The number of mobile malware variants targeting smartphone and tablet users has risen by 49 percent since last year, with Android the overwhelming target, a new report said.
The number of mobile malware variants active in the wild rose from 100 to 149 in its Q1 2013 Threat Report, published by Finnish security firm F-Secure.
Google Android remained the most insecure ecosystem, with 91 percent of the malware targeting the platform, the report said. Below it, Nokia’s Symbian operating system spoke for the other nine percent of known mobile malware.
The complexity of the attacks also increased during the period and that criminals are now using spam as well as Trojan-laden apps to infect Android devices, F-Secure researchers said. Previously, the majority of Android malware hid out in apps on the official Google Play store and third party marketplaces.
The move to spam is an alarming one as it will allow criminals to create more tailored targeted attacks to dupe their victims into clicking infected links, or downloading malicious attachments, said F-Secure security analyst Sean Sullivan. A recent spam campaign attempting to spread the Stels Trojan by masquerading as a message from the U.S. Internal Revenue Service, as an example of how dangerous criminals’ use of spam could be, Sullivan said.
The message purported to be a legitimate message about the user’s tax, instructing them to click on an attachment contained in the message. When downloaded, the attachment infected the Android handset with the crimeware, letting the criminals steal information stored on the device and steal money by making calls to premium numbers. Sullivan listed the scam as a “game changer” in the security community.
The report also highlighted a recent fraud scam in India as a further example of how ingenious criminals’ mobile scams can be. It said: “[This quarter marked the] discovery of the first Android advanced fee fraud. [It targets users with a] fake job ‘offer’ Android app in India that informs the user is they are being considered for a position at Tata Group, an Indian multinational company. To arrange the interview, the app asks for a refundable security deposit.”