Kaspersky Lab spots mobile malware interest on bank accounts
February 27, 2014 by Nancy Owano
Looking at data for 2013, Kaspersky Lab analysts said it is clear that the mobile malware sector has grown up to be a breed of sophisticated pickpockets with slick techniques and with special sights on robbing money from bank accounts. A report from Kaspersky Lab stated it was safe to say that "today's cybercriminal is no longer a lone hacker but part of a serious business operation."
The criminals who are focused on mobile banking as targets unleash advanced programs that are Trojans targeting accounts, in what has become an attractive source of criminal earnings. "Mobile Malware Evolution: 2013" reported on attempts to steal data from mobile phones and tablets. "Most mobile malware is designed to steal users' money, including SMS-Trojans, and lots of backdoors and Trojans," wrote lab analysts Victor Chebyshev and Roman Unuchek. Over the year, the number of mobile malware modifications designed for phishing, theft of credit card information and money increased by a factor of 19.7. At the beginning of the year, the authors said they knew only 67 banking Trojans. By the end of the year there were 1321 unique samples.
Another finding: Mobile banking attacks were more abundant in certain geographic areas. They said the top five countries with the highest number of attacked users were Russia, India, Vietnam, Ukraine and the UK, accordingly. In Russia, mobile cybercrime is particularly prevalent and 40.3% of all users attacked worldwide in 2013 were located in that country..
The report noted, though, that Russia and the CIS (Commonwealth of Independent States) countries often serve as a testing ground for new technologies. "Having perfected their technologies in the Russian-language sector of the Internet, the cybercriminals then turn their attention to users in other countries."
While the majority of :banking Trojan attacks target users in Russia and the CIS, Chebyshev said that given the cybercriminals' keen interest in user bank accounts, the activity of mobile banking Trojans is expected to grow in other countries in 2014.
A total of 143,211 new modifications of malicious programs targeting mobile devices were detected in all of 2013 (as of January 1, 2014).
Android—whether, as some argue, because of its popularity or others, because of architecture vulnerability—showed up in the findings as a prime target for malicious attacks. Most (98.05%) of all malware detected last year targeted this platform.
The authors named specific types of "malicious innovations" targeting bank accounts. The list included the Perkele Android Trojan, attacking Russian users and clients of European banks. Its main task is to bypass the two-factor authentication of the client in the online banking system.
They also cited a Korean malicious program Wroba, which searches for mobile banking applications, removes them and uploads counterfeit versions. "From the outside, they are indistinguishable from the legitimate applications. However, they possess no banking functions, and merely steal the logins and passwords entered by users."
Frequency, geographic targeting and types do not complete the picture of what is going on in mobile banking theft. The report also examined the maturity of what is now a "cyber industry" motivated to profit as effectively as possible The report said various types of actors involved in the mobile malware industry include virus writers, testers, interface designers of malicious apps and the web pages they are distributed from, owners of partner programs that spread the malware, and mobile botnet owners.
What's more, criminals are increasingly using obfuscation, which Kaspersky Lab described as the deliberate act of creating complex code to make it difficult to analyze. "The more complex the obfuscation, the longer it will take an antivirus solution to neutralize the malicious code. Tellingly, current virus writers have mastered commercial obfuscators."
© 2014 Phys.org