Mobile payments soar in tandem with malware

June 4, 2013 1:55 pm

Cybercriminals are seeing broadened means of targeting mobile users with the popularity of both mobile browsing and multiple billions of app downloads creating opportunities for an expanded target base.

Attacks on mobile platforms are here to stay, with browser vulnerabilities infecting devices in addition to social engineering and phishing techniques, according to research by Trend Micro.

“In 2013, IT managers here will have to deal with the highest level of targeted attacks the region has ever witnessed. Today’s attacks are financially motivated,” says Ihab Moawad, Vice President of Trend Micro for the Middle East, Africa and Mediterranean.

Mobile web threats are no longer limited to clicking malicious links on PCs. Smartphones now face the same kinds of threat previously seen on their PC cousins-all in roughly three years.

Through the use of malicious URLs, cybercriminals are able to infiltrate mobile devices. Trend Micro points out two motivations cybercriminals have for using them. First, malicious URLs make launching online attacks easier, and second, they allow cybercriminals to cover a wide target area comprising Internet-ready mobile devices.

Attack scenarios often involve social engineering techniques designed to trick mobile device users into clicking malicious URLs and downloading malicious Android application package (APK) files. Once these files are in place, the mobile device’s security is compromised.

Around 60% of malicious URLs queried by malicious apps use North American domains; while 24% and 16% use EMEA (European, Middle Eastern, and African) and Asia Pacific domains, respectively.

Malicious URLs are ‘disease vectors’, which means they are used by cybercriminals as a way to spread mobile malware. But this is not the sole purpose of malicious URLs. They can also be used to infiltrate the user’s device and foster outbound communication.

Malicious apps and backdoor tactics

Not only does mobile malware, such as downloaders and backdoors, rely on malicious URLs to infiltrate mobile devices, they also need them to send or request additional information required to perform specific functions. Almost 17% of the mobile malware Trend Micro as found so far have malicious URLs embedded in them.

Malicious downloaders use malicious URLs to download and install additional malicious files and components in your device. They request information and receive malicious packages in return.

Backdoors also take advantage of malicious URLs in the same way. Once installed in a mobile device, they communicate with remote sites to acquire new scripts, which they can then parse and use.

In January this year, a backdoor used a malicious URL to download a script it needed to update the one currently running on the infected device. When the said script is integrated into the malware, the malware is able to avoid anti-malware detection. This new ability allows the backdoor to download a new variant of itself from a malicious URL. The same script also contains customized commands a remote attacker can execute. In this particular case, executing these commands causes a notification asking you to download other files to appear.

This example reveals that two-way communication between mobile malware installed in a device and malicious URLs is possible. Since attackers can now remotely ask you to download more malicious files onto your device, it’s also likely that they can perform more intrusive or damaging tasks.

Another backdoor tactic, detected earlier this year, allows cybercriminals to execute commands like sending and deleting messages and making phone calls. These can result in unnecessary charges on mobile phone bills. The backdoor also allows cybercriminals to send user’s contact list and GPS location to malicious domains.

Combining common sense with security

The relationship between mobile malware and malicious URLs is often overlooked. When they work together, they pose a serious threat to mobile devices as well as information and privacy. Any data users store in their mobile device will be ripe for the picking. Personal details, messages, and the like can be stolen and sold underground by cybercriminals.

Though it’s advisable to double-check granted app permissions, users can’t always be too sure of this safety practice. Cybercriminals are getting better in using social engineering. The limitations of mobile devices like having a small screen make it more difficult to determine malicious apps and URLs from safe ones.

The risk of mobile malware infection is greatly decreased though with the use of a security app. Even if traditional mobile security apps help alleviate threats by blocking the download and installation of malicious files, they don’t completely eliminate the risks malicious URLs pose. Since malicious downloaders and backdoors use malicious URLs to function on the device, an app that relies on web reputation technology is recommendable.

If a mobile device is already infected by malware before one has the chance to install the appropriate security solution, it still isn’t too late. Security apps that use web reputation technology can still stop communication between the mobile malware and the malicious URLs it tries to access.