SlideShare une entreprise Scribd logo

Mobile threat report_q3_2013

Комсс Файквэе
Комсс Файквэе

Mobile threat report_q3_2013

Technologie
1  sur  16
Télécharger pour lire hors ligne
MOBILE THREAT REPORT July-September 2013
F-Secure Labs At the F-Secure Response Labs in Helsinki, Finland, and Kuala Lumpur, Malaysia, security experts work around the clock to ensure our customers are protected from the latest online threats. At any given moment, F-Secure Response Labs staff are on top of the worldwide security situation, ensuring that sudden virus and malware outbreaks are dealt with promptly and effectively. Protection around the clock Response Labs’ work is assisted by a host of automatic systems that track worldwide threat occurrences in real time, collecting and analyzing hundreds of thousands of data samples per day. Criminals who make use of virus and malware to profit from these attacks are constantly at work on new threats. This situation demands around the clock vigilance on our part to ensure that our customers are protected.
contents contents3 Mobile Threat Landscape Mobile Malware Statistics, Q3 2013 Threats Highlights 4 6 7 Threats Highlights 8 Android Malware Statistics 12 recommendations: PROTECTING against mobile malware 13 Methodology14 Sources15 Mobile Threat Report Q3 2013 3
Mobile Threat Landscape In the mobile threat landscape, malware authors continue to concentrate on the Android platform. This should not come as a surprise considering that Android holds 79.3% of the total market share[1] in mobile phones and tablet devices. Out of the 259 new threat families and new variants of existing families discovered in Q3 2013, 252 were Android threats while the other 7 were Symbian (Figure 1, page 5). No malware has been yet to be recorded in 2013 on the other platforms (Blackberry, iOS, Windows Phone). The majority of these threats fall under the ‘malicious program’ or Malware category, with trojans making up the largest percentage of the samples (Figure 2, page 6). The rest are deemed as ‘potentially unwanted applications’ or PUA, where the program may be considered undesirable or intrusive if used in a questionable manner, or may inadvertently introduce privacy or security risks. Based on the statistics recorded by our internal systems and telemetry data, another trend we’ve seen this quarter is the increasing growth of profit-motivated threats (Figure 3, page 6), which typically make monetary profit by sending premium-rate SMS messages from infected devices, without the users consent. This rise could be attributed to the continued growth in large SMS-sending trojan families such as FakeInst, OpFake, PremiumSms and SmsSend, whose developers keep churning out new variants each quarter. “The majority of these threats fall under the ‘malicious program’ or Malware category, with trojans making up the largest percentage...” developments this quarter Identifying Pincer’s creator In early April this year, we reported on Pincer[2], an Android malware that connects to a command-and-control or CC server (Figure 4, page 6) and serves one component of a system used to defeat two-factor authentication for online banking transactions. In August, security researcher Brian Krebs reportedly tracked down and identified the author of this trojan as a programmer in a Russian app development company, who had apparently create Pincer for an unidentified client as a freelance side project[3]. Creating malware gets easier In Q1 2013, we reported on the Perkele toolkit used to generate Android trojans for monitoring and forwarding SMS messages containing mTANs[4,5]. In July, there were reports of a new toolkit (aka ‘binders’) that simplifies the process of inserting malicious code into legitimate Android apps. The binder, named ‘Androrat APK binder,’ is used to insert an existing remote access tool (RAT) known as AndroRAT, into a ‘carrier’ app, trojanizing it[6]. Once the carrier app is installed onto a device, the implanted AndroRAT allows an attacker to remotely control it and among other things, monitor and make calls and messages, activate the camera and microphone, and access stored files. “Masterkey” vulnerability In July, security researchers publicly announced the discovery of a vulnerability in cryptographic signature verification for Android apps that, if exploited, would allow Mobile Threat Report Q3 2013 4
an attacker to modify a legitimate app’s code without affecting its cryptographic signature[7] — essentially keeping the tampering from being detected during verification. Shortly after the announcement, researchers were able to find samples of such modified apps being distributed[8,9]. A few days later, Chinese security researchers announced discovery of a similar vulnerability, though in this case the issue revolved around how the verification process handled a mismatch between signed and unsigned integers. Google was reportedly notified of the ‘Masterkey’ issue earlier in the year, and at the time of the announcement had fixed the issue in the Android open source codebase[10]. Patches for the subsequent ‘signed integer verification’ vulnerability were also released shortly after the announcement. Users would however still need to wait for a firmware update from their device manufacturer in order to receive the patched code. In the meantime, basic security precautions are generally sufficient to avoid encountering. Android and Symbian NEWs “... attackers can simply bypass the store’s builtin security by using advertisement modules as the attack vector to lure users onto external sites ...” Android When Google introduced security measures to the Google Play app store, it helped to keep malicious apps out of the store but it doesn’t entirely eradicate the risks. For instance, the measures are ineffective in blocking malicious advertisements in apps as in the case of FakeDefender, attackers can simply bypass the store’s built-in security by using advertisement modules as the attack vector to lure users onto external sites where they can be scammed or infected. More details on page 9 Besides, some threats are beyond the scope of Google Play’s security measures, as is the case with the Masterkey exploit. Because of a security hole (referred to in the press as the ‘Masterkey’ vulnerability) in the Android operating system, malicious programs could still sneak into the store while hiding inside legitimate applications. Symbian While Android has been soaring high, Symbian is suffering the opposite fate. Its ecosystem is being driven down and the growing pressure from the recently announced Nokia Devices Services acquisition by Microsoft is no doubt speeding up the process. On 4th October 2013, Nokia Developer News blog announced that developers will no longer be able to publish new content or update existing content on the Nokia Store, beginning on 1st January 2014[11]. The Symbian Signed program will also come to an end on the same date. Since all Symbian 3rd Edition and later versions require that applications be signed, no one can publish new versions of their installation files after January 2014. As of this moment, there is no explicit public statement on what is going to happen to express signing or other third party signing services. If they are also not available, it really means the end of life for Symbian. Sources: See page 15 Mobile Threat Report Q3 2013 More details on page 8 new mobile threat families and variants, q1-q3 2013 300 252 205 200 153 100 13 0 3 0 Q1 2013 Q2 2013 Android Symbian 7 0 Q3 2013 Others (Blackberry, iOS, Windows Phone) Figure 1: New families and new variants of existing families discovered on different platforms from Q1 to Q3 2013. 5
Mobile Malware Statistics, Q3 2013 mobile threats by Type, q3 2013 Application, 2.3% Exploit, 0.4% Hack-Tool, 0.4% Monitoring-Tool, 1.9% Riskware, 1.9% Spyware, 0.4% 4+1+37925z Trojan-Spy, 2.7% Trojan-Dropper, 0.4% Trojan-Downloader, 1.6% Figure 2: New mobile threats families and variants discovered in Q3 2013, broken down into types. 259 Trojan, 88.0% families + variants NOTE: No new adware families or variants were discovered in Q3 2013; new families or variants of other PUA types (e.g., Spyware, Riskware) were recorded during this same period. mobile threats motivated by profit, q3 2013 Not profit-motivated 18.9% 81+19+z Profit-motivated 204/210 Android Symbian Android Symbian 6/210 Not profit-motivated 48/49 1/49 Figure 3: Comparison between new threats discovered in Q3 2013 that are profit-motivated versus non-profit-motivated ones. Profit-motivated 81.1% mobile threats That are bots, q3 2013 20+80+z 80+20+z 19.7% yes 51/259 80.3% No 208/259 Android 51/51 Android 201/208 Symbian 0/51 Symbian 7/208 Mobile Threat Report Q3 2013 Figure 4: Comparison between new threats discovered in Q3 2013 that connected to CC servers versus those that did not. 6
Threats Highlights The state of mobile malware is becoming more interesting as mobile phones and tablets become the preferred media consumption device for most users. The current trend for malware development has been to follow and target the most widely used operating system or platform. 90 +10+G One critical factor driving mobile malware development has been the growing use of mobile devices as a security check, usually as a form of secondary or two-factor authentication for user credentials or online transactions. The most common manifestation of this is the mTAN (mobile Transaction Authentication Number) authentication used by during online banking transactions by some banks as an added extra level of security. Malware authors are currently mobile banking trojans by percentage, able to circumvent this extra based on protection network count level of protection by creating a mobile program or application that explicitly intercepts the SMS SMSSpy*, messages used to validate these 90 transactions - thus the birth of FakeKRBank, 5 mobile Banking Trojans. The most common of these are still just a component of a more complex system, as they must function in tandem with a separate desktop-based banking malware that does the actual monetary theft. Interestingly, though mobile banking trojans still form a relatively small chunk of the overall count in our mobile malware sample collection, we do see a growing trend in the number of banking trojans. % Others, 10 More generally, another trend to highlight for this quarter is the further evolution of Android malware in terms of complexity and environment. An example is the evolution of a simple premium-SMS sending app that has developed its own ‘ecosystem’ on evolving into an SDK that supports an affiliated premium subscription number, somewhat like the way legitimate advertising modules are associated with affiliated ad networks - but nastier. As an SDK, it can be easily integrated into an app. The change means that two things can happen - it can be used solely for its ‘traditional’ premiumSMS subscribing routine, or the SDK can be unwittingly used by legitimate developers unaware of the impact of its behavior. Following the steps of previously reported malware Badnews, this quarter this was seen in SxJolly.A. Though not new, Obad.A also showed more development this quarter with regards to its ecosystem. Classic Trojan-clicker behavior, more commonly seen in PC malware, reappeared in Uten.A, though the same principles were already seen in Adrd.A[1] in 2011. Delving further into specific malware, the public disclosure of the ‘Masterkey’ vulnerability this quarter showed the most potential for use in real malware, and sure enough was quickly followed by the discovery of in-the-wild malware exploiting this loophole. On the Symbian front, the only new threat of note was Kleaq.A - though even then, its malicious routines are not unusual for Symbian malware. And finally, in terms of spying-malware, the most notable development was Tramp.A’s utilization of the Google Cloud Messaging (GCM). Mobile Threat Report Q3 2013 FakeToken, 2 Spitmo, 2 Citmo, 0.6 { 0.4 PerkeSecuApp, Pincer, SmsBankSteal, Zitmo *SMSSpy SMSSply differs from other malware families in that it doesn’t contain variants ‘descended’ from a single identifiable code. Instead, SMSSpy groups mobile threats that share specific similarities in behavior related to SMS message monitoring. This may include threats that could also be identified as belonging to other families, such as Stels, Pincer or Zitmo. Sources: See page 15 7
Count of known unique samples* The count of unique samples for a particular variant of family found in our file collections. This number is used to provide a meaningful idea of how large a given malware family may be. Threats Highlights Protection Network Count** The number of the times a client installation of F-Secure’s Mobile Security reported blocking an attempt to install malware onto the protected device to our cloud-based telemetry systems during Q3 2013. Exploit:Android/Masterkey.A Count of known unique samples*: 101 Distribution Seen in third-party app markets targeting Chinese users. Summary This malware takes advantage of the Masterkey vulnerability in Android, which allows attackers to make changes to an app’s code without affecting the cryptographic signature used to check the legitimacy of an app. Protection Network Count** 3 July Bluebox Security publicly discloses Masterkey vulnerability [2] February Bluebox Security responsibly discloses Masterkey vulnerability to Google 13 9 10 July Similar vulnerability related to verification of signed integers found by Chinese security researchers [3] JULY 10 July Proof-of-Concept (POC) Masterkey sample received 5 1 August Masterkey vulnerability presented at BlackHat conference [4] Jul August 26 july Our Protection Network identifies a POC Masterkey exploit app circulating, disguised as a mobile banking app 11 July Proof-of-Concept (POC) for signed integer verification sample received 11 July Non-POC, non-malicious Masterkey sample encountered. App code altered to display a message onscreen and include cheat cods in configuration files AUG Sep September 7 August 30 apps found on thirdparty app market in China containing Masterkey exploit, including one banking app. On installation, apps will contact remote server for commands Sources: See page 15
Trojan:Android/FakeDefender.A Count of known unique samples*: 34 Distribution Seen advertised in third-party advertisements displayed on mobile devices. Protection Network Count** Summary Similar to rogue anti-spyware programs found on PCs, FakeDefender is a rogue anti-spyware program for the mobile device. The program does not provide the scanning or malware removal functionalities as claimed. 4 Jul 5 AUG 8 Sep Trojan:Android/Obad.A Count of known unique samples*: 14 Protection Network Count** 16 10 3 Jul AUG Sep Distribution Obad variants were observed being advertised on a malicious website while browsing on an Android device, and is likely to arrive on a client’s device via a mobile drive-by-download. Summary Once installed on the device, Obad variants gain administrator privileges and uses an exploit to break through the Android operating system’s security layer. Obad collects and sends the following details about the device to a remote CC server: the Media Access Control (MAC) address and IMEI, the operator name, the time and root access. The CC server is also able to issue commands to the installed application, including to send SMS messages, make the device act as a proxy or a remote shell, launch a URL in the mobile browser, download and install additional components, get the Contact list as well as further details of a specific installed app and send a file via Bluetooth. Trojan:Android/SxJolly.A Count of known unique samples*: 19 Protection Network Count** Distribution Seen in third-party app markets targeting Russian users. Summary A Bot capable of receiving commands to send SMS messages or subscribe the device to a premium-SMS service, and change or update its CC server. 10 9 0 Jul AUG Sep
