Fears of cyber attacks on mobile devices still remain a top issue among security professionals and smartphone malware heads the list, according to a new report just released.
There was more virus activity in the first quarter of 2011 than there was in the last quarter of 2010, according to Panda Security’s latest quarterly malware report.
The report, which analyzed IT security events from Jan. 1 to March 31, highlighted several major security incidents, including the malicious apps found on the Android Market and the successful attack against HBGary Federal by the Anonymous hacktivist group.
Security advisories and proof-of-concepts reporting mobile vulnerabilities emphasized the need to focus on mobile security. Cyber-criminals renewed focus on proven strategies such as infecting smartphones with malware that generates premium-rate text messages. Users are unaware of these messages until they receive their monthly bills. For example, a Russian gang distributed an app that let users send romantic images for Valentine’s Day. When a user tried to send a picture message, a SMS went to a premium rate number.
Malware developers are taking advantage of the fact the Android platform allows users to install applications from anywhere, even though the organizations recommends users stick with the official app store. Even if they can, users should refrain from downloading apps, wallpapers and games from unofficial and questionable sources.
The report highlighted the malicious applications discovered on Google’s Android Market in the beginning of March as “the largest single attack against Android cell phones.” There were over 50,000 malicious applications on Android Market downloaded in just over four days. The apps installed a Trojan which stole personal data and downloaded and installed other apps. Even though the users suffered the hit despite using the official store, Google quickly remediated it as the company removed the malicious apps and several days later remotely uninstalled them from user devices.
A mobile of Zeus Trojan also made the rounds this quarter. The Trojan bypassed the double authentication system implemented by banks and financial institutions. The Trojan prompted users to enter a phone number to which the “security certificate” should go to. When users downloaded the certificate, it had the capability to intercept all SMS messages sent to the phone, such as password codes and security hints used to secure bank accounts.
One reason for the increase in smartphone malware could be because smartphones exceeded PC sales in fourth quarter of 2010, Panda researchers said.
The surge in malware activity in the first three months of 2011 was because of new threats in circulation, PandaLabs researchers found. Cyber-attackers created 26 percent more new threats in this quarter than they did during the first quarter of 2010, and 16 percent more than the fourth quarter of 2010. The laboratory received an average of 73,190 new samples of malware everyday, of which 70 percent were Trojans.