Android app siege - malware epidemic strikes
Malware on Android has rocketed in 2017, with recent examples including a fake WhatsApp downloaded 1m times...
The usual trickle of app-based malware has turned into a torrent in recent days, with a host of attacks targeting a wide range of users.
One fake WhatsApp download from the official Google Play store was downloaded around one million times before being spotted. Called Update WhatsApp Messenger, it appeared to have been developed by WhatsApp Inc, but the attackers had replaced the space with a character that looked similar at first glance. The app not only ran third party ads, but also could download other software to the device, according to media reports.
Security researchers crunched the numbers and have concluded that each month in 2017 so far has seen an increase in Android device attacks. The number of malicious Android apps has risen steadily in the last four years, from just over a half million in 2013, 2.5 million in 2015 and hitting 3.5 million in 2017. The researchers from Sophos found that in September alone, more than 30 per cent of the Android malware the company had encountered was ransomware. Of the top Android malware families through 2017 so far, Rootnik was most active, making up 42 per cent of all malware, with PornClk second with 14 per cent, and finally Axent, SLocker and Dloadr rounding out the top five at 9%, 8% and 6%, respectively.
Ilia Kolochenko, CEO High-Tech Bridge explained the background to the rise: “A compromised mobile phone is even more critical than a personal computer or account on a website. Users tend to store huge amount of personal and very sensitive data on their mobile devices, including their photos, financial information, passwords for dating and health apps, access codes for the offices, and even strictly confidential data of their employers.
“A compromised mobile device can lead to irreparable harm in terms of financial and reputational damage. Users were reluctant to update their Windows XP machines fifteen years ago, now they demonstrate the same carelessness towards their mobile phones. If nothing changes – cybercriminals will skyrocket their illicit income from ransomware, blackmailing, and data theft affecting mobile phones. Continuously keeping your mobile phone up2date, avoid jailbreak (iPhone) and rooted (Android) device, prudence when installing new apps – these simple precautions can prevent 99% of attacks against your mobile crown jewels.”
Researchers from High-Tech Bridge found that a concerning 97 per cent of applications contained at least one OWASP Mobile Top Ten vulnerability, while more than 78 per cent of applications have at least one high and two medium risk vulnerabilities. Simultaneously, less than 5 per cent of applications use anti-debugging mechanisms to hinder reverse-engineering.
High-Tech Bridge recently launched a new free app testing tool called Mobile X-Ray, which can highlight vulnerabilities in the apps you use every day or enterprise apps. More than 2,000 apps have been tested to date, with a worrying 44.95 per cent having vulnerabilities in their API or web services encryption schemes.
Meanwhile, Proofpoint researchers have identified a group attacking large Austrian bank customers with a multi-step compromise plan that involves credential phishing, followed by a Trojan attack - in this case the Marcher banking Trojan.
Ingeniously, the attackers are using “.top” top-level domains (TLDs) for their phishing landing pages, having previously used “.pw”, thus creating realistic-looking login links. Proofpoint's data shows that almost 20,000 people fell for this scam alone.