Page 8 - CDM Cyber Warnings November 2013
P. 8
which was found in 32 different apps on Google Play. Both installed a downloader which called
in a premium SMS dialer. The number of estimated infections ranges from two million to nine
million.
But there are far more sophisticated variants emerging much of it designed to steal personal
data. These spy-Trojans target banking information. Mobile malware families have already been
identified that are used exclusively to steal user names and passwords and intercept the SMS-
based transaction authentication numbers used to verify mobile-banking transactions. They’re
sophisticated and delete the message after forwarding it, without the user being aware that
anyone has logged into their account.
Researchers have also identified several mobile malware families that work with existing long-
standing crimeware suites that are typically sold on dark web sites. These crimeware suites
were created to to steal personal banking information by intercepting user login information from
a browser. However, more recently they have been adapted to intercept banking authentication
messages from mobile devices. There have also been instances of official apps from banks
being replaced by mobile banking malware.
To date these attacks are focused on exploiting vulnerabilities within operating systems and
applications. And it can’t have escaped your attention that most of them appear to be aimed at
the Android platform. The rise of Android and iOS, or Samsung and Apple, in the smartphone
market place actually plays into the hands of attackers who can concentrate their endeavours
on one or the other. The open source nature of Android is also its vulnerability as attackers can
find many potential angles of attack. Apple’s tight control of its application ecosystem has a
meant it has reasonably good record on security, but it’s certainly not in the clear.
Security researchers have found a number of ingenious ways to attack and take control of
mobile devices from turning them into portable spies, to using the phone to take pictures
remotely, to lifting transaction data from near-field communications. You can be sure hackers
are already walking in their digital footprints. For sure, the main thrust of activity is currently
aimed at spyware and Trojans simply because that’s where the greatest rewards are. But as
smartphones and tablets become ever more HPC powered and they’re used to control access
to our cars and houses, or monitor health, or simply map out our financial lives, you only need to
look at the rising tide of mobile malware to know with absolute certainty that those who inhabit
the shadow world of hacking are taking note.
8 Cyber Warnings E-Magazine – November 2013 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
