Martin Holovský, profile picture
Uploaded byMartin Holovský
PDF, PPTX2,640 views

Mobile Malware

This document discusses mobile malware and how to protect against it. It begins by defining malware and listing common types. It then provides statistics on the distribution of mobile operating systems and malware detections. The document outlines sources of mobile malware infections and discusses why mobile devices contain sensitive information. It recommends implementing mobile device management to centrally manage devices and deploy security policies. Examples of recent mobile threats are also described. The document concludes by recommending security best practices like using antivirus software, updating devices, and educating users.

Embed presentation

Download as PDF, PPTX
Mobile Malware Martin Čmelík www.security-portal.cz Hrozby světa mobilních zařízení, Hotel Barceló, Praha - 28.11.2014
What is malware? Malware, short for malicious software, is any software used to disrupt computer operation, gather sensitive information, or gain access to private computer systems. 'Malware' is a general term used to refer to a variety of forms of hostile or intrusive software. source: wikipedia
Types of malware Viruses Worms Trojan Horses Spyware Crimeware Bankers Backdoors Exploits RAT (Remote Access Toolkit) Bootkits Rootkits Ransomware Zombie/Bot, Dropper, … Malware classification tree source: http://www.kaspersky.com/internet-security-center/malware-tree.jpg
Distribution of operating systems Android iOS Windows Phone Blackberry OS Others Source: IDC World Quarterly Mobile Phone Tracker 2Q2014
Malware detections in 2013 (Kaspersky) Android J2ME Symbian Others Source: Kaspersky Mobile Cyber Threats 2014
Distribution of attacks by malware types Trojan SMS RiskTool AdWare Trojan Monitor Exploit Others Source: Kaspersky Mobile Cyber Threats 2014
Few more stats 15 million mobile devices infected worldwide 18% of homes are infected currently 900.000 known malware samples for Android 175.442 unique malicious programs for Android just in H1 2014 4 out of 10 mobile threats are apps used to spy on the phone’s owner (location, calls, sms, email, browsing, …) 59,06% of malware is capable to steal user’s money Source: Knidsight Security Labs Malware Report
Sources of infection Affiliate programs Phishing Malware hidden in application/game on 3rd party stores Redirection to website serving malware/exploit Bluetooth / NFC Link to website/app hosting malware via SMS (57,08%) old (not upgradeable/patchable) versions of Android
What’s interesting on your phone? mail account cloud services social accounts bank account access (53% mobile devices used to pay online) personal information Always-On device private/company data, documents, certificates, knowhow (cyber espionage) …
BYOD - Bring Your Own Droid source: in a galaxy far, far away…
Mobile device management (MDM) Mobile device management (MDM) is an industry term for the administration of mobile devices, such as smartphones, tablets, laptops and desktop computers. MDM is usually implemented with the use of a third party product that has management features for particular vendors of mobile devices. Key functionalities: - Centralized reports on all incidents and policy compliance - Easy deployment and management of endpoints - Granular and robust policies enforceable on devices - Patch management - Application management (blacklists, company store, …) - Access to various company services and applications - Certificate enrollment - DLP (Data Loss Prevention) - Antivirus/Antimalware protection - Protection against tampering - Clients for various platforms …
