Mobile Security Weekly – Malware hits 2 million milestone

This week’s summary is dominated by an aggressive new Android worm attacking Israeli Android devices.

The rest of the roundup comprises of quite a diverse mix of issues. We’ve got newly discovered problems with Android OS, app developers failing their users as well the news that mobile malware has reached a new milestone – 2 million different instances. This wide range just goes to show how many different ways mobile malware is evolving.

Foto_Album – an Android SMS worm attacking Israeli Users
A new strain of Android malware that has been attacking Israeli Android devices was identified today. At the moment, it seems that this specific attack only threatens Israeli users.

For the time being, all we can say is that the attack only affects Android devices, so iOS users are safe. We’re not sure how the first victim was infected but the malware is now spreading via SMS. Once a device has been infected, it sends a malicious SMS message to the entire contact list. The SMS contains a URL that directs the victim to a malicious server and downloads the malware.

Why is this Significant?
For obvious reasons – this is a serious threat. Malware that can spread like wildfire is always going to pose a severe security risk to enterprises. We don’t yet know enough about how widespread the attack is or who’s behind to compare it to other previous attacks but this issue should be a main focus of the mobile security world for the coming days.

Funtasy – a New Android Trojan Targeting Spanish Android Users with Premium SMS Charges
A new Android Trojan, named Funtasy, has been targeting Android users in Spain since mid-April. Research has shown that victims have downloaded 18 different variants of Funtasy between 13,500 and 67,000 times from the Google Play store.

Funtasy currently targets several different Spanish mobile networks as well as, inexplicably, one Australian mobile network. Funtasy’s method of malice is subscribing victim’s phones to premium SMS services which cost up to 30 euros per month, while hiding any evidence of the subscription.

Why is Significant?
Implementing the tried and tested method of uploading a fake app to the Google Play store, Funtasy is part of a growing trend. We’ve also been witnessing an increasing number of malwares that use Premium SMS subscriptions as the way of stealing money from their victims. At the end of the day, as long as the Google Play store stays vulnerable to fraudulent apps, users won’t be able to prevent infections.

Another relevant take-away is how global mobile malware has become. Not for the first time, we’re seeing a single attack targeting users from around the world.

Android App Components are Prone to exploitation.
Another design issue within Android OS is causing more worries for users. Researchers have found two major Android apps – an unnamed productivity app with at least 10 million installs, and a shopping app with at least one million – which are leaving user data seriously vulnerable.

An Android component that essentially executes functions of the app. has an attribute named ‘android:exported’, which, when set to ‘true’, allows this component to be executed or accessed by other applications. Ultimately, apps installed within a device may be able to trigger certain functions in other apps. This has obvious pros for developers and vendors who want to implement partnerships with other apps and developers.

From a security standpoint, this also poses an opportunity for cyber criminals. An attacker could use the vulnerability to display malicious ads and links and even potentially hijack user data.

Why is this Significant?
Underlying design issues within Android post the biggest threats to users so it’s important to recognize this new threat. While the apps haven’t been named, it shouldn’t be to difficult to find them. Many developers overlook components that are prone to abuse and need to be protected. This means that users are in the problematic situation of having to question the safety of their OSs as well as their Apps.

New Snapchat security issues surface
Snapchat may be trying to make amends, both with it’s users and with the FTC, but it might guiding itself into a corner that may be prove impossible to get out of. New documents have revealed that the popular messaging service not only hasn’t been doing what it promises to do, but has actively been doing exactly what it promised it won’t.

Snapchat’s main claim to fame was the so-called “ephemeral” nature of it’s messages. The fact that users could send messages that would later self-destruct appealed to millions of people. Ultimately, what happened was that:

  1. Perhaps the biggest issue is that collected geolocation information from Android users even when its privacy policy explicitly said it wouldn’t.
  2. The photos that were sent were apparently stored unencrypted on the recipient device and can simply be retrieved by anyone traversing the file system.
  3. Many 3rd party apps also store the images – something Snapchat has repeatedly ignored.
  4. Snapchat’s Find Friends feature was also discovered to collect names and numbers of all entries in a user’s address book even if it said it would only get the user’s own contact information.

Why is this Significant?
This case consists of several important lessons, all rolled into one. Snapchat’s security problems have become a recurring issue. With regard to privacy and security, it’s becoming obvious that mobile users don’t just have to worry about malware but about legitimate apps as well. Snapchat have shown what can only be describe as a blatant disregard for their users needs and security. On the flip side, it is good to see the FTC taking an active role in enforcing these type of issues.

Mobile Malware Hits Two Million mark.
As we’ve discussed in the past, more reports are now beginning to surface regarding the migration of PC-based malware techniques over into the mobile world.

These include the use of Tor to hide C&C servers and exploitation of vulnerabilities in legitimate apps. The volume of mobile malware and high-risk apps has rapidly grown, to over two million in the first quarter of 2014, a decade after the first proof-of-concept mobile malware but only six months since the one million milestone was reached.

Another interesting detail is how much new malware is being discovered. A constantly increasing demand for private and sensitive user data as well as readily available kits and software for repackaging legitimate apps and hiding malware within them has led to the discovery of 647,000 new pieces of malware in Q1 2014

Why is this Significant?
This is in no way a surprise. The focus of cyber criminals has been moving towards mobile for a while. As users migrate from using mainly PCs to using mobile devices, it’s only to be expected that malware will go the same way. This is a good a point as any to look at the hard numbers and realize just how big an issue it is.