New Malware Threats Emerge on Mobile Platforms, Studies Find
"It's a significant trend and I expect that to continue as mobile devices become more of a target," Kevin McNamee, director of the Nokia Threat Intelligence Lab, told eWEEK. The mobile infection rate "is 0.3 percent so that means 1 in about every 330 people have malware. That doesn't seem that large, but if you work it out to everyone across the planet with a mobile phone, that turns into a very large number." The initial forays into malware on mobile devices appear to copy successful PC attacks. Because ransomware attacks on computer users has paid dividends for attackers, it isn't surprising that similar attacks are being used against mobile users, Dimitry Ayrapetov, director of network security product management for Dell Sonicwall, told eWEEK. "We are starting to see malware that was pioneered on desktop PCs now jumping over to mobile phones," Ayrapetov said. While current ransomware attacks on PCs are grounded in encryption—encrypting the data on the hard drive to a key that only the attacker has—early forms of ransomware on mobile devices resembles a type of attack popular on PCs more than three years ago. Known as "locker" ransomware, the attacks use system functions to lock the device and require a payment to unlock the phone.Almost all—more than 99 percent—of attempted malware attacks targeted Android-based devices, according to Nokia's data. While Android malware accounts for the vast majority of malware on mobile devices, attackers are starting to focus more on iOS, said Nokia's McNamee. In one month during 2015, the spread of the XCodeGhost Trojan development platform caused malicious traffic from iPhones to jump to 6 percent of infections, Nokia's report stated. "So the iPhone has a little bit of a weakness in its armor," he said. Still, users who only download their apps from the official app stores are able to avoid most malware. Yet, Apple and Google's app stores only account for 2.5 million to 3.0 million apps, which means that scans such as Webroot's overemphasize the impact of less well-vetted app stores with high malware rates. Still, the malware lurking in those third-party app stores could also be a sign of the future for U.S. mobile attackers, Milbourne said. "As they get better at refining the ability to remotely break into Android devices, and iOS to some extent, that will translate to these tactics being used against the more mainstream app stores," he said. A new tactic could open the door for attackers to steal more information from mobile users. Called the overlay attack, the technique is similar to Web injection attacks, where an attacker—who has already compromised a device—overlays user interface elements on top of certain applications to trick the user into entering in information. While the attack lacks the sophistication of similar attacks that target Web browsers on PCs, the end result is nearly the same, according to IBM's Kessem. "The overlay thing is gaining a lot of popularity and a lot of people in the underground are buying it," she said.
Such attacks can be undone by a knowledgeable user. However, a well-constructed encryption-based attack leaves users only able to recover data either using backups or buying the key.