proves that attacks against mobile are increasingly becoming cost-effective for attackers.

With mobile malware not just becoming more approachable but also increasingly monetized – enterprises need to prepare themselves for mitigation. Preventing attacks seems like an uphill battle that is just getting steeper.