Mobile Apps The Easiest Way To Compromise Devices: Report

Quick Heal Technologies Pvt. Ltd. has released the findings from its Mobile Malware report, showing that mobile device malware has reached a new stage of evolution. The report was created by the Research and Development center of Quick Heal Technologies.

“Smartphones and other mobile devices have been a boon for users, vendors and developers but their rapid proliferation has also opened up a gold mine for malware authors. This combined with the concerns of lost and stolen devices emphasise the fact that it is about time that mobile security is taken seriously. The general notion is that security software slows down device performance and as a result is less convenient. So people neglect security and this is not an issue that is restricted to the victims alone it now engulfs almost everyone with a smartphone. Security here implies the right mixture of a robust tool to manage devices and apps and protecting the data, passwords and usernames. At Quick Heal, educating and informing our users is just as important as creating innovative security products that are simple and easy to use,” said, Sanjay Katkar, Technical Director and CTO, Quick Heal Technologies

Quick Heal’s 2012 Mobile Threats Report show an obvious peak in the growth of malware and their modifications on mobile devices, especially on the Android platform. Given below is a gist of the findings:

• Persistent increase number of malware attacks especially on the Google Android platform.

• Social engineering still remains one of the most coveted ways of spreading malware. Cyber criminals continue to use it as a convenient way of exploiting human behavior and platform vulnerabilities.

• Mobile applications have become the easiest way to compromise devices. Over 25 billion apps were downloaded from Google Play in 2012. This makes applications easy and profitable attack vehicles.

• Quick Heal database also reported an increase of 80-85 percent in mobile malware modifications or variations in 2012.

The Research and Development center of Quick Heal Technologies receives over 50000 PC and mobile malware samples daily.

Other key findings in the Mobile Device Security scenario include:

• Reported growth of 20 percent-30 percent in mobile malware in 2012 as compared to 2011.

• Malware attacks are financially motivated. What is particularly disturbing is most of the malware families are being designed to steal money from the victim.

• Trojan SMS and Trojans comprised the vast majority of mobile malware attacking the mobile devices at 37.07 percent and 21.44 percent respectively. While Rooters and adware comprised 14.26 percent and 14.12 percent of the pie.

• The malware modification samples saw a jump of almost 80 percent-85 percentin the year 2012. This implies that new types of attacks are being designed and implemented and most of them are targeted to steal money and valuable identity information that could later be sold to aggressive advertising networks or some remote servers and in some cases it intelligently uses obfuscation.

• The most common attack vehicles are fake applications. Exploits like the Android.BoxerSms disguise themselves as popular apps like Adobe Flash Player, Angry Birds Space, Google Maps, Mozilla Firefox, Need for Speed Hot Pursuit, Opera, Skype, and World of Goo.

• In addition to the rising threat of malware, consumers and enterprises remain susceptible to lost or stolen devices.

Future Of Malware

• The findings of Quick Heal’s Mobile Malware report show a consistent growth in malicious and privacy-compromising applications as cybercriminals use social engineering, toll fraud and other ways to convert infected devices into cash minting machines.

• 2013 will see an increase in Android malware proliferated through drive-by attacks and emails with the increase in Smartphone and Internet adoption increases.

• Android devices are also used to make e-payments, which is likely to increase in the coming years. This would prompt more sophisticated attacks targeted at users’ pockets through premium rate SMS Trojans or other money-stealing techniques.

• The rapid increase in malware is aggravated by the often inadequate OS patching by mobile device manufacturers and carriers.

• Mobile device browsers still have a long way to go as far as balancing usability and security is concerned. This makes mobile users about thrice as vulnerable as desktop browser users to phishing expeditions.