ELEVEN years after the first mobile malware worm SymbOS.Cabir targeted the Symbian operating system, more than 1 million malicious apps exist in app stores and that number looks set to increase.
The Slovak market is not immune to such malware and attacks on smartphones are up 30 percent as compared to last year, according to Ondrej Macko, editor-in-chief of the TouchIT.sk website.
“Mobile devices are much more utilised tools, full of important data and work documents,” Macko told The Slovak Spectator, “therefore they have become juicier targets for cyber-criminals.”
Mário Lelovský, president of the IT Association of Slovakia (ITAS), agrees that the boom in mobile and connected devices has led to more frequent attacks.
“However, this fact might encourage competent authorities in the implementation of the CyberSecurity agenda and establishment of defense mechanisms,” Lelovský told The Slovak Spectator.
The malicious code spreads from attacker to victim as global malware modified for the Slovak market by changing the language of displayed text, said Gabriel Braniša, Android operating system (OS) malware analyst of IT security company ESET.
“The market was hit by, in particular, customised foreign forms of potentially unsafe/unwanted applications (PUA),” Braniša told The Slovak Spectator.
Malware often targets contact databases and documents located on a smartphone and can send messages to the user’s friends on the user’s behalf, said Macko.
Slovakia differs from the other countries due to the lack of direct internet payments, thus malware causes fewer problems than elsewhere in Europe, he added.
“The payment after delivery of goods by mail or courier still dominates in the market,” Macko said.
While the invaders spread malicious code via Bluetooth technology as far back as malware in 2004, today there are much more sophisticated attacks including various forms of ransomware.
In September, experts from ESET discovered an aggressive Android ransomware LockerPIN which seeks to obtain a $500 ransom by changing a device’s PIN lock. It spreads through unofficial applications that are used to view pornographic videos, according to the company’s press release.
Ján Kvasnička of IT security company Symantec said the latest trend includes crypto-ransomware, which over time can encrypt a mobile device up to the AES 256 level.
“We do not recommend users to pay fees for unlocking the device because with high probability the device will remain encrypted after the payment,” Kvasnička told The Slovak Spectator.
According to Symantec, ransomware attacks grew 113 percent in 2014, driven by a more than a 4,000 percent increase in crypto-ransomware attacks.
Experts from ESET added that also so-called backdoor attacks, which sees apps installed in the background while the owner has no idea, have also multiplied this year. Such dangerous malware requires root rights to full control of the device which a user unknowingly and voluntarily provides, Braniša said.
“Therefore attackers can execute more targeted attacks and focus on the known security gaps of the installed operating system,” Braniša said.
Alexandra Piskunová, spokeswoman of the telecom operator Orange Slovensko, added that its experts have tracked so-called stagefright vulnerability, whereby attackers are able to take control of a device via attachments in multimedia messages.
In addition, there are perhaps as many as 2.3 million so-called grayware apps that, while not technically malware, display undesirable behaviour – including bombarding the user with advertising – according to Symantec reports.
Not only Android
Though malware attacks are usually directed to the more widely utilised Android operating system, they increasingly target Apple’s iOS platform as well.
In September, Apple revealed more than 300 infected apps in its store, including the well-known WinZip, Musical.ly, Mercury Browser and WeChat.
Attackers invade apps through developer’s package Xcode provided by Apple itself. After the implementation, malware XcodeGhost is able to obtain sensitive data such as login passwords, according to cybernetic security portal CyberSec.
Paul Ducklin, senior security advisor of the Sophos company, says that people are accustomed to Android malware, however Apple products until recently felt safe.
“Today, even Apple is not immune from malicious code in approved apps,” Ducklin said.
Malware causes a variety of problems with sensitive data leakage among the biggest concerns.
Braniša said that most frequently leaks target social networks identities and credit card numbers. Attackers can also use robots to click on specific ads on the internet on the user’s behalf.
“Nowadays, attackers do not aim to damage the phone or tablet as in the past,” Macko said, “but it may lead to overheating after a malware attack.”
To ensure adequate protection, people should download software only from publishers marked by “Top Developer” or at least not from unverified sources. Fortunately, the majority of consumers follow mainstream, proven brands, according to Braniša.
Macko stressed that they should be careful if someone offers a free app which evidently promises financial benefits.
“Be doubly careful if you are using the free Wi-Fi network in shopping malls,” Macko said. “Common sense is always the best medicine.”
Moreover, if a user wants to deal experimentally with less-known apps, it is important to have an antivirus programme installed on the device, Braniša added.
“Teams in IT security companies detect the latest threats for their anti-virus solution every day to ensure the best protection against malicious apps,” Braniša said.
24. Nov 2015 at 6:35 | Peter Adamovsky