Mobile Trojans were declared winners the year they passed. 2016, there has been a nearly three-fold rise in mobile malware detection compared to 2015. In particular, a total of 8,5 million malicious sites have been identified. This means that within just one year, a volume corresponding to 50% of all malware detected in previous 11 years (15,77 million in the 2004-2015 period) was released.
Primitives were the ones mobile devices advertising Trojans which currently constitute 16 of the top 20 malware, compared to 12 in 2015. These are the findings of its annual report Kaspersky Lab called "Mobile Virusology", which also highlights the evolution of Trojans in his area mobile devices banking. Its special officials Interpol Global Complex for Innovation (IGCI) contributed to the report with an analysis of the mobile devices malware in Dark Website.
2016, Kaspersky Lab Security Products for Mobile Devices reported:
- About 40 million attempts to attacks mobile malware, with over 4 million Android users protected (up from 2,6 million in 2015)
- Over 260.000 detected mobile packages ransomware Trojans (an increase of almost 8,5 times, from year to year)
- More than 153.000 unique users were targeted by mobile ransomware (an increase of 1,6 times higher compared to 2015)
- Over 128.000 mobile banking Trojans were detected (about 1,6 times more than 2015)
Trojan advertisers: have your device already made root?
- The most common types of Trojan 2016 were in ad format, corresponding to 16 from 20 Top Malware
These Trojans are able to remove root rooting rights, allowing malicious software not only to show aggressively ads on infected devices, often making it impossible to use them, but also secretly install other applications. These Trojans were also able to buy apps on Google Play.
In many cases, Trojans were able to exploit previously patched vulnerabilities points, because users had not installed the latest updates.
Furthermore, this malware also installs its extensions to the system index, which makes treatment of the "infected" device quite difficult. Some promotional Trojans have the ability to "pollute" the recovery image, making it impossible to solve the problem even by resetting the factory settings.
Innuendos of this category of malware have been repeatedly found in the official Google Play app store, such as a disguised guide to Pokémon GO. In this case, this application "downloaded" more than 500.000 times and is recognized under the name Trojan.AndroidOS.Ztorg.ad.
Mobile ransomware programs: further increase
- 167 countries have been attacked by programs Trojan-Ransom, size increased by 1,6 times compared to 2015.
- Within 2016, 153.258 unique users from 167 countries were attacked by Trojan-Ransom programs. This number is 1,6 times bigger than 2015.
Modern ransomware overlays the user's operating windows with demanding ones messages, making it impossible to use the device. This component was used by the most famous ransomware in 2016 – Trojan-Ransom.AndroidOS.Fusob.
This Trojan attacks mainly users in Germany, the United States and the United Kingdom, but avoids users in Russia and some neighboring countries. Once it starts, it runs a test in the language of the device and then, after checking the results, it can stop the process. The digital criminals behind these Trojan calls from 100 to 200 dollars to unlock a device. Payment can only be made using pre-paid iTunes cards. King Trojan: an escalating threat
- 2016, over 305.000 users in 164 countries were attacked by mobile devices banking Trojans, compared with over 56.000 users in 137 countries last year.
- Russia, Australia and Ukraine are 3 ranking countries that have been attacked, based on the percentage of attacked users mobile devices banking Trojans in relation to users who have fallen victim mobile devices malware in total.
Mobile banking Trojans have continued to evolve over time. Many of them acquired tools to bypass the new Android security mechanisms and were able to continue stealing information users from the latest versions of the operating system. At the same time, the developers of mobile banking Trojans repeatedly enhanced their creations with new features. For example, the Marcher "family", in addition to the usual overlay of banking applications, often redirects users from the websites of financial institutions to phishing websites. The Dark Web Fallacy
According to Interpol Global Complex for Innovation (IGCI) experts who also contributed to the report, the Dark Web remains an attractive means of conducting illegal business and activities. Given its strong anonymity, low prices and customer-centric strategy, the Dark Web provides a means for criminals to communicate and engage in commercial transactions, buying and selling a variety of products and services, including mobile malware. Mobile malware is available for sale as software packages (eg Remote Access Trojans - RATs), personalized solutions and sophisticated tools, as developed by professionals or, to a lesser extent, as part of a "Bot as a Service" model. Mobile malware is also an "object of interest" for vendor stores, forums and social media.
"2016 continued to increase the number of promotional items Trojans who are able to exploit the rights Great-user. Throughout the year, it was the top threat and we do not see any sign of a change in this trend. Digital criminals take advantage of the fact that most devices do not receive operating system updates (or receive them when it is too late), and are therefore vulnerable to old, known and readily available expoits. In addition, we see that mobile devices landscape is becoming 'suffocating' for digital criminals and are beginning to interact more with the world than the smartphones. Perhaps 2017 will see major attacks on IoT components that will be launched from portable devices, writes Roman Unuchek, Senior Malware Analyst of Kaspersky Lab USA.
