Top 5 Deadliest Mobile Malware Threats Of 2012

Security pros discuss the most prolific and complex mobile malware threats to appear so far in 2012

While the amount of malicious software focused on the growing number of mobile devices on the market remains a drop in the bucket next to the amount targeting PCs, attackers are steadily turning the devices in consumers pockets into targets.
So far this year, several pieces of malware have popped onto the radar and underscored the growing sophistication of cybercriminals targeting mobile devices. After fielding feedback from security pros, here in no particular order is Dark Readings list of the five most dangerous, sophisticated, and prolific pieces of mobile malware that have appeared thus far in 2012.
1. FakeInst SMS Trojan and its variants
FakeInst disguises itself as popular apps like Instagram, Opera Browser, [and] Skype, and sends SMS messages to premium-rate numbers, says Jerry Yang, vice president engineering at mobile security firm TrustGo.
It is selected because it has been widely infected. There are many variants in the FakeInst family, such as RuWapFraud, Depositmobi, Opfake, and JiFake, Yang says. Sixty percent of total Android malware we found belong to the FakeInst family. Geographically, it mainly exists in Russia. There are also samples found from all over the world.
2. SMSZombie
Also on the list is
SMSZombie
, which was recently spotted in third-party markets in China and has infected more than 500,000 devices in the past few weeks. The malware works by sending SMS messages to China Mobiles online payment system and top-up designated accounts, Yang explains.
The amount of payment, frequency, and destination are all controlled by malware developer, he says. It is significant because it takes extra steps to protect itself.
Once installed, it obtains Device Admin privileges and is very difficult to remove, prompting TrustGo to publish details of a manual removal process on its blog.
We expect more Android malware will adopt similar techniques to protect themselves, he says.
3. NotCompatible
Discovered by Lookout Mobile Security in April, NotCompatible is the first piece of mobile malware that used websites as a targeted distribution method, notes Derek Halliday, lead security product manager at Lookout.
NotCompatible is automatically downloaded when an Android browser visits an infected website, he says. The downloaded application is disguised as a security update in an attempt to convince the user to install it.
If it successfully installed, NotCompatible can potentially be used to gain access to private networks by turning an infected Android device into a network proxy, and can be used to gain access to protected information or systems, Halliday says.
4. Android.Bmaster
Bundled in with legitimate applications, Android.Bmaster was spotted on a third-party Android app market earlier this year. The majority of the infected victims were Chinese users. Once on the device, the malware swiped sensitive data from the phone, including the Cell ID, location area code, and IMEI (International Mobile Equipment Identity) number, and caused users to send SMS messages to premium numbers.
Analysis of Android.Bmasters
command-and-control
servers indicate the total number of infected devices connected to the botnet over its entire life span numbered in the hundreds of thousands, says Kevin Haley, director of Symantec Security Response. The number of infected devices able to generate revenue on any given day ranged from 10,000 to 30,000, enough to potentially net the botmaster millions of dollars annually if the infection rates are sustained.
5. LuckyCat
LuckyCat was the name given to a campaign of targeted attacks that struck the aerospace and energy industries in Japan as well as Tibetan activists and others. To broaden their attack, the perpetrators have brought the attack to the
Android platform
.
Once installed, the application displays a black icon with the text testService, and opens a backdoor on the device to steal information.
Luckycat is the first APT [advanced persistent threat] targeting Android platform, TrustGos Yang says. It is a Trojan horse for Android devices that opens a back door and steals information on the infected device.
Have a comment on this story? Please click Add Your Comment below. If youd like to contact
Dark Readings
editors directly,
send us a message
.

Last News
▸ ArcSight prepares for future at user conference post HP acquisition. ◂ Discovered: 07/01/2025 Category: security	▸ Samsung Epic 4G: First To Use Media Hub ◂ Discovered: 07/01/2025 Category: security	▸ Many third-party software fails security tests ◂ Discovered: 07/01/2025 Category: security

**Cyber Security Categories**
Google Dorks Database	Exploits Vulnerability	Exploit Shellcodes

CVE List

Tools/Apps

News/Aarticles

Phishing Database

Deepfake Detection

Trends/Statistics & Live Infos

Tags:
Top 5 Deadliest Mobile Malware Threats Of 2012