Mobile threats

AndroidOS.Koler.a a ransomware program that blocks the screen of an infected device and requests a ransom in order to unlock the device. An entire network of malicious porn sites linked to a traffic direction system that redirects the victim to different payloads targeting not only mobile devices but any other visitor.

More than a year has passed since the release of our last article on HackingTeam, the Italian company that develops a “legal” spyware tool known as Remote Control System, or short, RCS.

In 2013 phishing sites imitating social network websites were to blame for more than 35% of cases when the Anti-phishing heuristic component was triggered.

At the beginning of June we identified a new spin-off version of the Trojan. While the main version targeted Russia, 91% of those infected by the new version were in the US.

In the middle of May a unique encryption Trojan that works on Android went on sale on a virus writers’ forum. A few days later on May 18, we saw the appearance of a new mobile encryptor Trojan in the wild that we detect as Trojan-Ransom.AndroidOS.Pletor.a.

Recently Kaspersky Lab intercepted a new Trojan-Banker, it was detected as Trojan-Banker.AndroidOS.Basti.a. This android app is disguised as a normal WeChat app on the phone.

Experts recently discovered a scam antivirus app on Google Play going by the name of Virus Shield. It was followed by a series of other similar fake apps. Early last week, for instance, we detected two rather interesting fake antivirus programs.

Trojan-SMS.AndroidOS.FakeInst.ef, targets users in 66 countries, including the US. This is the first case we have found involving an active SMS Trojan in the United States.

According to KSN data, Kaspersky Lab products blocked a total of 1131000866 malicious attacks on computers and mobile devices in the first quarter of 2014.

The situation surrounding attempted mobile malware infections is constantly changing, and I’d like to write about one recent trend, Trojan-SMS.AndroidOS.Stealer.a.

So our recent discovery of Trojan-SMS.AndroidOS.Waller.a highlighted a new get-rich technique that not only sent a premium SMS but also saw the malware attempt to steal money from a QIWI electronic wallet.

This year’s party reported on cases where smartphone distribution channels pre-install malware into Android mobiles before selling them on to unwitting customers.

Now, yet another technique from Windows Trojans has been implemented in malware for Android: for the first time we have detected an Android Trojan that uses a domain in the .onion pseudo zone as a C&C.

The mobile malware sector is growing rapidly both technologically and structurally. It is safe to say that today’s cybercriminal is no longer a lone hacker but part of a serious business operation.

The Olympic Games are a huge event. And scammers are obviously going to try and exploit the interest they generate.