Mobile threats

This report aims to evaluate how widespread mobile threats are, and to alert the international IT security and law enforcement community to the problem of crime in the area of mobile communications.

This week, our virus lab handled a case where a customer received a phishing email with an Android Backdoor archive masquerading as a Kaspersky mobile security app.

On August 2, the Chinese Valentine’s Day, an Android SMS worm struck China. It is called XXshenqi.apk. In the space of six hours, it infected about 500,000 devices.

Kaspersky Lab products detected and neutralized a total of 995,534,410 threats in the second quarter of 2014. 927,568 computers running Kaspersky Lab products were attacked by banking malware. 65,118 new malicious mobile programs were detected. 2033 mobile banking Trojans were detected in this period, 1.7 times more than last quarter.

AndroidOS.Koler.a a ransomware program that blocks the screen of an infected device and requests a ransom in order to unlock the device. An entire network of malicious porn sites linked to a traffic direction system that redirects the victim to different payloads targeting not only mobile devices but any other visitor.

More than a year has passed since the release of our last article on HackingTeam, the Italian company that develops a “legal” spyware tool known as Remote Control System, or short, RCS.

In 2013 phishing sites imitating social network websites were to blame for more than 35% of cases when the Anti-phishing heuristic component was triggered.

At the beginning of June we identified a new spin-off version of the Trojan. While the main version targeted Russia, 91% of those infected by the new version were in the US.

In the middle of May a unique encryption Trojan that works on Android went on sale on a virus writers’ forum. A few days later on May 18, we saw the appearance of a new mobile encryptor Trojan in the wild that we detect as Trojan-Ransom.AndroidOS.Pletor.a.

Recently Kaspersky Lab intercepted a new Trojan-Banker, it was detected as Trojan-Banker.AndroidOS.Basti.a. This android app is disguised as a normal WeChat app on the phone.

Experts recently discovered a scam antivirus app on Google Play going by the name of Virus Shield. It was followed by a series of other similar fake apps. Early last week, for instance, we detected two rather interesting fake antivirus programs.

Trojan-SMS.AndroidOS.FakeInst.ef, targets users in 66 countries, including the US. This is the first case we have found involving an active SMS Trojan in the United States.

According to KSN data, Kaspersky Lab products blocked a total of 1131000866 malicious attacks on computers and mobile devices in the first quarter of 2014.

The situation surrounding attempted mobile malware infections is constantly changing, and I’d like to write about one recent trend, Trojan-SMS.AndroidOS.Stealer.a.

So our recent discovery of Trojan-SMS.AndroidOS.Waller.a highlighted a new get-rich technique that not only sent a premium SMS but also saw the malware attempt to steal money from a QIWI electronic wallet.