Threats from Mobile Ransomware & Banking Malware Are Growing

The number of unique mobile malware samples increased sharply in 2017 compared to a year ago, according to Trend Micro.

After years of focusing their attention largely on desktop systems, cybercriminals have, as expected, begun ramping up attacks on mobile devices.
Ransomware, banking malware, and other threats aimed at smartphones increased sharply in volume last year and will pose a growing threat to organizations and individuals in 2018 and beyond, Trend Micro said in a
report
released Monday.
In keeping with past trends, a vast majority of the threats affected Android devices and those downloading mobile applications from unofficial third-party stores.
But for the first time, people getting apps from Googles official Play mobile app store were affected significantly as well. According to Trend Micro, it found 30,000 more malicious applications published on Google Play last year than it did in 2016. The threats were harder to detect because they often hid in encrypted traffic and behind legitimate application functionality.
Apples walled garden, though much harder to scale, wasnt completely impervious, either. Many applications infected with adware and other unwanted functionality found their way to the companys App Store. Android is the predominant platform today for most malicious apps, including ransomware, says Jon Clay, director of global threat communications for Trend Micro. But iOS appears to be a platform that threat actors are starting to target due to the number of potential victims, he adds. Apples walled garden makes it a more difficult platform to compromise.
Trend Micros report comes amid
growing enterprise concerns
over the threat to data security posed by mobile devices. Eighty-five percent of the respondents in a recent survey by Verizons wireless group said their organizations faced at least a moderate threat from mobile devices, with 74% saying those risks had increased over the past year. Four out of 10 see it as a significant risk. Over a quarter of respondents said their organizations had suffered at least one security incident involving a mobile device.
In 2017, Trend Micros Mobile App Reputation Service (MARS) analyzed more than 468,830 unique mobile ransomware samples. That number represented a 415% increase in new ransomware from 2016, according to the security vendor. Mobile ransomware detections were highest in China, which accounted for nearly one-third of all detections, followed by Indonesia, India, and Japan.
The most pervasive mobile ransomware in 2017 was SLocker, an Android file-locking malware tool that alone accounted for more than 424,000 of the unique samples that Trend Micro analyzed during the year.
The reason for SLockers pervasiveness stemmed from the fact that its authors released the malwares source code publicly. This ensured that a lot more threat actors had access to the code and resulted in multiple versions of SLocker in the wild, each with different capabilities and ransom demands. One variant mimicked the user interface of the WannaCry crypto malware and was assembled using a do-it-yourself Android development kit, Trend Micro said.
On the (relatively) good news front, less than 1% of the mobile ransomware samples that Trend Micro spotted last year actually ended up hitting end-user devices. When we look at the number of queries to our mobile app reputation service to see if an app is good or bad, they come back as detections around 0.27% of the time, Clay says. In raw numbers. we had 28 billion queries and 75 million detections, he says.
A vast majority of the mobile ransomware that Trend Micro spotted last year was also not as sophisticated in capabilities as desktop versions of the malware. For instance, PC-based ransomware often uses obfuscation techniques that make it harder to detect than mobile versions, Clay says.
Ransomware was not the only mobile threat. In 2017, the number of unique mobile banking malware samples that Trend Micro spotted increased 94%, to 108,439.
With banking increasingly becoming an integral part of mobile device usage, attackers have begun building more-sophisticated capabilities into their mobile banking malware. They blended in with legitimate processes — or masqueraded as one — to stay under the radar, steal more than just credit card data, and bypass security mechanisms, Trend Micro noted.
For example, the security vendor pointed to BankBot, malware with phishing templates for 160 banks, equipped with anti-sandbox and anti-signature capabilities and capable of communicating with command-and-control servers using Googles Firebase Cloud Messaging services. One BankBot version found its way to Google Play and was downloaded between 5,000 and 10,000 times last year alone, according to Trend Micro.
Related content:
The Mobile Threat: 4 out of 10 Businesses Report Significant Risk
Can Android for Work Redefine Enterprise Mobile Security
Vulnerable Mobile Apps: The Next ICS/SCADA Cyber Threa
t
7 Cryptominers & Cryptomining Botnets You Cant Ignore

Black Hat Asia returns to Singapore with hands-on technical Trainings, cutting-edge Briefings, Arsenal open-source tool demonstrations, top-tier solutions and service providers in the Business Hall. Click for information on the
conference
and
to register.

Last News
▸ ArcSight prepares for future at user conference post HP acquisition. ◂ Discovered: 07/01/2025 Category: security	▸ Samsung Epic 4G: First To Use Media Hub ◂ Discovered: 07/01/2025 Category: security	▸ Many third-party software fails security tests ◂ Discovered: 07/01/2025 Category: security

**Cyber Security Categories**
Google Dorks Database	Exploits Vulnerability	Exploit Shellcodes

CVE List

Tools/Apps

News/Aarticles

Phishing Database

Deepfake Detection

Trends/Statistics & Live Infos

Tags:
Threats from Mobile Ransomware & Banking Malware Are Growing