Trojan:Android/Tramp.A Protection Network Count** Count of known unique samples: 31 Distribution Unknown Summary Generally this malware monitors the user’s SMS messages and steals the following details from user’s phone: phone numbers, carrier and SMS. An interesting aspect of this malware is that it can receive the following commands through Google Cloud Messaging (GCM): • • • • • 0 0 Jul AUG 4 Sep Send message Block call Get current location Observe Contact The Tramp sample we analyzed was also equipped with the androidvncserver native binary. Though this particular sample did not utilize the binary, it does raise the possibility that they could later add commands to execute files, especially as the VNC server would give an attacker full control over the phone. This VNC server application is publicly shared at http://code.google.com/p/android-vnc-server/. The other interesting thing is that the malware doesn’t create any shortcut to the application, so the presence of the app on the device is very difficult to spot. It most likely waits for device reboot or an SMS before it activates and runs its routines. Trojan:Android/Uten.A Protection Network Count** 61 Count of known unique samples: 192 Distribution This malware is a repackaged and trojanized app based on a game available in Google Play and believed to be spread in various third party app markets. Summary The malware disguises itself as “Umeng” SDK library, a mobile analytic platform used by developers. The original application that was trojanized to create this appears to be a legitimate gaming app available on the official Google Play Market. 0 0 Jul AUG Upon installation of this malware, affected devices are silently subscribed to a premium-SMS service, then SMS messages are sent to the service. Uten is also capable of intercepting SMS originating from certain numbers to avert user suspicion. It also performs click-fraud by emulating the user clicking on certain advertisements in the background – all at the expense of the user’s precious bandwidth. Sep
Trojan:SymbOS/Kleaq.A Distribution Unknown Summary This malware’s installation package contains two executables, one of which is responsible for downloading and installing the real payload silently, while the other executable kills any uninstallation attempts by terminating relevant processes. Typically, the kill list also includes some anti-virus vendors’ processes and network connection status indicators.
Android Malware Statistics Total malware Count Against TOTAL detection count for Android Threats, 2012-2013 Total detection Total malware 100,000 3579112459 1+5+9+16+18+26+41+100 75,000 50,000 39+61+B Android Threats by Category, Q3 2013 1-10-2013 1-7-2013 1-4-2013 1-1-2013 1-10-2012 1-7-2012 1-4-2012 1-1-2012 25,000 Top-15 Android malware received and identified in Q3 2013 Detection count 15,853 Trojan:Android/OpFake 11,319 Suspicious:Android/Malware 7,245 Trojan:Android/SmsSend 7,062 Trojan:Android/Vdloader 4,111 Trojan:Android/Boxer 2,590 Trojan-Downloader:Android/Boqx 2,210 Trojan:Android/SmsSpy 2,099 Suspicious:Android/GinMaster 1,857 Trojan:Android/Downloader 1,734 1,709 789 Trojan:Android/Temai 657 Trojan:Android/FakeNotify Mobile Threat Report Q3 2013 Trojan:Android/GinMaster Trojan:Android/Vidro malware PUA 90,252 Trojan:Android/Mseg 61% 39% Trojan:Android/FakeInst 558 12
recommendations: Protecting against mobile malware Securing the device Today most people have their email accounts (personal and/ or work) and other critical services on their mobile devices. This convenience also means that if your device is lost or stolen, your losses could involve more than just the physical device. And despite concern about online-based attacks, the easiest way for malware to get on a device is still for someone to manually install it while the device is in their possession. In other words, protect your device’s physical security first. 1. Lock the device Locking your device prevents anyone else from meddling with its settings and installing an app (such as a monitoring-tool or spyware) while it is out of your possession. For the lock to be effective, make sure the password/passcode/pattern is unique, and preferably memorable for you without being easy for someone else to guess. 2. Set up anti-theft protection Anti-theft protection typically provides you the ability to remotely wipe the data on your phone, including on any memory cards installed, if you decide your phone is irretrievable. Some anti-theft solutions also include features such as location mapping or sounding the alarm, to help when attempting to locate the device. Blocking unwanted services Lucrative profit-generating mechanisms for mobile malware are to silently send premium rate SMS messages, subscribe the user to continuous premium services, or to force the device to call premium-rate numbers. Blocking premium calls or messages is one way to minimize financial losses, even if malware does get installed. This also provides protection against non-malware billing fraud by “operators” who silently subscribe users to premium services and forward billing requests to the user’s mobile operator, hoping to have the charges quietly added to the user’s bill. 3. Set up call or message barring Most operators allow users to set up a call or SMS barring service to block the device from sending unwanted calls or messages. Also known as ‘premium-rate blocking’, this is particularly useful for parents who want to prevent their children’s devices from inadvertently incurring unnecessary charges. To set up this service, contact your phone operator for more details. Some services also provide a PIN number or other method that allows the user to selectively remove the barring, if they desire. Sources: See page 15 When dowloading apps Once your device’s physical security has been addressed, you can also take the following steps when downloading an app. 4.Download apps only from the Play Store By default, Android devices block installation of apps from any source other than the Play Store. You can check to make sure your device only allows Play Store apps by looking in Setting Applications Unknown sources. If the checkbox is checked, non-Play Store apps can be installed. Uncheck this. 5. Check the apps’ permission requests Whether you’re downloading from the Play Store or other sources, make sure to read the app’s list of requested permissions (the ones that typically raise eyebrows due to security or privacy concerns are listed below right). If the permissions • Services that cost you money requested seem excessive • Make phone calls or unrelated to the app’s • Send SMS or MMS purpose—for example, a • Your location casual game asks to send • Your personal information SMS messages—you can check the developer’s references for more details, as reputable developers usually explain why the permissions are needed. If the use appears justified to you, then you may elect to download the app. Incidentally, apps such as PocketPermissions, LBE Privacy or PermissionDog can be useful guides for explaining the sometimes-obscure permissions. Some also include features to restrict permissions used by installed apps, though such functionality is often intended for advanced users. 6. Scan apps with a mobile antivirus Once downloaded onto your device, use a reputable mobile antivirus to scan the app. You can think of this as a check on the app’s ‘silent’ behavior—permissable actions that are implied in the app’s permissions list (for example, sending the device’s details to a remote server) but may cause users concern. If the verdict from the mobile antivirus is acceptable to you, then you can proceed to install the app. While online As websites have evolved to cater for visitors browsing from mobile devices, we’ve also seen malicious sites follow suit[1]. 7. Use web browsing protection To avoid stumbling onto a malicious site while surfing on a mobile device, use web browsing protection (available from most antivirus solutions) to block known harmful sites.
Methodology This report is based on mobile application data gathered during the period of 1st July to 31st september 2013 from a variety of sources including, among others, the official Android Play Store and Apple App Store, third-party app markets and anonymized data from F-Secure Mobile Security customers. The collected samples and data are scanned by multiple internal analysis systems, as well in-depth investigation as by F-Secure Labs’ Threat Research analysts. Categorizing Mobile Threats F-Secure Labs classifies mobile threats into two Categories based on their potential for damaging the user’s device or data: Malware and Potentially Unwanted Application (PUA). The programs can be further divided into Types based on their behavior. The following list provides a brief summary of the criteria used classify mobile threats: MALWARE A mobile application that performs actions which pose a significant security risk to the user’s system and/or information. Such applications are by default blocked from installation. Backdoor Trojan A program that deliberately performs harmful actions such as stealing data, hijacking device resources, interfering with the user’s control of the device, etc. Beneficial functionality, if any exists, is intended as a decoy or distraction to draw attention away from the malicious payload. Trojans may be further subdivided by the type of action they take — trojandownloader, trojan-dropper, trojan-spy, etc. Worm PUA A program that provides unauthorized remote access to the device. A program that creates exact or similar standalone copies of itself. The copies can be on the device and/or connected or removable media. A notable subset of worms send copies of themselves over a Bluetooth connection, i.e., Bluetooth-worm. An application or component that may be considered undesirable or intrusive by a user if used in a questionable manner, or may inadvertently introduce privacy or security risks. If the user is aware of and accepts the implied risk(s), they may elect to install and use the application. Spyware Trackware A program that gathers data that could be used to identify a user or a device to a third party, for example, an app that provides device location services as theft protection. Adware Mobile Threat Report Q3 2013 A program that collects data about the user’s behavior patterns, such as Web browsing history and site preferences, and stores the data locally or remotely. A mobile application with an advertisement display functionality that potentially exposes the user to privacy or security risks as well as exhibiting aggressive advertisement behaviors. Privacy concerns involve the collection or leakage of user’s or device’s personal information such as location, behavior, International Mobile Equipment Identity (IMEI) number, contacts, etc. Aggressive behavior includes changing device settings such as adding home screen shortcuts, browser bookmarks, or icons on the user’s device for advertising purposes. Security concerns involve exposure and/or redirection to unsolicited, unverified or questionable applications, websites or contents. 14
Sources Mobile Threat Landscape (page 4-5) International Data Corporation; Apple Cedes Market Share in Smartphone Operating System Market as Android Surges and Windows Phone Gains, According to IDC; published 7 August 2013; http://www.idc.com/getdoc.jsp?containerId=prUS24257413 2. F-Secure Weblog; Sean Sullivan; Trojan:Android/Pincer.A; published 5 April 2013; http://www.f-secure.com/weblog/archives/00002538.html 3. Krebs on Security; Brian Krebs; Who Wrote the Pincer Android Trojan?; published 27 August 2013; http://krebsonsecurity.com/2013/08/who-wrote-the-pincer-android-trojan/ 4. F-Secure Weblog; Sean Sullivan; Mobile Bot “Perkele Lite” [Android Only]; published 7 March 2013; http://www.f-secure.com/weblog/archives/00002519.html 5. Krebs on Security; Brian Krebs; A Closer Look: Perkele Android Malware Kit; published 19 August 2013; http://krebsonsecurity.com/2013/08/a-closer-look-perkele-android-malware-kit/ 6. Symantec; Andrea Lelli; Remote Access Tool Takes Aim with Android APK Binder; published 16 July 2013; http://www.symantec.com/connect/blogs/remote-access-tool-takes-aim-android-apk-binder 7. Symantec; First Malicious Use of ‘Master Key’ Android Vulnerability Discovered; published 23 July 2013; http://www.symantec.com/connect/blogs/first-malicious-use-master-key-android-vulnerability-discovered 8. Naked Security; Paul Ducklin; Android “Master Key” vulnerability - more malware exploits code verification bypass; published 9 August 2013; http://nakedsecurity.sophos.com/2013/08/09/android-master-key-vulnerability-more-malware-found-exploiting-code-verification-bypass/ 9. InfoSecurity; More Exploits for Android ‘MasterKey’ Vulnerability Turn Up in the Wild; published 9 August 2013; http://www.infosecurity-magazine.com/view/33941/more-exploits-for-android-masterkey-vulnerability-turn-up-in-the-wild/ 10. Threat Post; Dennis Fisher; Jeff Forristal on the Android Master-Key Vulnerability; published 5 August 2013; http://threatpost.com/jeff-forristal-on-the-android-master-key-vulnerability-2/101587 11. Nokia Developer News; Fred Patton; Changes to supported content types in the Nokia Store; published 4 October 2013; http://developer.nokia.com/Blogs/News/blog/2013/10/04/changes-to-supported-content-types-in-the-nokia-store/ 1. Threats Highlights (page 7-11) 1. 2. 3. 4. F-Secure Weblog, Trojan:Android/Adrd.A, published 16 February 2011; http://www.f-secure.com/weblog/archives/00002100.html Bluebox Security, Jeff Forristal; Uncovering Android master key that makes 99% of devices vulnerable, published 3 July 2013; http://bluebox.com/corporate-blog/bluebox-uncovers-android-master-key/ Sina blog, Android security squad discovered new vulnerabilities, published 10 July 2013; http://blog.sina.com.cn/s/blog_be6dacae0101bksm.html BlackHat, Android: One root to own them all, published 1 August 2013; https://www.blackhat.com/us-13/archives.html#Forristal Recommendations: Protecting against mobile malware (page 13) 1. F-Secure Weblog, Sean Sullivan; Post-PC Attack Site: Only Interested in Smartphones/Tablets, published 19 June 2013; http://www.f-secure.com/weblog/archives/00002569.html Mobile Threat Report Q3 2013 15
Protecting the Irreplaceable F-Secure proprietary materials. © F-Secure Corporation 2013. All rights reserved. F-Secure and F-Secure symbols are registered trademarks of F-Secure Corporation and F-Secure names and symbols/ logos are either trademark or registered trademark of F-Secure Corporation.

