Android Phones Face New Malware Threat: Survey

by Press Release    Jan 25, 2016



Press Release

Kaspersky Lab’s Anti-Malware Research team has discovered Asacub – a new malware that targets Android users for financial gain. When first identified, Asacub displayed all the signs of an information stealing malware; however some versions of the Trojan are targeting users of online banking in Russia, Ukraine and the US.

With millions of people worldwide using their smartphones to pay for goods and services, 2015 saw cybercriminals exploit this by focusing their efforts on developing malicious financial programs for mobile devices. For the first time, a mobile banking Trojan entered the Top-10 most prevalent malicious programs targeting finances. The Asacub Trojan is yet another example of this worrying trend.

The first version of the Asacub Trojan, discovered in June 2015, was capable of stealing the contact lists, browser history, list of installed apps, sending SMS messages to given numbers and also blocking the screen of an infected device – all standard functions for a typical information stealing Trojan.

However, in autumn 2015 Kaspersky Lab’s experts discovered several new versions of the Asacub Trojan which confirmed its transformation into a tool for stealing money, with the new version equipped with phishing pages mimicking log-in pages of banking applications. At first it looked like Asacub was targeting only Russian-speaking users, because the modifications contained fake log-in pages of Russian and Ukrainian banks. But after further investigation, Kaspersky Lab’s experts found a modification with fake pages of a large US bank. These new versions also contained a new set of functions including call redirection and sending USSD requests (a special service for interactive non-voice and non-SMS communications between the user and cellular provider), which made Asacub a very powerful tool for financial fraud.

Although Kaspersky Lab has been aware of several different versions of the Trojan for some time, the company’s threat detection systems found almost no sign of active Asacub campaigns until the end of 2015. Within just one week, Kaspersky Lab identified more than 6,500 attempts to infect users with the malware making it one of the 5 most popular mobile Trojans of that week, and the most popular Trojan-Banker.

“When analyzing this Trojan, we found that the Asacub malware has connections to criminals with links to a Windows-based spyware called CoreBot. The domain used by Asacub’s Command&Control center is registered to the same person as tens of domains that were used by Corebot. It is therefore highly likely that these two types of malware are being developed or used by the same gang, who see huge value and criminal gain in exploiting mobile banking users. Based on current trends, we can assume that in 2016, the development and prevalence of mobile banking malware will continue to grow and account for an even greater share of malware attacks. Users need to be extra vigilant to ensure they don’t become the next victim”, warns Roman Unuchek Senior Malware Analyst at Kaspersky Lab USA.

Security Predictions for Android Devices by Cheetah Mobiles 

Meanwhile, Cheetah Mobile, the world’s leading mobile utility provider committed to providing a safer, faster and simpler mobile internet experience, today announced findings from its latest global mobile security report focused on Android devices.

The report details the growth of viruses, phishing sites, malwares, infected devices across major markets (including India), data leakages, and rounds out with security predictions for 2016. The Company’s annual security report is cumulative data based on 567 million global monthly active users and an overall install base of almost two billion users using Cheetah Mobile’s utility applications on their devices.

In summary, the key trends in mobile security for 2015 were:

· Android viruses rose sharply

o   The number of Android viruses exceeded 9.5million, which is larger than twice the total number in the past three years. Compared with 2014’s 2.8million, the growth rate of 2015 is over 22%.

· Root Trojans soared in 2015

o   As it gains system-level privilege, Root Trojans can take complete control of the device and are very hard to remove. A Trojan horse or Trojan is a type of malware that is often disguised as legitimate software. Trojans can be employed by cyber-thieves and hackers trying to gain access to users’ systems. Users are typically tricked by some form of social engineering into loading and executing Trojans on their systems. The manner in which they behave differs – some hides in users’ mobile devices to steal text messages, contact information, location data, and even personal photos. Others, like Ghost Push, obtains root access to the affected device and installs more malicious apps and a never ending stream of ads.

·   Mobile payments have been targeted by viruses

o   With the popularization of mobile payment, the number of malwares targeting mobile banking has increased rapidly.

· Data leakage caused great damage

o   Thousands of companies and hundreds of millions of users have been affected by information leaks in 2015.

·  Android vulnerabilities emerge one after another

o   From the Stage fright vulnerability which affected 95% Android devices to the wormhole compromising millions, it seemed like Android vulnerabilities would never end.

China, India and Indonesia were the three most severely afflicted countries. Apart from large Android user bases, another reason of these countries becoming the worst-hit ones is that third-party app markets are prevailing in these areas, and most of these third-party app markets have been contaminated by malwares due to the weak monitoring of third-party app markets.

 Mobile Security Predictions for 2016

· New security features in Android 5.0 Lollipop and its successors are expected to make Android phones more secure.

·  As Google Play is available in China, Chinese app markets are expected to become more standardized and secure.

· More effective steps will be taken by Google to enhance Android security in 2016.

· Globally, mobile payment methods will be attacked more frequently.