Malware goes smart, too

IT SECURITY experts’ predictions that 2013 would see an increase in malware designed for mobile phones have come true. Experts say the rise of new and already known mobile malware will continue.
“Expectations have been met; we register a higher amount of modifications of so-far known malware,” Gabriel Braniša, analyst at IT security company ESET, who specialises in malware for Android-based mobile devices, told The Slovak Spectator, adding that the first example of so-called ransomware, i.e. malicious software which blocks a device and requires a ransom to unblock it, has also surfaced.

AVG Technologies has registered an increase in the number of detections in Slovakia as well as globally. When omitting the influence of usage of its anti-virus software, the number of infections detected during one day increased 2-4-times, depending on the location, since the start of this year.

“The growth of malware for mobile devices is, apart from others, brought on by the increasing number of smart phone users, as well as that malware creators see an opportunity here to obtain financial benefits,” Jiří Kropáč, the head of AVG VirusLab, told The Slovak Spectator.

The Czech arm of networking and IT security products and services distributor COMGUARD cited the McAfee Threats report for the second quarter of 2013, according to which malware for Android-based mobile devices increased three times compared with the same period of 2012. Petr Konečný, responsible for inside sales at COMGUARD, added that during the first quarter of 2013 a moderate decrease in new kinds of malware for Android-based mobile devices was reported. But this trend was not seen in the second quarter of 2013 and its number increased considerably.

Malware for mobile devices

The architecture of operating systems used in mobile phones makes them less prone to infection by malware designed for common computers. But experts do not consider smart phones to be much more resistant or safer as a result.

“The current trend to integrate on a mobile device applications for access to company as well as private data, and to work with them, plays into the hands of the creators of various malware,” Michal Válek, pre-sales consultant at COMGUARD, told The Slovak Spectator. “It depends a lot on the end-user, how he behaves and uses his device.”

Válek stresses the need to respect at least basic security rules. Otherwise, even a sophisticated system is unable to protect the device.

Braniša agrees, adding that for the time being everything is globally interconnected – mobile operating systems, applications, global digital shops and so on; attackers only to need to handle the issue of language diversity. He cited abuse of paid services, spyware and aggressive advertisements as being among the biggest local threats.

Kropáč specified that such infections may be making calls or sending short messages to premium-rate telephone numbers. Then there are applications which violate internet and mobile banking and thus obtain sensitive or private information.

“Because Slovakia, equally to the Czech Republic, is with regards to the size of its population a relatively small ‘market’, it is not so attractive for creators of such malware,” said Kropáč, adding that such applications designed for Slovak users are more the exception.

On the other hand, Válek said that the usage of local languages instead of English has started occurring more often in Slovakia and the Czech Republic, which makes these threats more dangerous for ordinary users. He listed among the threats endangering smart phone users in Slovakia and in the Czech Republic the theft of bank information via Trojan horses, known as phishing attacks, or pharming, a more sophisticated variation of phishing.

More mobile malware expected

IT experts forecast a further increase in mobile malware.

“With regards to so-far reports from virus labs of IT security product producers from this year, it is possible to assume another increase of new patterns of malware and it is valid that more than 95 percent of malware will be focused on the Android,” said Konečný. “In 2012 there were analysed almost 35,000 new kinds of malware and for this year it is expected that the total number will reach the level of 60,000. Alas, because of the popularity of the Android platform, a similar trend can be forecast for 2014, too.”

According to Kropáč of AVG, in terms of the number of infections, the trend is growing and AVG expects it will continue to do so in the foreseeable future. However, it is difficult to forecast trends in malware development because anti-virus companies actually respond to the development.

“It is possible to predict more frequent usage of security holes of operating programmes and applications, obfuscation of malware, server-side polymorphism, the creation of more sophisticated botnets and others,” said Kropáč.

With regards to new functions of security products, and because of the increasing usage of cloud services and applications and access to them from mobile devices, Válek expects that producers will focus on securing cloud solutions with special attention to mobile devices and protection of company data.

Kropáč expects that behavioural detection of installed applications, more sophisticated heuristic functions and emulators of mobile codes will be some of the new functions creators of security solutions may implement.

“It is also possible to expect that producers of mobile operating systems themselves will incorporate into their systems security mechanisms with the aim of protecting unaware users as much as possible,” said Kropáč.

ESET stressed that mobile devises are starting to be protected in a similar way as computers.

“Apart from an anti-virus [programme], they also contain in some cases anti-phishing protection, which is able to find out whether you have opened in your mobile browser a website trying to lure from you private data, or tries to navigate your mobile to malicious content,” ESET spokesperson Zuzana Hošalová told The Slovak Spectator. “The protection is adapted to the mobility of these devices.”

According to Hošalová, thanks to some anti-virus applications, it is possible to find a lost mobile or to delete data from the device from a distance in case it is lost and contains sensitive data.

“They also manage to block calls [and] short or multimedia messages; for example, when the user wants to block a telephone number which constantly offers to sell him bamboo socks or something similar,” said Hošalová.