Security firm McAfee has reported that after decreasing slightly in the first three months of this year, mobile malware has rebounded, with 17,000 new Android malware species detected in the second quarter of 2013.
This rise indicates that cyber criminals are focusing their efforts on infecting smartphones rather than computers, as people are using their phones more frequently — particularly for activities that were traditionally done with a computer, such as online banking.
“The fuzzy line between your computer and your cellphone is almost blasted away at this point in time,” said Adam Wosotowsky, a messaging-data architect at McAfee. “There’s really not that much of a difference between your cellphone and your computer anymore.”
In other words, more people are using their cellphones for personal tasks such as banking, but don’t realize that they need to be as secure with their handsets as they are with their computers.
McAfee detected four new types of malware that not only steal banking logins and passwords, but also intercept text messages that include safety codes used for two-factor authentication; this, in turn, gives cyber criminals complete control over a victim’s bank account.
As mobile banking increases in popularity, fraudsters have come to realize that there’s a lot of money to make — even more so than in traditional cellphone frauds.
“Previously, if you were to infect somebody’s phone, you were going to make money by premium SMS or premium phone calls. Now, we’re actually seeing banking fraud occurring to your phone because they’re basically little computers,” Wosotowsky said.
This is usually done through fake apps that pose as legitimate bank apps, but actually contain malware designed to steal credentials and intercept security codes sent via SMS. Wosotowsky noted that this is a particularly big risk in Asia, where users rely more on third-party app stores, because content on Google Play is written mostly in English. (And as we’ve learned before, third-party app stores aren’t very safe.)
“Unfortunately there’s not nearly as much of an oversight associated with these unofficial app stores as compared to the normal Android store, which is very tightly controlled from a security perspective,” Wosotowsky said.
The first six months of 2013 also showed the resurgence of ransomware, according to the report. Ransomware is a special type of malware that infects and locks a victim’s computer or phone, and then flashes a message requesting payment to unlock it.
During the second quarter of this year, McAfee discovered more than 320,000 new samples of ransomware — that’s more than twice as many as last quarter.
“One reason for ransomware’s growth is that it is a very efficient means for criminals to earn money because they use various anonymous payment services,” the report said.
Sometimes the cyber criminals ask for less than $40, so it makes more sense to pay the ransom fee than go to a shop and shell out money for assistance, Wosotowsky explained.
Other notable trends detected in the second quarter of 2013 is the comeback of email spam. McAfee detected 2 trillion spam messages in April alone — the highest number since December 2010.
To protect themselves from mobile threats, users must avoid using third-party app stores and downloading .APK files, which have previously been used as spyware. Wosotowsky emphasized that users need to start changing their mindsets towards mobile malware.
“A lot of people aren’t used to thinking about their cellphone as a computer; they’re used to thinking about their cellphone as a tool, or an implement that just magically does whatever it’s supposed to do, and it’s not vulnerable to infections.”