Recommandé

Rp quarterly-threat-q3-2013
Rp quarterly-threat-q3-2013Rp quarterly-threat-q3-2013
Rp quarterly-threat-q3-2013
Комсс Файквэе
 
Ey giss-under-cyber-attack
Ey giss-under-cyber-attackEy giss-under-cyber-attack
Ey giss-under-cyber-attack
Комсс Файквэе
 
Grift horse money stealing trojan takes 10m android users for a ride
Grift horse money stealing trojan takes 10m android users for a rideGrift horse money stealing trojan takes 10m android users for a ride
Grift horse money stealing trojan takes 10m android users for a ride
Roen Branham
 
Istr number 23 internet security threat repor 2018 symantec
Istr number 23 internet security threat repor 2018 symantecIstr number 23 internet security threat repor 2018 symantec
Istr number 23 internet security threat repor 2018 symantec
Soluciona Facil
 
Enabling a Zero Trust strategy for SMS
Enabling a Zero Trust strategy for SMSEnabling a Zero Trust strategy for SMS
Enabling a Zero Trust strategy for SMS
Paul Walsh
 
ISTR Internet Security Threat Report 2019
ISTR Internet Security Threat Report 2019ISTR Internet Security Threat Report 2019
ISTR Internet Security Threat Report 2019
- Mark - Fullbright
 
Digital Threat Landscape
Digital Threat LandscapeDigital Threat Landscape
Digital Threat Landscape
Quick Heal Technologies Ltd.
 
