News Feature | May 13, 2014

F-Secure Mobile Threat Report: A Warning To Android Users

By Megan Williams, contributing writer

Government IT News For VARs — December 10, 2014

From Heartbleed to an uptick in cyberthreats across a wide range of industries, security is on everyone’s mind. While most reports have focused on enterprise and general network threats, F-Secure has released a study devoted solely to the vulnerability of mobile apps. The findings are especially important to solutions providers who work in environments with, or considering BYOD policies. It is also worth noting that Android devices showed threat rates that were so much more significant than other platforms, that any solutions provider involved with these devices should pay special attention to this report.

Report Sample And Method

The report centers on information from Q1 of 2014 and features information from sites including the Google Play store, third-party app stores, developer forums, and user submissions, among other sources. Hundreds of thousands of mobile apps were included in the study.

Threats were identified by analyzing each app for malicious code. If any such code was found, it was grouped into families based on patterns identified in the code and behavior.

Results

The sampling identified 275 new threat families on Android alone. iPhone and Symbian recorded one new threat each.

The most common type of malware found were trojans, whose behavior can be broken down into the following eight categories.

  • SMS sending: SMS messages are covertly sent to premium-rate numbers or SMS-based subscription services.
  • File/App Downloading: Unsolicited files or apps are downloaded onto the device.
  • Location tracking: GPS location is silently monitored and behavior is recorded via audio or video.
  • Fake App Scanning: Malware masquerades as mobile antivirus solutions.
  • Link Clicking: Malware silently connects to websites (in order to boost site traffic).
  • Banking Fraud: Banking-related SMS messages are silently monitored and diverted. 
  • Data Stealing: Personal material (files, contacts, photos, and other details) are stolen by the malware.
  • Fee charging: A fee is charged for a legitimate app that is actually free.

It is important to note that in comparison to PC threats, mobile threats are still miniscule. At the same time, F-secure found that its Mobile Security (for Android) solution was sending a steady stream of malware reports to their cloud-based telemetry systems.

Threat Key Findings

  • Android systems are by far under the greatest threat.
  • Great Britain showed more malware activity than any other country by far. (Other countries facing notable threats including the U.S., India, Germany, Saudi Arabia and the Netherlands).
  • The most common type of trojan performed surreptitious SMS-sending (83 percent of trojans fell into this category).
  • The second most common type is trojans involved in silent downloads, data theft, and banking fraud.
  • The second most common type of malware (after trojans) was Backdoors, at 5 percent.

“These developments give us signs to the direction of malware authors,” said Mikko Hyppönen, chief research officer at F-Secure. “We’ll very likely see more of these in the coming months. For example, mobile phones are getting more powerful, making it possible for cybercriminals to profit by using them to mine for cryptocurrencies.”

Recommendations

The report makes several recommendations around keeping devices as secure as possible. These include locking devices, using anti-theft protection solutions (alarms, remote wiping, etc.), message barring (especially for Android devices not currently running Jellybean), monitoring of app permission requests, scanning of all downloaded apps with a mobile antivirus service and, of course, only using trusted services.