Mobile threats

Trojan-Ransom.AndroidOS.Fusob.h remained the most popular mobile Trojan-Ransomware in the third quarter, accounting for nearly 53% of users attacked by mobile ransomware.

The use of root privileges is not typical for banking malware attacks. However, in early February 2016, Kaspersky Lab discovered Trojan-Banker.AndroidOS.Tordow.a, whose creators decided that root privileges would come in handy.

A few days ago we reported to Google the existence of a new malicious app in the Google Play Store. The Trojan presented itself as the “Guide for Pokémon Go”. According to the Google Play Store it has been downloaded more than 500,000 times.

In the previous article, we described the mechanisms used by Trojan-Banker.AndroidOS.Gugi.c to bypass a number of new Android 6 security features. In this article, we review the entire Gugi mobile-banking Trojan family in more detail.

We have found a new modification of the mobile banking Trojan, Trojan-Banker.AndroidOS.Gugi.c that can bypass two new security features added in Android 6: permission-based app overlays and a dynamic permission requirement for dangerous in-app activities such as SMS or calls.

It is far from easy for the app to get into Google Play. Some malware writers give up their efforts to push their malicious creations past security checks, and instead learned how to use the store’s client app in their dark business.

We encountered a gratuitous act of violence against Android users. By simply viewing their favorite news sites over their morning coffee users can end up downloading last-browser-update.apk, a banking Trojan detected by Kaspersky Lab solutions as Trojan-Banker.AndroidOS.Svpeng.q.

In the second quarter of 2016, Kaspersky Lab’s web antivirus detected 16,119,489 unique malicious objects: scripts, exploits, executable files, etc. 54,539,948 unique URLs were recognized as malicious by web antivirus components.

Bankers and encryptors, ransomware and spyware, old and new exploits; APT attacks, ATM infection, spear phishing and fraud targeting large numbers of users – cybercriminals continue their hunt for money and information

Brazilian cybercriminals are clearly setting their sights on users of mobile banking. They are using SMiShing (phishing via SMS) and registering new mobile phish domains created especially for this purpose.

The number of users attacked with ransomware is huge. But how big is it? Ransomware seems to be a global threat. But maybe there are regions at a higher risk of danger? There seem to be a lot of ransomware malware groups. But what are the most widespread and dangerous?

In early March, Kaspersky Lab detected the modular Trojan Backdoor.AndroidOS.Triada which granted superuser privileges to downloaded Trojans. Soon after that we found one of the modules enabling a dangerous attack – spoofing URLs loaded in the browser.

How safe is it to charge your phone using USB ports? Our experiment shows that it is far from being safe – it comes with risks of losing data or even gaining access to the device by cybercriminal.

Malware writers have learnt to upload malware apps onto Android devices of unsuspecting users by using JavaScript. Publically available remote-code-execution vulnerability use cases written by antivirus software experts were used as a handy manual by malware writers.

2016 has only just got underway, but the first three months have already seen the same amount of cybersecurity events that just a few years ago would have seemed normal for a whole year. The main underlying trends remained the same, while there was significant growth in trends related to traditional cybercrime, especially mobile threats and global ransomware epidemics.