ISTR Volume 18
ISTR Volume 18ISTR Volume 18
ISTR Volume 18
Symantec
 

Recommandé

Rp quarterly-threat-q3-2013
Rp quarterly-threat-q3-2013Rp quarterly-threat-q3-2013
Rp quarterly-threat-q3-2013
Комсс Файквэе
 
Ey giss-under-cyber-attack
Ey giss-under-cyber-attackEy giss-under-cyber-attack
Ey giss-under-cyber-attack
Комсс Файквэе
 
Grift horse money stealing trojan takes 10m android users for a ride
Grift horse money stealing trojan takes 10m android users for a rideGrift horse money stealing trojan takes 10m android users for a ride
Grift horse money stealing trojan takes 10m android users for a ride
Roen Branham
 
Istr number 23 internet security threat repor 2018 symantec
Istr number 23 internet security threat repor 2018 symantecIstr number 23 internet security threat repor 2018 symantec
Istr number 23 internet security threat repor 2018 symantec
Soluciona Facil
 
Enabling a Zero Trust strategy for SMS
Enabling a Zero Trust strategy for SMSEnabling a Zero Trust strategy for SMS
Enabling a Zero Trust strategy for SMS
Paul Walsh
 
ISTR Internet Security Threat Report 2019
ISTR Internet Security Threat Report 2019ISTR Internet Security Threat Report 2019
ISTR Internet Security Threat Report 2019
- Mark - Fullbright
 
Digital Threat Landscape
Digital Threat LandscapeDigital Threat Landscape
Digital Threat Landscape
Quick Heal Technologies Ltd.
 
ISTR Volume 18
ISTR Volume 18ISTR Volume 18
ISTR Volume 18
Symantec
 
Security weekly september 28 october 4, 2021
Security weekly september 28 october 4, 2021 Security weekly september 28 october 4, 2021
Security weekly september 28 october 4, 2021
Roen Branham
 
McAFEE LABS THREATS REPORT - Fourth Quarter 2013
McAFEE LABS THREATS REPORT - Fourth Quarter 2013McAFEE LABS THREATS REPORT - Fourth Quarter 2013
McAFEE LABS THREATS REPORT - Fourth Quarter 2013
- Mark - Fullbright
 
Symantec Internet Security Threat Report 2011 Trends Volume 17 April 2012
Symantec Internet Security Threat Report 2011 Trends Volume 17 April 2012Symantec Internet Security Threat Report 2011 Trends Volume 17 April 2012
Symantec Internet Security Threat Report 2011 Trends Volume 17 April 2012
Symantec
 
Symantec's Internet Security Threat Report for the Government Sector
Symantec's Internet Security Threat Report for the Government SectorSymantec's Internet Security Threat Report for the Government Sector
Symantec's Internet Security Threat Report for the Government Sector
Symantec
 
BLURRING BOUNDARIES
BLURRING BOUNDARIESBLURRING BOUNDARIES
BLURRING BOUNDARIES
- Mark - Fullbright
 
RSA 2013 Session: Mobile Security Smackdown: How Government “Pwned” The Priva...
RSA 2013 Session: Mobile Security Smackdown: How Government “Pwned” The Priva...RSA 2013 Session: Mobile Security Smackdown: How Government “Pwned” The Priva...
RSA 2013 Session: Mobile Security Smackdown: How Government “Pwned” The Priva...
Symantec
 
Symantec Internet Security Threat Report 2014 - Volume 19
Symantec Internet Security Threat Report 2014 - Volume 19Symantec Internet Security Threat Report 2014 - Volume 19
Symantec Internet Security Threat Report 2014 - Volume 19
Symantec
 
INTSUM
INTSUMINTSUM
INTSUM
worldwidebranding
 
Istr19 en
Istr19 enIstr19 en
Istr19 en
Anjoum .
 
Symantec Website Security Threat Report 2014 - RapidSSLOnline
Symantec Website Security Threat Report 2014 - RapidSSLOnlineSymantec Website Security Threat Report 2014 - RapidSSLOnline
Symantec Website Security Threat Report 2014 - RapidSSLOnline
RapidSSLOnline.com
 
Symantec Security Refresh Webinar
Symantec Security Refresh WebinarSymantec Security Refresh Webinar
Symantec Security Refresh Webinar
Arrow ECS UK
 
Briskinfosec - Threatsploit Report Augest 2021- Cyber security updates
Briskinfosec - Threatsploit Report Augest 2021- Cyber security updatesBriskinfosec - Threatsploit Report Augest 2021- Cyber security updates
Briskinfosec - Threatsploit Report Augest 2021- Cyber security updates
Briskinfosec Technology and Consulting
 
Ransomware Review 2017
Ransomware Review 2017Ransomware Review 2017
Ransomware Review 2017
Dryden Geary
 
A Joint Study by National University of Singapore and IDC
A Joint Study by National University of Singapore and IDCA Joint Study by National University of Singapore and IDC
A Joint Study by National University of Singapore and IDC
Microsoft Asia
 
Briskinfosec - Threatsploit Report Augest 2021- Cyber security updates
Briskinfosec - Threatsploit Report Augest 2021- Cyber security updatesBriskinfosec - Threatsploit Report Augest 2021- Cyber security updates
Briskinfosec - Threatsploit Report Augest 2021- Cyber security updates
Briskinfosec Technology and Consulting
 
Threat report h1_2013
Threat report h1_2013Threat report h1_2013
Threat report h1_2013
Комсс Файквэе
 
Top 15 security predictions for 2017
Top 15 security predictions for 2017Top 15 security predictions for 2017
Top 15 security predictions for 2017
Accelerate Tech
 
G data mobile_mwr_q2_2015_us
G data mobile_mwr_q2_2015_usG data mobile_mwr_q2_2015_us
G data mobile_mwr_q2_2015_us
linkedinbeam
 
Cybersecurity in Banking Sector
Cybersecurity in Banking SectorCybersecurity in Banking Sector
Cybersecurity in Banking Sector
Quick Heal Technologies Ltd.
 
Adjusting Your Security Controls: It’s the New Normal
Adjusting Your Security Controls: It’s the New NormalAdjusting Your Security Controls: It’s the New Normal
Adjusting Your Security Controls: It’s the New Normal
Priyanka Aash
 
Ksb 2013 ru
Ksb 2013 ruKsb 2013 ru
Ksb 2013 ru
Комсс Файквэе
 
Apwg trends report_q2_2013
Apwg trends report_q2_2013Apwg trends report_q2_2013
Apwg trends report_q2_2013
Комсс Файквэе
 

Contenu connexe

Tendances

Symantec's Internet Security Threat Report for the Government Sector
Symantec's Internet Security Threat Report for the Government SectorSymantec's Internet Security Threat Report for the Government Sector
Symantec's Internet Security Threat Report for the Government Sector
Symantec
 
Symantec Security Refresh Webinar
Symantec Security Refresh WebinarSymantec Security Refresh Webinar
Symantec Security Refresh Webinar
Arrow ECS UK
 
A Joint Study by National University of Singapore and IDC
A Joint Study by National University of Singapore and IDCA Joint Study by National University of Singapore and IDC
A Joint Study by National University of Singapore and IDC
Microsoft Asia
 

Tendances (20)

Security weekly september 28 october 4, 2021
Security weekly september 28 october 4, 2021 Security weekly september 28 october 4, 2021
Security weekly september 28 october 4, 2021
 
McAFEE LABS THREATS REPORT - Fourth Quarter 2013
McAFEE LABS THREATS REPORT - Fourth Quarter 2013McAFEE LABS THREATS REPORT - Fourth Quarter 2013
McAFEE LABS THREATS REPORT - Fourth Quarter 2013
 
Symantec Internet Security Threat Report 2011 Trends Volume 17 April 2012
Symantec Internet Security Threat Report 2011 Trends Volume 17 April 2012Symantec Internet Security Threat Report 2011 Trends Volume 17 April 2012
Symantec Internet Security Threat Report 2011 Trends Volume 17 April 2012
 
Symantec's Internet Security Threat Report for the Government Sector
Symantec's Internet Security Threat Report for the Government SectorSymantec's Internet Security Threat Report for the Government Sector
Symantec's Internet Security Threat Report for the Government Sector
 
BLURRING BOUNDARIES
BLURRING BOUNDARIESBLURRING BOUNDARIES
BLURRING BOUNDARIES
 
RSA 2013 Session: Mobile Security Smackdown: How Government “Pwned” The Priva...
RSA 2013 Session: Mobile Security Smackdown: How Government “Pwned” The Priva...RSA 2013 Session: Mobile Security Smackdown: How Government “Pwned” The Priva...
RSA 2013 Session: Mobile Security Smackdown: How Government “Pwned” The Priva...
 
