Cyber criminals are targeting mobile devices, warns latest AVG report

Friday, 27 January, 2012

Internet and mobile security software distributor AVG has released it's latest Community Powered Threat Report which provides insight, background and analysis on the trends and developments in cybercrime over the previous 3 months. The Q4 2011 report includes the risks of QR codes, stolen digital certificates bypassing security on mobile phones and the persistence of rootkits.

“In Q4 we clearly saw the convergence between computers and mobile phones applies to malware too. As phones become more like computers, so do the risks,” said Yuval Ben-Itzhak, Chief Technology Officer, AVG Technologies. “Many sophisticated tricks of the trade from computers are now being repurposed for phones. However, as phones are often tied into billing systems the gains can be far greater.”

AVG warns that 2011 saw a surge in Android malware samples. In December, Google removed 22 malicious apps from the Android market, making the total for 2011 pass the 100 mark. Cyber criminals have now clearly discovered phones as an interesting target, they say.

Highlights from the report include:

QR* codes: Becoming popular for mobile users to insert text and URLs into the mobile device without typing, unfortunately they are also being discovered as an ideal way to distribute malware. The user does not know what lurks behind the QR code until the malware is already installed and running. The report describes the technique used by hackers which they expect to gain momentum in 2012: Putting a malicious QR code sticker onto existing marketing material or replacing a website’s bona fide QR code with a malicious one.

The use of stolen certificates: Now making its way to mobile devices, if a criminal can get their hands on the certificate belonging to a major software developer, their malware can circumvent security provisions and give users a false sense of security.

Rootkits: One of the more serious threats to target operating systems in recent years, rootkits evolved from commercial and financial use to cyber warfare with a specific target (Stuxnet, Duqu 2). The report says that we are currently witnessing the first phase of the rootkit evolution on mobile devices (CarrierIQ 3). They are ever evolving to be more sophisticated with some interesting samples showing up every few months.

The report focusses on one of the latest rootkits, ZeroAccess, a sophisticated, effective rootkit using advanced anti-forensic features. ZeroAccess is a kernel mode rootkit, spying on users and controlled from a remote server. Waiting for commands from the criminals behind it, the rootkit allows the criminals to use the infected machine when and how they wish.

Other findings in the report include:

  • The Blackhole toolkit is currently the most active threat on the web with a share of nearly 50% of all detected instances and over 80% of all toolkits.
  • Around a million malicious mobile events have been detected during Q4 2011
  • The US is still the largest source of spam, followed by the UK. Compared to the previous quarter, the UK jumped from fourth to second place overtaking India and Brazil.
  • Brazil is not just a very active banking Trojan market 4, the report highlights Portuguese as the second most used language in spam messages.

*QR codes are specific, two-dimensional, black on white, square matrix barcodes that are readable by devices such as smartphones. The encoded information, in text, URL or other data format, can be up to 7,089 characters as opposed to the 20 character limit of a standard barcode.

View the AVG Community Powered Threat Report Q 4, 2011

About the report
The AVG Community Powered Threat Report is based on the Community Protection Network traffic and data, collected over a three-month period, followed by analysis by AVG. It provides an overview of web, mobile devices, spam risks and threats. All statistics referenced are obtained from the AVG Community Protection Network.

The AVG Community Protection Network is an online neighborhood watch, helping members of the community to protect each other. Information about the latest threats is collected from customers who choose to participate and shared with the community.

Related News

CrowdStrike to buy Adaptive Shield

CrowdStrike is augmenting its SaaS security capabilities through the acquisition of Israeli-based...

LockBit named nastiest malware of 2024

LockBit, a ransomware malware known to have been used to attack Australian targets, has been...

Extreme Networks launches ZTNA solution

Extreme Networks' new ExtremeCloud Universal ZTNA solution combines cloud network access...


  • All content Copyright © 2024 Westwick-Farrow Pty Ltd