Cyber Security Sunday: Android Malware is now after your money


Be careful of what you download, Android user, ’cause the app you mighty just cost you big time. And when I say big time, I seriously mean BIG time ’cause that free app might be some malware designed to steal money from your bank account.

Read more about this alarming trend in Kaspersky Lab‘s press release:

Mobile malware evolution: 3 infection attempts per user in 2013

The experts at Kaspersky Lab have published the results of their analysis of the mobile threat landscape in 2013.

2013 in figures:

  • Nearly 145,000 new malicious programs for mobile devices detected in 2013, more than three times the previous year’s figure of 40,059 samples. As of January 1 this year, Kaspersky Lab’s collection included almost 190,000 mobile malware samples.
  • 98.1% of all mobile malware detected in 2013 targeted Android devices.
  • Approximately 4 million malicious applications used by cybercriminals to distribute mobile malware for Android-based devices. A total of 10 million malicious Android apps detected in 2012-2013.
  • The top five countries with the highest number of unique attacked users are Russia (40%), India (8%), Vietnam (4%), Ukraine (4%) and the UK (3%).

The majority of mobile malware in 2013 targeted users’ money:

      • The number of mobile malware modifications designed for phishing, the theft of bank card information and money from bank accounts increased by a factor of almost 20.
      • 2,500 attempted infections by banking Trojans were blocked1
      • Banking Trojans are by far the most dangerous type of mobile malware for users. Some of those detected in 2013 were more geared towards stealing money from bank accounts rather than from a victim’s mobile account, which significantly increases the potential losses.

Vulnerabilities in the Android OS architecture and its growing popularity were important factors behind the increase in Android banking Trojans in 2013.

Cybercriminals appear to have become obsessed with this method of making money: at the beginning of the year there were just 67 known banking Trojans, but by the end of 2013 Kaspersky Lab’s collection contained 1,321 unique samples.

“Today, the majority of banking Trojan attacks target users in Russia and the CIS (Commonwealth of Independent States),” said Victor Chebyshev, Virus Analyst, Kaspersky Lab.

“We already know of Perkel, an Android Trojan that attacks clients of several European banks, as well as the Korean malicious program Wroba,” Chebyshev added.

The increasingly sophisticated route to your money

Criminals are increasingly using obfuscation, the deliberate act of creating complex code to make it difficult to analyze.

The more complex the obfuscation, the longer it will take an antivirus solution to neutralize the malicious code and the more money the fraudsters can steal.

Methods used to infect a mobile device include compromising legitimate sites and distributing malware via alternative app stores and bots (the bots usually self-proliferate by sending out text messages with a malicious link to addresses in the victim’s address book).

Android vulnerabilities are used by criminals to enhance the rights of malicious applications, which considerably extends their capabilities and make it more difficult to remove malicious programs.

To bypass the code integrity check when installing an application, the Master Key vulnerability is used. The fact that it is only possible to get rid of Android vulnerabilities by receiving an update from the device manufacturer merely complicates the situation further. If a smartphone or tablet was released more than a year ago, it is probably no longer supported by the manufacturer and patching of vulnerabilities is no longer provided. In that case, the only help comes from an antivirus solution.


1 The number of attacks prevented by Kaspersky Lab mobile products in 2013.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s