Symantec Internet Security Threat Report 2014 - Volume 19
Symantec Internet Security Threat Report 2014 - Volume 19Symantec Internet Security Threat Report 2014 - Volume 19
Symantec Internet Security Threat Report 2014 - Volume 19
 
INTSUM
INTSUMINTSUM
INTSUM
 
Istr19 en
Istr19 enIstr19 en
Istr19 en
 
Symantec Website Security Threat Report 2014 - RapidSSLOnline
Symantec Website Security Threat Report 2014 - RapidSSLOnlineSymantec Website Security Threat Report 2014 - RapidSSLOnline
Symantec Website Security Threat Report 2014 - RapidSSLOnline
 
Symantec Security Refresh Webinar
Symantec Security Refresh WebinarSymantec Security Refresh Webinar
Symantec Security Refresh Webinar
 
Briskinfosec - Threatsploit Report Augest 2021- Cyber security updates
Briskinfosec - Threatsploit Report Augest 2021- Cyber security updatesBriskinfosec - Threatsploit Report Augest 2021- Cyber security updates
Briskinfosec - Threatsploit Report Augest 2021- Cyber security updates
 
Ransomware Review 2017
Ransomware Review 2017Ransomware Review 2017
Ransomware Review 2017
 
A Joint Study by National University of Singapore and IDC
A Joint Study by National University of Singapore and IDCA Joint Study by National University of Singapore and IDC
A Joint Study by National University of Singapore and IDC
 
Briskinfosec - Threatsploit Report Augest 2021- Cyber security updates
Briskinfosec - Threatsploit Report Augest 2021- Cyber security updatesBriskinfosec - Threatsploit Report Augest 2021- Cyber security updates
Briskinfosec - Threatsploit Report Augest 2021- Cyber security updates
 
Threat report h1_2013
Threat report h1_2013Threat report h1_2013
Threat report h1_2013
 
Top 15 security predictions for 2017
Top 15 security predictions for 2017Top 15 security predictions for 2017
Top 15 security predictions for 2017
 
G data mobile_mwr_q2_2015_us
G data mobile_mwr_q2_2015_usG data mobile_mwr_q2_2015_us
G data mobile_mwr_q2_2015_us
 
Cybersecurity in Banking Sector
Cybersecurity in Banking SectorCybersecurity in Banking Sector
Cybersecurity in Banking Sector
 
Adjusting Your Security Controls: It’s the New Normal
Adjusting Your Security Controls: It’s the New NormalAdjusting Your Security Controls: It’s the New Normal
Adjusting Your Security Controls: It’s the New Normal
 

En vedette

En vedette (9)

Ksb 2013 ru
Ksb 2013 ruKsb 2013 ru
Ksb 2013 ru
 
Apwg trends report_q2_2013
Apwg trends report_q2_2013Apwg trends report_q2_2013
Apwg trends report_q2_2013
 
Rp data breach-investigations-report-2013-en_xg
Rp data breach-investigations-report-2013-en_xgRp data breach-investigations-report-2013-en_xg
Rp data breach-investigations-report-2013-en_xg
 
Scimp paper
Scimp paperScimp paper
Scimp paper
 
H02 syllabus
H02 syllabusH02 syllabus
H02 syllabus
 
B intelligence report-08-2013.en-us
B intelligence report-08-2013.en-usB intelligence report-08-2013.en-us
B intelligence report-08-2013.en-us
 
Hta t07-did-you-read-the-news-http-request-hijacking
Hta t07-did-you-read-the-news-http-request-hijackingHta t07-did-you-read-the-news-http-request-hijacking
Hta t07-did-you-read-the-news-http-request-hijacking
 
Внедрение автоматизации на проекте с действующим ручным тестированием
Внедрение автоматизации на проекте с действующим ручным тестированиемВнедрение автоматизации на проекте с действующим ручным тестированием
Внедрение автоматизации на проекте с действующим ручным тестированием
 
First Catalogue / Primer Catalogo / Primer Catàleg DICOMOL 1979
First Catalogue / Primer Catalogo / Primer Catàleg DICOMOL 1979First Catalogue / Primer Catalogo / Primer Catàleg DICOMOL 1979
First Catalogue / Primer Catalogo / Primer Catàleg DICOMOL 1979
 

Similaire à Mobile threat report_q3_2013

Adaptive Mobile Malware Detection Model Based on CBR
Adaptive Mobile Malware Detection Model Based on CBRAdaptive Mobile Malware Detection Model Based on CBR
Adaptive Mobile Malware Detection Model Based on CBR
ijtsrd
 
CYREN 2013년 인터넷 위협 보고서_영문
CYREN 2013년 인터넷 위협 보고서_영문CYREN 2013년 인터넷 위협 보고서_영문
CYREN 2013년 인터넷 위협 보고서_영문
Jiransoft Korea
 
A Comprehensive Study on Security issues in Android Mobile Phone — Scope and ...
A Comprehensive Study on Security issues in Android Mobile Phone — Scope and ...A Comprehensive Study on Security issues in Android Mobile Phone — Scope and ...
A Comprehensive Study on Security issues in Android Mobile Phone — Scope and ...
AM Publications
 
10940 img sytr12_mobile_malware
10940 img sytr12_mobile_malware10940 img sytr12_mobile_malware
10940 img sytr12_mobile_malware
SytelReplyUK
 
Mobile threatreport q1_2012
Mobile threatreport q1_2012Mobile threatreport q1_2012
Mobile threatreport q1_2012
Shivmohan Yadav
 
Challenges in Testing Mobile App Security
Challenges in Testing Mobile App SecurityChallenges in Testing Mobile App Security
Challenges in Testing Mobile App Security
Cygnet Infotech
 
Whitepaper - CISO Guide_6pp
Whitepaper - CISO Guide_6ppWhitepaper - CISO Guide_6pp
Whitepaper - CISO Guide_6pp
Eric Zhuo
 
Article on Mobile Security
Article on Mobile SecurityArticle on Mobile Security
Article on Mobile Security
Tharaka Mahadewa
 

Similaire à Mobile threat report_q3_2013 (20)

Adaptive Mobile Malware Detection Model Based on CBR
Adaptive Mobile Malware Detection Model Based on CBRAdaptive Mobile Malware Detection Model Based on CBR
Adaptive Mobile Malware Detection Model Based on CBR
 
CYREN 2013년 인터넷 위협 보고서_영문
CYREN 2013년 인터넷 위협 보고서_영문CYREN 2013년 인터넷 위협 보고서_영문
CYREN 2013년 인터넷 위협 보고서_영문
 
F-Secure Mobile Threat Report Quarter 1 2012
F-Secure Mobile Threat Report Quarter 1 2012F-Secure Mobile Threat Report Quarter 1 2012
F-Secure Mobile Threat Report Quarter 1 2012
 
A Comprehensive Study on Security issues in Android Mobile Phone — Scope and ...
A Comprehensive Study on Security issues in Android Mobile Phone — Scope and ...A Comprehensive Study on Security issues in Android Mobile Phone — Scope and ...
A Comprehensive Study on Security issues in Android Mobile Phone — Scope and ...
 
Report on Rogue Security Software: a summary
Report on Rogue Security Software: a summaryReport on Rogue Security Software: a summary
Report on Rogue Security Software: a summary
 
Report on Rogue Security Software
Report on Rogue Security SoftwareReport on Rogue Security Software
Report on Rogue Security Software
 
HinDroid
HinDroidHinDroid
HinDroid
 
10940 img sytr12_mobile_malware
10940 img sytr12_mobile_malware10940 img sytr12_mobile_malware
10940 img sytr12_mobile_malware
 
Mobile threatreport q1_2012
Mobile threatreport q1_2012Mobile threatreport q1_2012
Mobile threatreport q1_2012
 
OS-Project-Report-Team-8
OS-Project-Report-Team-8OS-Project-Report-Team-8
OS-Project-Report-Team-8
 
Mobile Application Security
Mobile Application Security Mobile Application Security
Mobile Application Security
 
IBM X Force threat intelligence quarterly 1Q 2014
IBM X Force threat intelligence quarterly 1Q 2014IBM X Force threat intelligence quarterly 1Q 2014
IBM X Force threat intelligence quarterly 1Q 2014
 
Mobile Application Security Testing, Testing for Mobility App | www.idexcel.com
Mobile Application Security Testing, Testing for Mobility App | www.idexcel.comMobile Application Security Testing, Testing for Mobility App | www.idexcel.com
Mobile Application Security Testing, Testing for Mobility App | www.idexcel.com
 
Unicom Conference - Mobile Application Security
Unicom Conference - Mobile Application SecurityUnicom Conference - Mobile Application Security
Unicom Conference - Mobile Application Security
 
Challenges in Testing Mobile App Security
Challenges in Testing Mobile App SecurityChallenges in Testing Mobile App Security
Challenges in Testing Mobile App Security
 
Mobile security article
Mobile security articleMobile security article
Mobile security article
 
Whitepaper - CISO Guide_6pp
Whitepaper - CISO Guide_6ppWhitepaper - CISO Guide_6pp
Whitepaper - CISO Guide_6pp
 
Third Annual Mobile Threats Report
Third Annual Mobile Threats ReportThird Annual Mobile Threats Report
Third Annual Mobile Threats Report
 
White Paper - Android Security
White Paper - Android SecurityWhite Paper - Android Security
White Paper - Android Security
 
Article on Mobile Security
Article on Mobile SecurityArticle on Mobile Security
Article on Mobile Security
 

Plus de Комсс Файквэе

Plus de Комсс Файквэе (20)

Analitika web 2012_positive_technologies
Analitika web 2012_positive_technologiesAnalitika web 2012_positive_technologies
Analitika web 2012_positive_technologies
 
B istr main-report_v18_2012_21291018.en-us
B istr main-report_v18_2012_21291018.en-usB istr main-report_v18_2012_21291018.en-us
B istr main-report_v18_2012_21291018.en-us
 
Dtl 2013 q2_home.1.2
Dtl 2013 q2_home.1.2Dtl 2013 q2_home.1.2
Dtl 2013 q2_home.1.2
 
Rp quarterly-threat-q1-2012
Rp quarterly-threat-q1-2012Rp quarterly-threat-q1-2012
Rp quarterly-threat-q1-2012
 
Kaspersky lab av_test_whitelist_test_report
Kaspersky lab av_test_whitelist_test_reportKaspersky lab av_test_whitelist_test_report
Kaspersky lab av_test_whitelist_test_report
 
