dcsimg

Q1 2014 Report: Innovative New Threats Targeting Mobile OSes

  • Q1 2014 Report: Innovative New Threats Targeting Mobile OSes-

    More Android threats

    First bootkit: Trojan:Android/Oldboot.A is believed to be Android’s first bootkit, or malware that affects the earliest stages of the device’s bootup routine, making it extremely difficult to detect or remove. The malware is thought to have spread in modified firmware updates, with most infections reportedly seen in China.

    Pileup exploit: Researchers reported vulnerabilities in the Android OS (collectively called Pileup flaws) that could allow an installed malware to silently upgrade its permissions during a system update (essentially, “privilege escalation through updating”).

    Dendroid toolkit: Backdoor:Android/Dendroid.A is a toolkit for creating Remote Access Trojans (RAT) that allow an attacker to create trojans that can remotely access an infected device’s audio and video functions. It also creates Trojans that can evade Google Play Store security.

1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11

Q1 2014 Report: Innovative New Threats Targeting Mobile OSes

  • 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11
  • Q1 2014 Report: Innovative New Threats Targeting Mobile OSes-9

    More Android threats

    First bootkit: Trojan:Android/Oldboot.A is believed to be Android’s first bootkit, or malware that affects the earliest stages of the device’s bootup routine, making it extremely difficult to detect or remove. The malware is thought to have spread in modified firmware updates, with most infections reportedly seen in China.

    Pileup exploit: Researchers reported vulnerabilities in the Android OS (collectively called Pileup flaws) that could allow an installed malware to silently upgrade its permissions during a system update (essentially, “privilege escalation through updating”).

    Dendroid toolkit: Backdoor:Android/Dendroid.A is a toolkit for creating Remote Access Trojans (RAT) that allow an attacker to create trojans that can remotely access an infected device’s audio and video functions. It also creates Trojans that can evade Google Play Store security.

More than 99 percent of new mobile threats discovered by F-Secure Labs in the first quarter of 2014 targeted Android users, according to F-Secure's new Mobile Threat Report. Two hundred seventy-seven new threat families and variants were discovered, all but two targeted Android -- of the two that didn't, one targeted the iPhone, and one targeted Symbian. In comparison, the same quarter last year brought 149 new threat families and variants, of which 91 percent targeted Android.

The first quarter also saw a number of firsts for Android malware. This indicates that the mobile threatscape is continuing to develop in sophistication and complexity. The quarter saw the first cryptocurrency miner, which hijacks the device to mine for virtual currencies such as Litecoin. It saw the first bootkit, which affects the earliest stages of the device's bootup routine and is extremely difficult to detect and remove. It saw the first Tor Trojan and the first Windows banking Trojan hopping over to Android.

"These developments give us signs to the direction of malware authors," said Mikko Hyppönen, chief research officer at F-Secure. "We'll very likely see more of these in the coming months. For example, mobile phones are getting more powerful, making it possible for cyber criminals to profit by using them to mine for cryptocurrencies."

Great Britain experienced the highest level of mobile malware measured by F-Secure in Q1, with 15 to 20 malware files blocked per 10,000 users there, or about one in 500 users. The U.S., India and Germany all had five to 10 malware blocked for every 10,000 users. And in Saudi Arabia and the Netherlands, two to five malware were blocked per 10,000 users.