Mobile Trojans were declared winners the year they passed. 2016, there has been a nearly three-fold rise in mobile malware detection compared to 2015. In particular, a total of 8,5 million malicious sites have been identified. This means that within just one year, a volume corresponding to 50% of all malware detected in previous 11 years (15,77 million in the 2004-2015 period) was released.
Primitives were the ones mobile devices advertising Trojans which currently constitute 16 of the top 20 malware, compared to 12 in 2015. These are the findings of its annual report Kaspersky Lab called "Mobile Virusology", which also highlights the evolution of Trojans in his area mobile devices banking. Special Interpol Global Complex for Innovation (IGCI) officials contributed to the report with an analysis of the mobile devices malware in Dark Website.
2016, Kaspersky Lab Security Products for Mobile Devices reported:
- About 40 million attempts to mobile malware attacks, with over 4 million Android users being protected (the corresponding number was 2,6 million 2015)
- Over 260.000 detected mobile packages ransomware Trojans (an increase of almost 8,5 times, from year to year)
- More than 153.000 unique users were targeted by mobile ransomware (an increase of 1,6 times higher compared to 2015)
- Over 128.000 mobile banking Trojans were detected (about 1,6 times more than 2015)
Trojan advertisers: have your device already made root?
- The most common types of Trojan 2016 were in ad format, corresponding to 16 from 20 Top Malware
These Trojans are able to catsloware essential rooting privileges, allowing malware to not only aggressively serve ads to "infected" devices, often rendering them unusable, but also to secretly install other apps. These Trojans were also able to purchase apps on Google Play.
In many cases, Trojans were able to take advantage of previously corrected vulnerabilities because users had not installed the latest updates.
Furthermore, this malware also installs its extensions to the system index, which makes treatment of the "infected" device quite difficult. Some promotional Trojans have the ability to "pollute" the recovery image, making it impossible to solve the problem even by resetting the factory settings.
Innuendos of this category of malware have been repeatedly found in the official Google Play app store, such as a disguised guide to Pokémon GO. In this case, this application "downloaded" more than 500.000 times and is recognized under the name Trojan.AndroidOS.Ztorg.ad.
Mobile ransomware programs: further increase
- 167 countries have been attacked by programs Trojan-Ransom, size increased by 1,6 times compared to 2015.
- Within 2016, 153.258 unique users from 167 countries were attacked by Trojan-Ransom programs. This number is 1,6 times bigger than 2015.
The modern ransomware overlays the windows that run the user with demanding messages, making it impossible to use the device. This item was used by the most popular ransomware software 2016 - Trojan-Ransom.AndroidOS.Fusob.
This Trojan mainly attacks users on Germany, the United States and the United Kingdom, but avoids users in Russia and some neighboring countries. Once started, it runs a check on the device's language and then, after checking the results, it can stop the process from running. The cybercriminals behind these Trojans demand $100 to $200 to unlock a device. Payment can only be made using prepaid iTunes cards. king Trojan: a rising threat
- 2016, over 305.000 users in 164 countries were attacked by mobile devices banking Trojans, compared with over 56.000 users in 137 countries last year.
- Russia, Australia and Ukraine are 3 ranking countries that have been attacked, based on the percentage of attacked users mobile devices banking Trojans in relation to users who have fallen victim mobile devices malware in total.
Mobile banking Trojans continued to evolve over time. Many have acquired tools to bypass the new Android security mechanisms and were able to continue to steal user information from the latest versions of the operating system. At the same time, developers of mobile banking Trojans have repeatedly reinforced their creations with new features. For example, the "family" Marcher, in addition to the usual overlapping of banking applications, often redirects users from the websites of financial institutions to phishing websites. The Dark Web Planet
According to experts from the Interpol Global Complex for Innovation (IGCI), who also contributed to the report, the Dark Web remains an attractive medium for conducting illegal businesses and activities. Given its strong anonymity, low prices and customer-centric strategy, the Dark Web provides a means for criminal actors to communicate and engage in commercial transactions, buying and selling various products and services, including mobile malware. Mobile malware is offered for sale as software packages (eg remote access Trojans – RATs), individual solutions and sophisticated tools, such as those developed by professionals or, on a smaller scale, as part of a 'Bot as a Service' model. Mobile malware is also an "object of interest" for stores suppliers, forums and social media.
"2016 continued to increase the number of promotional items Trojans who are able to exploit the rights Great-user. Throughout the year, it was the top threat and we do not see any sign of a change in this trend. Digital criminals take advantage of the fact that most devices do not receive operating system updates (or receive them when it is too late), and are therefore vulnerable to old, known and readily available expoits. In addition, we see that mobile devices landscape is becoming 'suffocating' for digital criminals and are beginning to interact more with the world than the smartphones. Perhaps 2017 will see major attacks on IoT components that will be launched from portable devices, writes Roman Unuchek, Senior Malware Analyst of Kaspersky Lab USA.
