Mobile threats

This section of the report forms part of the Kaspersky Security Bulletin 2014 and is based on data obtained and processed using Kaspersky Security Network (KSN). Kaspersky Lab products detected and neutralized a total of 6,167,233,068 threats during the reported period.

Next year Kaspersky Lab experts anticipate high-stakes targeted cyber-attacks pinpointing the banks. We expect fraudsters will try to develop new malware that can take cash directly from ATMs. 2015 is also likely to bring even more privacy concerns, security worries about Apple devices and renewed fears about connected devices.

It took some time but they’re finally here – Brazilian cybercriminals have started to target their attacks towards mobile banking users.

Kaspersky Lab products detected and neutralized a total of 1,325,106,041 threats in the third quarter of 2014. Our solutions blocked 696,977 attacks that attempted to launch malware capable of stealing money from online banking accounts.

Recently, news appeared about an interesting attack where cybercriminals infect iPhones and Mac OSX users with a rather peculiar malware dubbed WireLurker. Yesterday, our friend Jaime Blasco from Alienvault discovered a Win32 malicious tool that appears to be related.

The developers of Gomal, a new mobile Trojan, not only achieved a new level of camouflage by adding Tic Tac Toe game to their malicious program, but also implemented interesting techniques which are new to this kind of malware.

This report aims to evaluate how widespread mobile threats are, and to alert the international IT security and law enforcement community to the problem of crime in the area of mobile communications.

This week, our virus lab handled a case where a customer received a phishing email with an Android Backdoor archive masquerading as a Kaspersky mobile security app.

On August 2, the Chinese Valentine’s Day, an Android SMS worm struck China. It is called XXshenqi.apk. In the space of six hours, it infected about 500,000 devices.

Kaspersky Lab products detected and neutralized a total of 995,534,410 threats in the second quarter of 2014. 927,568 computers running Kaspersky Lab products were attacked by banking malware. 65,118 new malicious mobile programs were detected. 2033 mobile banking Trojans were detected in this period, 1.7 times more than last quarter.

AndroidOS.Koler.a a ransomware program that blocks the screen of an infected device and requests a ransom in order to unlock the device. An entire network of malicious porn sites linked to a traffic direction system that redirects the victim to different payloads targeting not only mobile devices but any other visitor.

More than a year has passed since the release of our last article on HackingTeam, the Italian company that develops a “legal” spyware tool known as Remote Control System, or short, RCS.

In 2013 phishing sites imitating social network websites were to blame for more than 35% of cases when the Anti-phishing heuristic component was triggered.

At the beginning of June we identified a new spin-off version of the Trojan. While the main version targeted Russia, 91% of those infected by the new version were in the US.

In the middle of May a unique encryption Trojan that works on Android went on sale on a virus writers’ forum. A few days later on May 18, we saw the appearance of a new mobile encryptor Trojan in the wild that we detect as Trojan-Ransom.AndroidOS.Pletor.a.