Exchange ActiveSync policy support EAS could be taken as a very basic type of MDM supported directly by mobile operating systems. In this example are shown just differences across platforms. iOS Android Windows Phone Require device encryption Yes No Yes Disable camera Yes Yes No Allow browser Yes No No Include past email items Yes No No Source: InfoWorld
Curiosity corner First known mobile malware - CARIBE (2004). Affecting Symbian OS. Spread by bluetooth and just shows message “Caribe-V2/29A” First iOS malware - IOS_IKEE (2009). Infect jailbroken devices by SSH connection and default credentials. Changes wallpaper of the device to Rick Astley (80’s pop singer) First Android malware - DROIDSMS. Hide itself in video player. Sending premium SMS First Google Glass malware - MALNOTES. Takes photo every 10 seconds without the wearer knowing ZeuS-in-the-Mobile (ZitMo, 2010) - first cross-platform mobile malware which aim is to forward SMS with mTAN code of hacked bank accounts
Example of latest threats Masque Attack (FireEye) - affecting iOS devices using MDM. Application signed by enterprise certificate could replace valid application with infected if they have same bundle identifier as iOS is not enforcing match of certificates (codesign pinning).
Example of latest threats WireLurker (Palo Alto) - complex trojan which has been distributed by 467 infected applications on 3rd party App Store (Maiyadi). Probably 356 104 successful downloads. Malware can be replicated from Mac OS X to connected iPhone and iPad via USB.
Example of latest threats DoubleDirect (Zimperium) - MitM attack affecting iOS and Android devices. Spoofing ICMP Redirect message from gateway in order to divert traffic via attackers node. In fact for MitM is redirect of DNS IP all what you need :] CVE-2014-7911 affecting all Androids versions except 5.0. Attacker is able to execute arbitrary code and escalate privileges. Other Android versions are not patched and more-likely it will not happen. Trojan-Banker.AndroidOS.Binv.a Published on official Google Play store as banking application of two well known Brazilian banks. Because in Brazil are not used tokens or OTPs, application just showed phishing website and capture credentials.
Example of latest threats NotCompatible - First appeared in 2012 (variant A) - Currently completely rewritten (variant C) - Most sophisticated mobile malware - 4M infected devices operating in botnet - embedded iframe causes automatic download of malware - masking itself as security update - developed as botnet-for-rent - using end-to-end encryption, obfuscation and peer-to- peer communication - sending spams and compromising websites for the drive-by-download attacks - bruteforcing WordPress websites and installing c99 web shells - proprietary and sophisticated CnC protocol - multiplex proxy server
How to protect?
Install good antivirus/antimalware on mobile device Disable/Deny installation from different sources other than official app stores Install applications only from well known developers Do not allow application access data which are not essential for functionality Prevent device jailbraking/rooting Update OS and applications when possible Encrypt whole disk Consider “always-on VPN” functionality Use two-factor authentication for critical applications (tokens, one-time passwords, …) Strict rules for BYOD enforced via MDM or separated network segment Educate users/employees about network and mobile security
Questions?
Thank you! Martin Čmelík www.linkedin.com/in/martincmelik www.security-portal.cz | www.securix.org | www.security-session.cz