The modern-malware-review-march-2013
The modern-malware-review-march-2013 The modern-malware-review-march-2013
The modern-malware-review-march-2013
 
Dtl 2012 kl-app_ctl1.2
Dtl 2012 kl-app_ctl1.2Dtl 2012 kl-app_ctl1.2
Dtl 2012 kl-app_ctl1.2
 
Panda labs annual-report-2012
Panda labs annual-report-2012Panda labs annual-report-2012
Panda labs annual-report-2012
 
Course reader-title
Course reader-titleCourse reader-title
Course reader-title
 
Rp threat-predictions-2013
Rp threat-predictions-2013Rp threat-predictions-2013
Rp threat-predictions-2013
 
2012 browser phishing
2012 browser phishing2012 browser phishing
2012 browser phishing
 
Technology auto protection_from_exploit
Technology auto protection_from_exploitTechnology auto protection_from_exploit
Technology auto protection_from_exploit
 
Ndss12 woodpecker
Ndss12 woodpeckerNdss12 woodpecker
Ndss12 woodpecker
 
Hacktivityonly 121013141039-phpapp02
Hacktivityonly 121013141039-phpapp02Hacktivityonly 121013141039-phpapp02
Hacktivityonly 121013141039-phpapp02
 
Bilge12 zero day
Bilge12 zero dayBilge12 zero day
Bilge12 zero day
 
P50 fahl
P50 fahlP50 fahl
P50 fahl
 
2
22
2
 
Bilge12 zero day
Bilge12 zero dayBilge12 zero day
Bilge12 zero day
 
Sality peer to_peer_viral_network
Sality peer to_peer_viral_networkSality peer to_peer_viral_network
Sality peer to_peer_viral_network
 
2012 ab is-your-browser-putting-you-at-risk-pt2
2012 ab is-your-browser-putting-you-at-risk-pt22012 ab is-your-browser-putting-you-at-risk-pt2
2012 ab is-your-browser-putting-you-at-risk-pt2
 

Dernier

Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Principled Technologies
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
UK Journal
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Drew Madelung
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
Safe Software
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
Joaquim Jorge
 

Dernier (20)

Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 

Mobile threat report_q3_2013

  • 2. F-Secure Labs At the F-Secure Response Labs in Helsinki, Finland, and Kuala Lumpur, Malaysia, security experts work around the clock to ensure our customers are protected from the latest online threats. At any given moment, F-Secure Response Labs staff are on top of the worldwide security situation, ensuring that sudden virus and malware outbreaks are dealt with promptly and effectively. Protection around the clock Response Labs’ work is assisted by a host of automatic systems that track worldwide threat occurrences in real time, collecting and analyzing hundreds of thousands of data samples per day. Criminals who make use of virus and malware to profit from these attacks are constantly at work on new threats. This situation demands around the clock vigilance on our part to ensure that our customers are protected.
  • 3. contents contents3 Mobile Threat Landscape Mobile Malware Statistics, Q3 2013 Threats Highlights 4 6 7 Threats Highlights 8 Android Malware Statistics 12 recommendations: PROTECTING against mobile malware 13 Methodology14 Sources15 Mobile Threat Report Q3 2013 3
  • 4. Mobile Threat Landscape In the mobile threat landscape, malware authors continue to concentrate on the Android platform. This should not come as a surprise considering that Android holds 79.3% of the total market share[1] in mobile phones and tablet devices. Out of the 259 new threat families and new variants of existing families discovered in Q3 2013, 252 were Android threats while the other 7 were Symbian (Figure 1, page 5). No malware has been yet to be recorded in 2013 on the other platforms (Blackberry, iOS, Windows Phone). The majority of these threats fall under the ‘malicious program’ or Malware category, with trojans making up the largest percentage of the samples (Figure 2, page 6). The rest are deemed as ‘potentially unwanted applications’ or PUA, where the program may be considered undesirable or intrusive if used in a questionable manner, or may inadvertently introduce privacy or security risks. Based on the statistics recorded by our internal systems and telemetry data, another trend we’ve seen this quarter is the increasing growth of profit-motivated threats (Figure 3, page 6), which typically make monetary profit by sending premium-rate SMS messages from infected devices, without the users consent. This rise could be attributed to the continued growth in large SMS-sending trojan families such as FakeInst, OpFake, PremiumSms and SmsSend, whose developers keep churning out new variants each quarter. “The majority of these threats fall under the ‘malicious program’ or Malware category, with trojans making up the largest percentage...” developments this quarter Identifying Pincer’s creator In early April this year, we reported on Pincer[2], an Android malware that connects to a command-and-control or CC server (Figure 4, page 6) and serves one component of a system used to defeat two-factor authentication for online banking transactions. In August, security researcher Brian Krebs reportedly tracked down and identified the author of this trojan as a programmer in a Russian app development company, who had apparently create Pincer for an unidentified client as a freelance side project[3]. Creating malware gets easier In Q1 2013, we reported on the Perkele toolkit used to generate Android trojans for monitoring and forwarding SMS messages containing mTANs[4,5]. In July, there were reports of a new toolkit (aka ‘binders’) that simplifies the process of inserting malicious code into legitimate Android apps. The binder, named ‘Androrat APK binder,’ is used to insert an existing remote access tool (RAT) known as AndroRAT, into a ‘carrier’ app, trojanizing it[6]. Once the carrier app is installed onto a device, the implanted AndroRAT allows an attacker to remotely control it and among other things, monitor and make calls and messages, activate the camera and microphone, and access stored files. “Masterkey” vulnerability In July, security researchers publicly announced the discovery of a vulnerability in cryptographic signature verification for Android apps that, if exploited, would allow Mobile Threat Report Q3 2013 4
  • 5. an attacker to modify a legitimate app’s code without affecting its cryptographic signature[7] — essentially keeping the tampering from being detected during verification. Shortly after the announcement, researchers were able to find samples of such modified apps being distributed[8,9]. A few days later, Chinese security researchers announced discovery of a similar vulnerability, though in this case the issue revolved around how the verification process handled a mismatch between signed and unsigned integers. Google was reportedly notified of the ‘Masterkey’ issue earlier in the year, and at the time of the announcement had fixed the issue in the Android open source codebase[10]. Patches for the subsequent ‘signed integer verification’ vulnerability were also released shortly after the announcement. Users would however still need to wait for a firmware update from their device manufacturer in order to receive the patched code. In the meantime, basic security precautions are generally sufficient to avoid encountering. Android and Symbian NEWs “... attackers can simply bypass the store’s builtin security by using advertisement modules as the attack vector to lure users onto external sites ...” Android When Google introduced security measures to the Google Play app store, it helped to keep malicious apps out of the store but it doesn’t entirely eradicate the risks. For instance, the measures are ineffective in blocking malicious advertisements in apps as in the case of FakeDefender, attackers can simply bypass the store’s built-in security by using advertisement modules as the attack vector to lure users onto external sites where they can be scammed or infected. More details on page 9 Besides, some threats are beyond the scope of Google Play’s security measures, as is the case with the Masterkey exploit. Because of a security hole (referred to in the press as the ‘Masterkey’ vulnerability) in the Android operating system, malicious programs could still sneak into the store while hiding inside legitimate applications. Symbian While Android has been soaring high, Symbian is suffering the opposite fate. Its ecosystem is being driven down and the growing pressure from the recently announced Nokia Devices Services acquisition by Microsoft is no doubt speeding up the process. On 4th October 2013, Nokia Developer News blog announced that developers will no longer be able to publish new content or update existing content on the Nokia Store, beginning on 1st January 2014[11]. The Symbian Signed program will also come to an end on the same date. Since all Symbian 3rd Edition and later versions require that applications be signed, no one can publish new versions of their installation files after January 2014. As of this moment, there is no explicit public statement on what is going to happen to express signing or other third party signing services. If they are also not available, it really means the end of life for Symbian. Sources: See page 15 Mobile Threat Report Q3 2013 More details on page 8 new mobile threat families and variants, q1-q3 2013 300 252 205 200 153 100 13 0 3 0 Q1 2013 Q2 2013 Android Symbian 7 0 Q3 2013 Others (Blackberry, iOS, Windows Phone) Figure 1: New families and new variants of existing families discovered on different platforms from Q1 to Q3 2013. 5
  • 6. Mobile Malware Statistics, Q3 2013 mobile threats by Type, q3 2013 Application, 2.3% Exploit, 0.4% Hack-Tool, 0.4% Monitoring-Tool, 1.9% Riskware, 1.9% Spyware, 0.4% 4+1+37925z Trojan-Spy, 2.7% Trojan-Dropper, 0.4% Trojan-Downloader, 1.6% Figure 2: New mobile threats families and variants discovered in Q3 2013, broken down into types. 259 Trojan, 88.0% families + variants NOTE: No new adware families or variants were discovered in Q3 2013; new families or variants of other PUA types (e.g., Spyware, Riskware) were recorded during this same period. mobile threats motivated by profit, q3 2013 Not profit-motivated 18.9% 81+19+z Profit-motivated 204/210 Android Symbian Android Symbian 6/210 Not profit-motivated 48/49 1/49 Figure 3: Comparison between new threats discovered in Q3 2013 that are profit-motivated versus non-profit-motivated ones. Profit-motivated 81.1% mobile threats That are bots, q3 2013 20+80+z 80+20+z 19.7% yes 51/259 80.3% No 208/259 Android 51/51 Android 201/208 Symbian 0/51 Symbian 7/208 Mobile Threat Report Q3 2013 Figure 4: Comparison between new threats discovered in Q3 2013 that connected to CC servers versus those that did not. 6
  • 7. Threats Highlights The state of mobile malware is becoming more interesting as mobile phones and tablets become the preferred media consumption device for most users. The current trend for malware development has been to follow and target the most widely used operating system or platform. 90 +10+G One critical factor driving mobile malware development has been the growing use of mobile devices as a security check, usually as a form of secondary or two-factor authentication for user credentials or online transactions. The most common manifestation of this is the mTAN (mobile Transaction Authentication Number) authentication used by during online banking transactions by some banks as an added extra level of security. Malware authors are currently mobile banking trojans by percentage, able to circumvent this extra based on protection network count level of protection by creating a mobile program or application that explicitly intercepts the SMS SMSSpy*, messages used to validate these 90 transactions - thus the birth of FakeKRBank, 5 mobile Banking Trojans. The most common of these are still just a component of a more complex system, as they must function in tandem with a separate desktop-based banking malware that does the actual monetary theft. Interestingly, though mobile banking trojans still form a relatively small chunk of the overall count in our mobile malware sample collection, we do see a growing trend in the number of banking trojans. % Others, 10 More generally, another trend to highlight for this quarter is the further evolution of Android malware in terms of complexity and environment. An example is the evolution of a simple premium-SMS sending app that has developed its own ‘ecosystem’ on evolving into an SDK that supports an affiliated premium subscription number, somewhat like the way legitimate advertising modules are associated with affiliated ad networks - but nastier. As an SDK, it can be easily integrated into an app. The change means that two things can happen - it can be used solely for its ‘traditional’ premiumSMS subscribing routine, or the SDK can be unwittingly used by legitimate developers unaware of the impact of its behavior. Following the steps of previously reported malware Badnews, this quarter this was seen in SxJolly.A. Though not new, Obad.A also showed more development this quarter with regards to its ecosystem. Classic Trojan-clicker behavior, more commonly seen in PC malware, reappeared in Uten.A, though the same principles were already seen in Adrd.A[1] in 2011. Delving further into specific malware, the public disclosure of the ‘Masterkey’ vulnerability this quarter showed the most potential for use in real malware, and sure enough was quickly followed by the discovery of in-the-wild malware exploiting this loophole. On the Symbian front, the only new threat of note was Kleaq.A - though even then, its malicious routines are not unusual for Symbian malware. And finally, in terms of spying-malware, the most notable development was Tramp.A’s utilization of the Google Cloud Messaging (GCM). Mobile Threat Report Q3 2013 FakeToken, 2 Spitmo, 2 Citmo, 0.6 { 0.4 PerkeSecuApp, Pincer, SmsBankSteal, Zitmo *SMSSpy SMSSply differs from other malware families in that it doesn’t contain variants ‘descended’ from a single identifiable code. Instead, SMSSpy groups mobile threats that share specific similarities in behavior related to SMS message monitoring. This may include threats that could also be identified as belonging to other families, such as Stels, Pincer or Zitmo. Sources: See page 15 7
  • 8. Count of known unique samples* The count of unique samples for a particular variant of family found in our file collections. This number is used to provide a meaningful idea of how large a given malware family may be. Threats Highlights Protection Network Count** The number of the times a client installation of F-Secure’s Mobile Security reported blocking an attempt to install malware onto the protected device to our cloud-based telemetry systems during Q3 2013. Exploit:Android/Masterkey.A Count of known unique samples*: 101 Distribution Seen in third-party app markets targeting Chinese users. Summary This malware takes advantage of the Masterkey vulnerability in Android, which allows attackers to make changes to an app’s code without affecting the cryptographic signature used to check the legitimacy of an app. Protection Network Count** 3 July Bluebox Security publicly discloses Masterkey vulnerability [2] February Bluebox Security responsibly discloses Masterkey vulnerability to Google 13 9 10 July Similar vulnerability related to verification of signed integers found by Chinese security researchers [3] JULY 10 July Proof-of-Concept (POC) Masterkey sample received 5 1 August Masterkey vulnerability presented at BlackHat conference [4] Jul August 26 july Our Protection Network identifies a POC Masterkey exploit app circulating, disguised as a mobile banking app 11 July Proof-of-Concept (POC) for signed integer verification sample received 11 July Non-POC, non-malicious Masterkey sample encountered. App code altered to display a message onscreen and include cheat cods in configuration files AUG Sep September 7 August 30 apps found on thirdparty app market in China containing Masterkey exploit, including one banking app. On installation, apps will contact remote server for commands Sources: See page 15
  • 9. Trojan:Android/FakeDefender.A Count of known unique samples*: 34 Distribution Seen advertised in third-party advertisements displayed on mobile devices. Protection Network Count** Summary Similar to rogue anti-spyware programs found on PCs, FakeDefender is a rogue anti-spyware program for the mobile device. The program does not provide the scanning or malware removal functionalities as claimed. 4 Jul 5 AUG 8 Sep Trojan:Android/Obad.A Count of known unique samples*: 14 Protection Network Count** 16 10 3 Jul AUG Sep Distribution Obad variants were observed being advertised on a malicious website while browsing on an Android device, and is likely to arrive on a client’s device via a mobile drive-by-download. Summary Once installed on the device, Obad variants gain administrator privileges and uses an exploit to break through the Android operating system’s security layer. Obad collects and sends the following details about the device to a remote CC server: the Media Access Control (MAC) address and IMEI, the operator name, the time and root access. The CC server is also able to issue commands to the installed application, including to send SMS messages, make the device act as a proxy or a remote shell, launch a URL in the mobile browser, download and install additional components, get the Contact list as well as further details of a specific installed app and send a file via Bluetooth. Trojan:Android/SxJolly.A Count of known unique samples*: 19 Protection Network Count** Distribution Seen in third-party app markets targeting Russian users. Summary A Bot capable of receiving commands to send SMS messages or subscribe the device to a premium-SMS service, and change or update its CC server. 10 9 0 Jul AUG Sep
