Mobile threats

It took some time but they’re finally here – Brazilian cybercriminals have started to target their attacks towards mobile banking users.

Kaspersky Lab products detected and neutralized a total of 1,325,106,041 threats in the third quarter of 2014. Our solutions blocked 696,977 attacks that attempted to launch malware capable of stealing money from online banking accounts.

Recently, news appeared about an interesting attack where cybercriminals infect iPhones and Mac OSX users with a rather peculiar malware dubbed WireLurker. Yesterday, our friend Jaime Blasco from Alienvault discovered a Win32 malicious tool that appears to be related.

The developers of Gomal, a new mobile Trojan, not only achieved a new level of camouflage by adding Tic Tac Toe game to their malicious program, but also implemented interesting techniques which are new to this kind of malware.

This report aims to evaluate how widespread mobile threats are, and to alert the international IT security and law enforcement community to the problem of crime in the area of mobile communications.

This week, our virus lab handled a case where a customer received a phishing email with an Android Backdoor archive masquerading as a Kaspersky mobile security app.

On August 2, the Chinese Valentine’s Day, an Android SMS worm struck China. It is called XXshenqi.apk. In the space of six hours, it infected about 500,000 devices.

Kaspersky Lab products detected and neutralized a total of 995,534,410 threats in the second quarter of 2014. 927,568 computers running Kaspersky Lab products were attacked by banking malware. 65,118 new malicious mobile programs were detected. 2033 mobile banking Trojans were detected in this period, 1.7 times more than last quarter.

AndroidOS.Koler.a a ransomware program that blocks the screen of an infected device and requests a ransom in order to unlock the device. An entire network of malicious porn sites linked to a traffic direction system that redirects the victim to different payloads targeting not only mobile devices but any other visitor.

More than a year has passed since the release of our last article on HackingTeam, the Italian company that develops a “legal” spyware tool known as Remote Control System, or short, RCS.

In 2013 phishing sites imitating social network websites were to blame for more than 35% of cases when the Anti-phishing heuristic component was triggered.

At the beginning of June we identified a new spin-off version of the Trojan. While the main version targeted Russia, 91% of those infected by the new version were in the US.

In the middle of May a unique encryption Trojan that works on Android went on sale on a virus writers’ forum. A few days later on May 18, we saw the appearance of a new mobile encryptor Trojan in the wild that we detect as Trojan-Ransom.AndroidOS.Pletor.a.

Recently Kaspersky Lab intercepted a new Trojan-Banker, it was detected as Trojan-Banker.AndroidOS.Basti.a. This android app is disguised as a normal WeChat app on the phone.

Experts recently discovered a scam antivirus app on Google Play going by the name of Virus Shield. It was followed by a series of other similar fake apps. Early last week, for instance, we detected two rather interesting fake antivirus programs.