More Related Content

PPTX
Android security
byMidhun P Gopi
 
PPTX
Mobile Application Security
byIshan Girdhar
 
PDF
Mobile Security 101
byLookout
 
PPTX
Mobile security in Cyber Security
byGeo Marian
 
PPTX
Mobile security
byHimmatsingh Rajpurohit
 
PPTX
Smartphone security
byManish Gupta
 
PDF
Pentesting iOS Apps - Runtime Analysis and Manipulation
byAndreas Kurtz
 
PDF
Performance optimization for Android
byArslan Anwar
 
Android security
byMidhun P Gopi
 
Mobile Application Security
byIshan Girdhar
 
Mobile Security 101
byLookout
 
Mobile security in Cyber Security
byGeo Marian
 
Mobile security
byHimmatsingh Rajpurohit
 
Smartphone security
byManish Gupta
 
Pentesting iOS Apps - Runtime Analysis and Manipulation
byAndreas Kurtz
 
Performance optimization for Android
byArslan Anwar
 

What's hot

PPTX
Spyware presentation by mangesh wadibhasme
byMangesh wadibhasme
 
PPTX
Flutter presentation.pptx
byFalgunSorathiya
 
PPTX
Cyber attack
byManjushree Mashal
 
PPTX
Virus and antivirus
byzain Ul abadin
 
PPTX
ios vs android presentation
bysahibe alam
 
PPTX
Introduction To Exploitation & Metasploit
byRaghav Bisht
 
PPTX
Android Security
byArqum Ahmad
 
PPTX
Vulnerability assessment and penetration testing
byAbu Sadat Mohammed Yasin
 
PPT
Android Architecture
bydeepakshare
 
DOCX
Final report ethical hacking
bysamprada123
 
PPTX
Mobile security
bypriyanka pandey
 
PDF
Nessus Software
byMegha Sahu
 
PPTX
DVWA(Damn Vulnerabilities Web Application)
bySoham Kansodaria
 
PDF
Building beautiful apps with Google flutter
byAhmed Abu Eldahab
 
PPT
Computer security
byUniv of Salamanca
 
PPTX
mobile infrastructure management
byAkhil Kumar
 
PPT
Android architecture
byKartik Kalpande Patil
 
PPTX
Malware Analysis
byPrashant Gupta
 
PPTX
Android app ppt
byADI ADARSH
 
PPTX
Introduction to Apache Cordova (Phonegap)
byejlp12
 
Spyware presentation by mangesh wadibhasme
byMangesh wadibhasme
 
Flutter presentation.pptx
byFalgunSorathiya
 
Cyber attack
byManjushree Mashal
 
Virus and antivirus
byzain Ul abadin
 
ios vs android presentation
bysahibe alam
 
Introduction To Exploitation & Metasploit
byRaghav Bisht
 
Android Security
byArqum Ahmad
 
Vulnerability assessment and penetration testing
byAbu Sadat Mohammed Yasin
 
Android Architecture
bydeepakshare
 
Final report ethical hacking
bysamprada123
 
Mobile security
bypriyanka pandey
 
Nessus Software
byMegha Sahu
 
DVWA(Damn Vulnerabilities Web Application)
bySoham Kansodaria
 
Building beautiful apps with Google flutter
byAhmed Abu Eldahab
 
Computer security
byUniv of Salamanca
 
mobile infrastructure management
byAkhil Kumar
 
Android architecture
byKartik Kalpande Patil
 
Malware Analysis
byPrashant Gupta
 
Android app ppt
byADI ADARSH
 
Introduction to Apache Cordova (Phonegap)
byejlp12
 

Similar to Mobile Malware

PDF
Article on Mobile Security
byTharaka Mahadewa
 
PDF
Mobile Security for Smartphones and Tablets
byVince Verbeke
 
PDF
MALWARE DETECTION TECHNIQUES FOR MOBILE DEVICES
byijmnct
 
PDF
CNIT 128 5: Mobile malware
bySam Bowne
 
PDF
I haz you and pwn your maal
byc0c0n - International Cyber Security and Policing Conference
 
PPTX
NETC 2012_Mobile Security for Smartphones and Tablets (pptx)
byVince Verbeke
 
PDF
OS-Project-Report-Team-8
byshriram suryanarayanan
 
PDF
Mbs w23
bySelectedPresentations
 
PDF
I haz you and pwn your maal whitepaper
byHarsimran Walia
 
PDF
Malware on Smartphones and Tablets: The Inconvenient Truth
byIBM Security
 
PPTX
Malware Applications Development.pptx
byFullstackSRM
 
PDF
Malware on Smartphones and Tablets - The Inconvenient Truth
byAGILLY
 
PDF
ISACA CACS 2012 - Mobile Device Security and Privacy
byMichael Davis
 
PDF
A Study on Modern Methods for Detecting Mobile Malware
byIRJET Journal
 
PDF
Mobile security article
byKulani Mahadewa
 
PDF
Malware detection techniques for mobile devices
byijmnct
 
PDF
MALWARE DETECTION TECHNIQUES FOR MOBILE DEVICES
byijmnct
 
PPTX
Ms810 assignment viruses and malware affecting moblie devices
byrebelreg
 
PDF
2012 nq mobile_security_report
byIsnur Rochmad
 
PPTX
I haz you and pwn your maal
byHarsimran Walia
 
Article on Mobile Security
byTharaka Mahadewa
 
Mobile Security for Smartphones and Tablets
byVince Verbeke
 
MALWARE DETECTION TECHNIQUES FOR MOBILE DEVICES
byijmnct
 
CNIT 128 5: Mobile malware
bySam Bowne
 
I haz you and pwn your maal
byc0c0n - International Cyber Security and Policing Conference
 
