Welcome!

Web 2.0 Authors: Frank Huerta, Sandi Mappic, Esmeralda Swartz, Gary Kaiser, Bob Gourley

Related Topics: Web 2.0, Wireless

Web 2.0: Blog Feed Post

The Million Mobile Malware March

Milestone has been breached according to Trend Micro

Milestone has been breached according to Trend Micro.  Just a few months ago, they reported in their 2Q Security Roundup that there were 718,000 malicious or risky Andriod mobile apps available (up from 509,000 in Q1) and crystal-ball’d that the million mobile malware milestone would be reached by the end of 2013.  Well, it came a couple months early.

Contained in that million are straight pieces of malware, those that abuse premium services like sending unauthorized text messages to certain numbers and registering people to costly services along with high-risk apps, those that aggressively serve ads that lead to dubious sites.  They found that 75% perform outright malicious routines, while another 25% exhibit dubious routines, which include adware.

The most infamous malware families included FAKEINST at 34% and OPFAKE at 30%.  FAKEINST is typically disguised as a legitimate app and was responsible for the fake Bad Piggies versions, which were found right after the game’s release.  They can also register users for costly services by sending unauthorized text messages to those services for enrollment.    in its ability to wolf legitimate apps clothing but it was also able to launch a web page that asks the person to download a potentially malicious file.  Those are the primary risks but there are many others with this type of malware.  Such fun.

For the high risk apps, ARPUSH came in at 33% and LEADBLT garnered 27% of the total.  These are known to steal data like GPS location and OS information along with delivering malware.

The threats don’t stop with these gems.  Crooks are also looking to hijack mobile banking transactions with FAKEBANK and FAKETOKEN malware variants.  They like to spoof legitimate financial apps along with the ever popular phishing notices enticing people to enter personal info.

And I thought mobile devices were supposed to make our lives easier.  Hmm.  The dedicated circuit of a couple cans with high speed twine (HST) sounds a lot more secure these days.

ps

Related:

Read the original blog entry...

More Stories By Peter Silva

Peter Silva covers security for F5’s Technical Marketing Team. After working in Professional Theatre for 10 years, Peter decided to change careers. Starting out with a small VAR selling Netopia routers and the Instant Internet box, he soon became one of the first six Internet Specialists for AT&T managing customers on the original ATT WorldNet network.

Now having his Telco background he moved to Verio to focus on access, IP security along with web hosting. After losing a deal to Exodus Communications (now Savvis) for technical reasons, the customer still wanted Peter as their local SE contact so Exodus made him an offer he couldn’t refuse. As only the third person hired in the Midwest, he helped Exodus grow from an executive suite to two enormous datacenters in the Chicago land area working with such customers as Ticketmaster, Rolling Stone, uBid, Orbitz, Best Buy and others.

Bringing the slightly theatrical and fairly technical together, he covers training, writing, speaking, along with overall product evangelism for F5’s security line. He's also produced over 200 F5 videos and recorded over 50 audio whitepapers. Prior to joining F5, he was the Business Development Manager with Pacific Wireless Communications. He’s also been in such plays as The Glass Menagerie, All’s Well That Ends Well, Cinderella and others. He earned his B.S. from Marquette University, and is a certified instructor in the Wisconsin System of Vocational, Technical & Adult Education.