  • 10. Trojan:Android/Tramp.A Protection Network Count** Count of known unique samples: 31 Distribution Unknown Summary Generally this malware monitors the user’s SMS messages and steals the following details from user’s phone: phone numbers, carrier and SMS. An interesting aspect of this malware is that it can receive the following commands through Google Cloud Messaging (GCM): • • • • • 0 0 Jul AUG 4 Sep Send message Block call Get current location Observe Contact The Tramp sample we analyzed was also equipped with the androidvncserver native binary. Though this particular sample did not utilize the binary, it does raise the possibility that they could later add commands to execute files, especially as the VNC server would give an attacker full control over the phone. This VNC server application is publicly shared at http://code.google.com/p/android-vnc-server/. The other interesting thing is that the malware doesn’t create any shortcut to the application, so the presence of the app on the device is very difficult to spot. It most likely waits for device reboot or an SMS before it activates and runs its routines. Trojan:Android/Uten.A Protection Network Count** 61 Count of known unique samples: 192 Distribution This malware is a repackaged and trojanized app based on a game available in Google Play and believed to be spread in various third party app markets. Summary The malware disguises itself as “Umeng” SDK library, a mobile analytic platform used by developers. The original application that was trojanized to create this appears to be a legitimate gaming app available on the official Google Play Market. 0 0 Jul AUG Upon installation of this malware, affected devices are silently subscribed to a premium-SMS service, then SMS messages are sent to the service. Uten is also capable of intercepting SMS originating from certain numbers to avert user suspicion. It also performs click-fraud by emulating the user clicking on certain advertisements in the background – all at the expense of the user’s precious bandwidth. Sep
  • 11. Trojan:SymbOS/Kleaq.A Distribution Unknown Summary This malware’s installation package contains two executables, one of which is responsible for downloading and installing the real payload silently, while the other executable kills any uninstallation attempts by terminating relevant processes. Typically, the kill list also includes some anti-virus vendors’ processes and network connection status indicators.
  • 12. Android Malware Statistics Total malware Count Against TOTAL detection count for Android Threats, 2012-2013 Total detection Total malware 100,000 3579112459 1+5+9+16+18+26+41+100 75,000 50,000 39+61+B Android Threats by Category, Q3 2013 1-10-2013 1-7-2013 1-4-2013 1-1-2013 1-10-2012 1-7-2012 1-4-2012 1-1-2012 25,000 Top-15 Android malware received and identified in Q3 2013 Detection count 15,853 Trojan:Android/OpFake 11,319 Suspicious:Android/Malware 7,245 Trojan:Android/SmsSend 7,062 Trojan:Android/Vdloader 4,111 Trojan:Android/Boxer 2,590 Trojan-Downloader:Android/Boqx 2,210 Trojan:Android/SmsSpy 2,099 Suspicious:Android/GinMaster 1,857 Trojan:Android/Downloader 1,734 1,709 789 Trojan:Android/Temai 657 Trojan:Android/FakeNotify Mobile Threat Report Q3 2013 Trojan:Android/GinMaster Trojan:Android/Vidro malware PUA 90,252 Trojan:Android/Mseg 61% 39% Trojan:Android/FakeInst 558 12
  • 13. recommendations: Protecting against mobile malware Securing the device Today most people have their email accounts (personal and/ or work) and other critical services on their mobile devices. This convenience also means that if your device is lost or stolen, your losses could involve more than just the physical device. And despite concern about online-based attacks, the easiest way for malware to get on a device is still for someone to manually install it while the device is in their possession. In other words, protect your device’s physical security first. 1. Lock the device Locking your device prevents anyone else from meddling with its settings and installing an app (such as a monitoring-tool or spyware) while it is out of your possession. For the lock to be effective, make sure the password/passcode/pattern is unique, and preferably memorable for you without being easy for someone else to guess. 2. Set up anti-theft protection Anti-theft protection typically provides you the ability to remotely wipe the data on your phone, including on any memory cards installed, if you decide your phone is irretrievable. Some anti-theft solutions also include features such as location mapping or sounding the alarm, to help when attempting to locate the device. Blocking unwanted services Lucrative profit-generating mechanisms for mobile malware are to silently send premium rate SMS messages, subscribe the user to continuous premium services, or to force the device to call premium-rate numbers. Blocking premium calls or messages is one way to minimize financial losses, even if malware does get installed. This also provides protection against non-malware billing fraud by “operators” who silently subscribe users to premium services and forward billing requests to the user’s mobile operator, hoping to have the charges quietly added to the user’s bill. 3. Set up call or message barring Most operators allow users to set up a call or SMS barring service to block the device from sending unwanted calls or messages. Also known as ‘premium-rate blocking’, this is particularly useful for parents who want to prevent their children’s devices from inadvertently incurring unnecessary charges. To set up this service, contact your phone operator for more details. Some services also provide a PIN number or other method that allows the user to selectively remove the barring, if they desire. Sources: See page 15 When dowloading apps Once your device’s physical security has been addressed, you can also take the following steps when downloading an app. 4.Download apps only from the Play Store By default, Android devices block installation of apps from any source other than the Play Store. You can check to make sure your device only allows Play Store apps by looking in Setting Applications Unknown sources. If the checkbox is checked, non-Play Store apps can be installed. Uncheck this. 5. Check the apps’ permission requests Whether you’re downloading from the Play Store or other sources, make sure to read the app’s list of requested permissions (the ones that typically raise eyebrows due to security or privacy concerns are listed below right). If the permissions • Services that cost you money requested seem excessive • Make phone calls or unrelated to the app’s • Send SMS or MMS purpose—for example, a • Your location casual game asks to send • Your personal information SMS messages—you can check the developer’s references for more details, as reputable developers usually explain why the permissions are needed. If the use appears justified to you, then you may elect to download the app. Incidentally, apps such as PocketPermissions, LBE Privacy or PermissionDog can be useful guides for explaining the sometimes-obscure permissions. Some also include features to restrict permissions used by installed apps, though such functionality is often intended for advanced users. 6. Scan apps with a mobile antivirus Once downloaded onto your device, use a reputable mobile antivirus to scan the app. You can think of this as a check on the app’s ‘silent’ behavior—permissable actions that are implied in the app’s permissions list (for example, sending the device’s details to a remote server) but may cause users concern. If the verdict from the mobile antivirus is acceptable to you, then you can proceed to install the app. While online As websites have evolved to cater for visitors browsing from mobile devices, we’ve also seen malicious sites follow suit[1]. 7. Use web browsing protection To avoid stumbling onto a malicious site while surfing on a mobile device, use web browsing protection (available from most antivirus solutions) to block known harmful sites.
  • 14. Methodology This report is based on mobile application data gathered during the period of 1st July to 31st september 2013 from a variety of sources including, among others, the official Android Play Store and Apple App Store, third-party app markets and anonymized data from F-Secure Mobile Security customers. The collected samples and data are scanned by multiple internal analysis systems, as well in-depth investigation as by F-Secure Labs’ Threat Research analysts. Categorizing Mobile Threats F-Secure Labs classifies mobile threats into two Categories based on their potential for damaging the user’s device or data: Malware and Potentially Unwanted Application (PUA). The programs can be further divided into Types based on their behavior. The following list provides a brief summary of the criteria used classify mobile threats: MALWARE A mobile application that performs actions which pose a significant security risk to the user’s system and/or information. Such applications are by default blocked from installation. Backdoor Trojan A program that deliberately performs harmful actions such as stealing data, hijacking device resources, interfering with the user’s control of the device, etc. Beneficial functionality, if any exists, is intended as a decoy or distraction to draw attention away from the malicious payload. Trojans may be further subdivided by the type of action they take — trojandownloader, trojan-dropper, trojan-spy, etc. Worm PUA A program that provides unauthorized remote access to the device. A program that creates exact or similar standalone copies of itself. The copies can be on the device and/or connected or removable media. A notable subset of worms send copies of themselves over a Bluetooth connection, i.e., Bluetooth-worm. An application or component that may be considered undesirable or intrusive by a user if used in a questionable manner, or may inadvertently introduce privacy or security risks. If the user is aware of and accepts the implied risk(s), they may elect to install and use the application. Spyware Trackware A program that gathers data that could be used to identify a user or a device to a third party, for example, an app that provides device location services as theft protection. Adware Mobile Threat Report Q3 2013 A program that collects data about the user’s behavior patterns, such as Web browsing history and site preferences, and stores the data locally or remotely. A mobile application with an advertisement display functionality that potentially exposes the user to privacy or security risks as well as exhibiting aggressive advertisement behaviors. Privacy concerns involve the collection or leakage of user’s or device’s personal information such as location, behavior, International Mobile Equipment Identity (IMEI) number, contacts, etc. Aggressive behavior includes changing device settings such as adding home screen shortcuts, browser bookmarks, or icons on the user’s device for advertising purposes. Security concerns involve exposure and/or redirection to unsolicited, unverified or questionable applications, websites or contents. 14
  • 15. Sources Mobile Threat Landscape (page 4-5) International Data Corporation; Apple Cedes Market Share in Smartphone Operating System Market as Android Surges and Windows Phone Gains, According to IDC; published 7 August 2013; http://www.idc.com/getdoc.jsp?containerId=prUS24257413 2. F-Secure Weblog; Sean Sullivan; Trojan:Android/Pincer.A; published 5 April 2013; http://www.f-secure.com/weblog/archives/00002538.html 3. Krebs on Security; Brian Krebs; Who Wrote the Pincer Android Trojan?; published 27 August 2013; http://krebsonsecurity.com/2013/08/who-wrote-the-pincer-android-trojan/ 4. F-Secure Weblog; Sean Sullivan; Mobile Bot “Perkele Lite” [Android Only]; published 7 March 2013; http://www.f-secure.com/weblog/archives/00002519.html 5. Krebs on Security; Brian Krebs; A Closer Look: Perkele Android Malware Kit; published 19 August 2013; http://krebsonsecurity.com/2013/08/a-closer-look-perkele-android-malware-kit/ 6. Symantec; Andrea Lelli; Remote Access Tool Takes Aim with Android APK Binder; published 16 July 2013; http://www.symantec.com/connect/blogs/remote-access-tool-takes-aim-android-apk-binder 7. Symantec; First Malicious Use of ‘Master Key’ Android Vulnerability Discovered; published 23 July 2013; http://www.symantec.com/connect/blogs/first-malicious-use-master-key-android-vulnerability-discovered 8. Naked Security; Paul Ducklin; Android “Master Key” vulnerability - more malware exploits code verification bypass; published 9 August 2013; http://nakedsecurity.sophos.com/2013/08/09/android-master-key-vulnerability-more-malware-found-exploiting-code-verification-bypass/ 9. InfoSecurity; More Exploits for Android ‘MasterKey’ Vulnerability Turn Up in the Wild; published 9 August 2013; http://www.infosecurity-magazine.com/view/33941/more-exploits-for-android-masterkey-vulnerability-turn-up-in-the-wild/ 10. Threat Post; Dennis Fisher; Jeff Forristal on the Android Master-Key Vulnerability; published 5 August 2013; http://threatpost.com/jeff-forristal-on-the-android-master-key-vulnerability-2/101587 11. Nokia Developer News; Fred Patton; Changes to supported content types in the Nokia Store; published 4 October 2013; http://developer.nokia.com/Blogs/News/blog/2013/10/04/changes-to-supported-content-types-in-the-nokia-store/ 1. Threats Highlights (page 7-11) 1. 2. 3. 4. F-Secure Weblog, Trojan:Android/Adrd.A, published 16 February 2011; http://www.f-secure.com/weblog/archives/00002100.html Bluebox Security, Jeff Forristal; Uncovering Android master key that makes 99% of devices vulnerable, published 3 July 2013; http://bluebox.com/corporate-blog/bluebox-uncovers-android-master-key/ Sina blog, Android security squad discovered new vulnerabilities, published 10 July 2013; http://blog.sina.com.cn/s/blog_be6dacae0101bksm.html BlackHat, Android: One root to own them all, published 1 August 2013; https://www.blackhat.com/us-13/archives.html#Forristal Recommendations: Protecting against mobile malware (page 13) 1. F-Secure Weblog, Sean Sullivan; Post-PC Attack Site: Only Interested in Smartphones/Tablets, published 19 June 2013; http://www.f-secure.com/weblog/archives/00002569.html Mobile Threat Report Q3 2013 15
  • 16. Protecting the Irreplaceable F-Secure proprietary materials. © F-Secure Corporation 2013. All rights reserved. F-Secure and F-Secure symbols are registered trademarks of F-Secure Corporation and F-Secure names and symbols/ logos are either trademark or registered trademark of F-Secure Corporation.