NETC 2012_Mobile Security for Smartphones and Tablets (pptx)
byVince Verbeke
 
OS-Project-Report-Team-8
byshriram suryanarayanan
 
Mbs w23
bySelectedPresentations
 
I haz you and pwn your maal whitepaper
byHarsimran Walia
 
Malware on Smartphones and Tablets: The Inconvenient Truth
byIBM Security
 
Malware Applications Development.pptx
byFullstackSRM
 
Malware on Smartphones and Tablets - The Inconvenient Truth
byAGILLY
 
ISACA CACS 2012 - Mobile Device Security and Privacy
byMichael Davis
 
A Study on Modern Methods for Detecting Mobile Malware
byIRJET Journal
 
Mobile security article
byKulani Mahadewa
 
Malware detection techniques for mobile devices
byijmnct
 
MALWARE DETECTION TECHNIQUES FOR MOBILE DEVICES
byijmnct
 
Ms810 assignment viruses and malware affecting moblie devices
byrebelreg
 
2012 nq mobile_security_report
byIsnur Rochmad
 
I haz you and pwn your maal
byHarsimran Walia
 

Recently uploaded

PPTX
Cloud Computing ppt - SP.pptx by ankit kumar gurjar
byankitingame
 
PDF
Mastering ROS 2 for Robotics Programming.pdf
byssuser4e6c051
 
PDF
Meta (Facebook) Extracts Hundreds of Billions of Wealth from European Citizens
byJulieMeyer42
 
PDF
InfoSec Professionals Roles & Responsibilities
byJoe Shenouda
 
PPTX
7G (7th generation of technology) seminar presentation
bymitalijally6
 
PDF
Guide: Essential Google Search Operators
bySocial Searcher
 
PDF
Why Some Online Profiles Cannot Be Found in Search Results
bySocial Searcher
 
PPT
The Digital Opportunities Taskforce: How to Govern the Internet
byJeffrey Hart
 
Cloud Computing ppt - SP.pptx by ankit kumar gurjar
byankitingame
 
Mastering ROS 2 for Robotics Programming.pdf
byssuser4e6c051
 
Meta (Facebook) Extracts Hundreds of Billions of Wealth from European Citizens
byJulieMeyer42
 
