Mobile ransomware & banking malware thrive as hackers put focus on mobile

News by Jay Jay

Security patches introduced by Apple and Google reduced instances of jailbreaking and minimised firmware flaws, but the use of mobile ransomware, banking malware, and malicious apps by cyber-criminals shot through the roof in 2017.

Even though security patches introduced by the likes of Apple and Google reduced instances of jailbreaking and minimised firmware flaws, the use of mobile ransomware, banking malware, and malicious apps by cyber-criminals shot through the roof in 2017.

Several ransomware variants, which were used to great effect by hackers in the past few years to victimise enterprise IT systems and personal desktops, have been modified by hackers to infect modern smartphones. The urge to infect smartphones is so high that hackers have been freely sharing ransomware codes to launch more and more ransomware attacks on unsuspecting mobile users.

According to Trend Micro's Mobile Threat Landscape report for 2017, the number of mobile ransomware samples analysed by the firm rose from a little over 120,000 in 2016 to 468,837 samples in 2017, signifying a rise in such attacks by 415 percent. As many as 424,200 such samples were variants of SLocker whose source codes were released publicly on GitHub last year, enabling more and more criminals to develop new variants to launch attacks on smartphones.

The firm also oberved that a significant majority of mobile ransomware attacks took place in Asian countries like China, Indonesia, India, and Japan, with China suffering as many as 153,885 attacks alone in 2017. In comparison, the United States and Germany faced only 8,899 and 6,932 unique threats respectively.

Aside from SLocker, Trend Micro researchers also observed several thousand variants of another popular ransomware dubbed LeakerLocker which not only locked screens and scrambled files, but were also used by cyber-criminals to extort money from victims by threatening to send personal data to their contacts. 

To maximise their effect, hackers using variants of SLocker also used speech recognition instead of codes to unlock devices, made victims scan QR codes to view ransom amounts, offered tips to victims on how to create their own ransomware, and abused Android's Accessibility feature to deliver their malware.

With over two billion mobile phone users across the world expected to use mobile banking apps and services by 2020, Trend Micro also observed a major rise in banking malware attacks on mobile devices, while describing new variants as more obfuscated, persistent, and flexible. Overall, the firm observed the number of unique mobile banking malware samples rising from 55,693 samples in 2016 to 108,439 unique samples in 2017.

Just like ransomware attacks, a significant majority of banking malware attacks were observed in Asian countries including Indonesia, India, China, Japan and the Philippines, with Indonesia and India accounting for 1,548,758 and 1,042,980 attacks respectively last year. In comparison, Canada and Brazil, which also featured in the list of the top ten affected countries, faced only 102,034 and 85,422 banking malware attacks in the same period.

According to the researchers, a well-known banking malware dubbed BankBot was used in a majority of such attacks, thanks to the fact that the malware's source code was dumped in an underground hacking forum last year.  
"BankBot's latest versions spoof 160 banks from 27 countries, with one sample alone downloaded 5,000 – 10,000 times. BankBot had anti-signature and anti-sandbox capabilities. It also carried out command-and-control (C&C) communication by abusing Firebase Cloud Messaging, Google's cross-platform messaging back-end service, as a middleman between their C&C servers and their victim's data," they noted.

The firm also observed a rise in the number of mobile malware being used in cyber-espionage campaigns, with most of them being offshoots or modified variants of malware that were used to spy on desktops. Specifically crafted to steal messages, contact lists, photos, audio and video files and to spy on calls, camera and social media activities, mobile variants of malware like AnubisSpy and GnatSpy saw increased action in the Middle East, South Asia and Eastern Europe.

"The mobile threat landscape of 2017 was riddled with an unprecedented surge of mobile ransomware, a thriving niche of banking Trojans, pronounced cyber-espionage-related campaigns, and the permeating, real-life repercussions of security gaps in devices. Indeed, last year's notable mobile threats are a reflection of the platform's ubiquity, the nascent technologies that will power them in the long term, and the security risks that come with it.

"On a positive note, the threat landscape is also prompting a stronger approach to mobile security — as reflected by initiatives on mobile vulnerability research and proactive coordination with various vendors and platforms," the firm added.

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews