Cyber blackmail becomes top malware type in 2015; Porn back as No.1 threat vector

According to the 2015 State of Mobile Malware Report from Blue Coat Systems, cyber blackmail (mobile ransomware attacks) leads the way as a top malware type in 2015, along with the stealthy insertion of spyware on devices that allows attackers to profile behavior and online habits.

The new report, which describes the latest trends and vulnerabilities in mobile malware, highlighted that pornography returned as the number one threat vector after dropping to number two last year. Porn isn’t just back on top—it’s bigger than ever—jumping from 16.55 percent in 2014 to over 36 percent this year. That is, when we see a mobile user’s traffic heading to a malicious site, 36 percent of the time that user is following a link from a porn site. To put this in some perspective: when porn led the pack in the 2013 report, it was with a market share of just 22.16 percent.

WebAds dropped from almost 20 percent last year (2014) to less than five percent this year. These include both malvertising attacks and sites that host Trojan horse apps designed to appeal to porn site visitors. Blue Coat has also tracked and defined suspicious WebAd networks that are heavily involved in malware, scams, Potentially Unwanted Software (PUS), and other shady activities.

The three top types of malware in this year’s report are Ransomware, Potentially Unwanted Software (PUS), and Information Leakage.

The world of mobile ransomware has grown dramatically over the past year. While some varieties that run on Android devices cause little damage beyond convincing victims to pay the cyber hostage-taker, many have adopted more sophisticated approaches common to ransomware in the Windows environment. With the increased performance capabilities of modern smartphones, it was only a matter of time before more advanced cryptographic ransomware, such as SimpleLocker, started showing up on mobile devices. These threats render music files, photographs, videos, and other document types unreadable—while typically demanding an untraceable form of payment such as Bitcoin—and employing a strict time limit for payment before the files become permanently inaccessible to the owner.

Potentially Unwanted Software – Generally, this class of program exhibits behavior typical of “adware” or “spyware”—spying on users’ on-line activity and personal data—or serving extra ads. Blue Coat researchers have seen a major shift in the volume of such software in the traditional malware space—and this is also true of the mobile space—as the number of junk mobile apps hosted on sites the researchers classify in this category has been rising steadily. This type of mobile app, notable for its dubious utility, frequently finds its way onto a mobile device through the use of deceptive advertising, or other social engineering attacks designed to deceive the victim into installing the unwanted program.

Information Leakage: Most people are unaware that apps on their mobile device may be watching them—and reporting out—on a 24x7x365 basis. This information leakage is usually a minor drip, showing the version of their phone’s operating system, the manufacturer, the specific app or browser being used, and similar information. Complicating matters is the fact that there are typically no included system tools available for users to see or know what data is going out of their devices. Whether on an Android or iOS device, leaky data is often openly revealed in the “User Agent” string. 

With no signs of slowing down, the market for mobile devices is booming. Anticipating that millions more of these devices will hit the street in the coming years, Blue Coat makes the following observations and predictions about the future of this trend.

Mobile payment systems are set to grow, and services including contactless payment methods will incorporate additional security features, such as biometrics or two-factor authentication.

There are already too many mobile devices vulnerable to a host of threats in use. These devices will almost certainly not receive needed OS updates, and that will drive a market in security solutions that can support both traditional PC and mobile platforms, the report added.

Mobile carriers and handset makers are already working on plans to fast-track critical OTA updates to vulnerable devices, but the work is slow and it may be some time before this segment of the mobile market matures.