Mobile ransomware is a growing threat – report finds 8.5 million mobile malware installations in 2016 and highlights potential new areas for attacks

Mobile-Malware-Android-Phone

Mobile malware is on the rise. That’s according to the latest findings by cyber security firm Kaspersky Lab and its Mobile Malware Evolution 2016 report. The company found that there were three times as many malware installations in 2016 as in 2015, with a total of 8.5 million malicious installations. In addition, the new report highlights the evolution of mobile banking trojans.

Within a single year, Kaspersky Lab detected a volume equal to 50% of all malware found in the last 11 years. Mobile advertising Trojans made up 16 of the top 20 malicious programmes.

From January to December 2016, Kaspersky Lab registered 40 million malicious mobile software attacks.

Kaspersky Lab registered malicious mobile software attacks

Mobile_malware_evolution_2016_en_4-1024x414

During the same time, Kaspersky Lab protected over 4 million unique Android devices compared to 2.6 million in 2015.

Kaspersky Lab protected devices

Mobile_malware_evolution_2016_en_5-1024x414

Mobile ransomware trojans increased 8.5 times year-on-year with over 260,000 detections of installation packages.

In addition, more than 153,000 unique users were targeted by mobile ransomware and over 128,000 mobile banking trojans were detected. That’s almost 1.6 times more than in 2015.

Mobile banking trojans

Mobile_malware_evolution_2016_en_8-1024x414

Overall, mobile attacks were detected in over 230 countries with APAC regions more affected than EMEA or the Americas.

Mobile_malware_evolution_2016_en_6

China topped the rating in 2015 and continued to face increased malware attempts in 2016, but dropped to fourth place overall with Bangladesh now having the highest percentage of mobile users attacked by malware. Iran and Nepal follow closely in second and third spot.

Screen shot 2017-03-06 at 7.26.06 AM

For mobile banking attacks, Russia ranked first in the top 10 with mobile banking trojans found by 4% of mobile users. That’s twice as high as second place runner Australia.

Kaspersky Lab says that among the leading trends of the year were trojans that gained super-user privileges by using vulnerabilities within newer versions of Android. Such root privileges offer trojans the chance to secretly install other ad applications and display ads on infected devices. Such software has been found in the Google Play store hiding inside a guide for Pokemon GO, for example.

Mobile_malware_evolution_2016_en_1-1024x778

Cyber criminals have also been finding new opportunities to bypass the Android protection mechanism, by overlaying system message warnings or employing social engineering tactics to bypass the new Android 6 security feature.

Mobile ransomware is also on the rise. As the name suggests these are trojans which block a user’s device by changing the PIN for example, and demand between $100-200 to unblock it. Such ransoms are usually paid using iTunes codes. In China, victims are frequently told to contact the attacker via QQ messenger to unblock the device.

Mobile banking trojans have also jumped to new highs. Kaspersky Lab explains that these trojans are able to bypass the Android security mechanisms and steal user information. Some trojans also extort money by blocking the operation of a device with a ransom demand window.

In addition, IoT is not being overlooked by cyber criminals. Indeed, WiFi networks are next line of attacks.

The top types of malware included RiskTool files, which increased from 29% to 43% year-on-year. Adware files dropped from 21% to 13% whilst Trojan SMS also continued to decline significantly. However, Trojan-Ransom is catching up quickly.

Mobile_malware_evolution_2016_en_7-1024x554

From these findings it is clear that trojans represent a real threat to mobile device owners. Cyber criminals are becoming ever more inventive and have taken advantage of Android not offering regular security updates.

The report doesn’t mention iOS presumably because iOS offers regular OS updates for its users and hence may be less affected by attacks.