InfoSec Professionals Roles & Responsibilities
byJoe Shenouda
 
7G (7th generation of technology) seminar presentation
bymitalijally6
 
Guide: Essential Google Search Operators
bySocial Searcher
 
Why Some Online Profiles Cannot Be Found in Search Results
bySocial Searcher
 
The Digital Opportunities Taskforce: How to Govern the Internet
byJeffrey Hart
 

Mobile Malware

  • 1.
    Mobile Malware MartinČmelík www.security-portal.cz Hrozby světa mobilních zařízení, Hotel Barceló, Praha - 28.11.2014
  • 2.
    What is malware? Malware, short for malicious software, is any software used to disrupt computer operation, gather sensitive information, or gain access to private computer systems. 'Malware' is a general term used to refer to a variety of forms of hostile or intrusive software. source: wikipedia
  • 3.
    Types of malware Viruses Worms Trojan Horses Spyware Crimeware Bankers Backdoors Exploits RAT (Remote Access Toolkit) Bootkits Rootkits Ransomware Zombie/Bot, Dropper, … Malware classification tree source: http://www.kaspersky.com/internet-security-center/malware-tree.jpg
  • 4.
    Distribution of operatingsystems Android iOS Windows Phone Blackberry OS Others Source: IDC World Quarterly Mobile Phone Tracker 2Q2014
  • 5.
    Malware detections in2013 (Kaspersky) Android J2ME Symbian Others Source: Kaspersky Mobile Cyber Threats 2014
  • 6.
    Distribution of attacksby malware types Trojan SMS RiskTool AdWare Trojan Monitor Exploit Others Source: Kaspersky Mobile Cyber Threats 2014
  • 7.
    Few more stats 15 million mobile devices infected worldwide 18% of homes are infected currently 900.000 known malware samples for Android 175.442 unique malicious programs for Android just in H1 2014 4 out of 10 mobile threats are apps used to spy on the phone’s owner (location, calls, sms, email, browsing, …) 59,06% of malware is capable to steal user’s money Source: Knidsight Security Labs Malware Report
  • 8.
    Sources of infection Affiliate programs Phishing Malware hidden in application/game on 3rd party stores Redirection to website serving malware/exploit Bluetooth / NFC Link to website/app hosting malware via SMS (57,08%) old (not upgradeable/patchable) versions of Android
  • 9.
    What’s interesting onyour phone? mail account cloud services social accounts bank account access (53% mobile devices used to pay online) personal information Always-On device private/company data, documents, certificates, knowhow (cyber espionage) …
  • 10.
    BYOD - BringYour Own Droid source: in a galaxy far, far away…
  • 11.
    Mobile device management (MDM) Mobile device management (MDM) is an industry term for the administration of mobile devices, such as smartphones, tablets, laptops and desktop computers. MDM is usually implemented with the use of a third party product that has management features for particular vendors of mobile devices. Key functionalities: - Centralized reports on all incidents and policy compliance - Easy deployment and management of endpoints - Granular and robust policies enforceable on devices - Patch management - Application management (blacklists, company store, …) - Access to various company services and applications - Certificate enrollment - DLP (Data Loss Prevention) - Antivirus/Antimalware protection - Protection against tampering - Clients for various platforms …
  • 12.
    Exchange ActiveSync policysupport EAS could be taken as a very basic type of MDM supported directly by mobile operating systems. In this example are shown just differences across platforms. iOS Android Windows Phone Require device encryption Yes No Yes Disable camera Yes Yes No Allow browser Yes No No Include past email items Yes No No Source: InfoWorld
  • 13.
    Curiosity corner Firstknown mobile malware - CARIBE (2004). Affecting Symbian OS. Spread by bluetooth and just shows message “Caribe-V2/29A” First iOS malware - IOS_IKEE (2009). Infect jailbroken devices by SSH connection and default credentials. Changes wallpaper of the device to Rick Astley (80’s pop singer) First Android malware - DROIDSMS. Hide itself in video player. Sending premium SMS First Google Glass malware - MALNOTES. Takes photo every 10 seconds without the wearer knowing ZeuS-in-the-Mobile (ZitMo, 2010) - first cross-platform mobile malware which aim is to forward SMS with mTAN code of hacked bank accounts
  • 14.
    Example of latestthreats Masque Attack (FireEye) - affecting iOS devices using MDM. Application signed by enterprise certificate could replace valid application with infected if they have same bundle identifier as iOS is not enforcing match of certificates (codesign pinning).
  • 15.
    Example of latestthreats WireLurker (Palo Alto) - complex trojan which has been distributed by 467 infected applications on 3rd party App Store (Maiyadi). Probably 356 104 successful downloads. Malware can be replicated from Mac OS X to connected iPhone and iPad via USB.
  • 16.
    Example of latestthreats DoubleDirect (Zimperium) - MitM attack affecting iOS and Android devices. Spoofing ICMP Redirect message from gateway in order to divert traffic via attackers node. In fact for MitM is redirect of DNS IP all what you need :] CVE-2014-7911 affecting all Androids versions except 5.0. Attacker is able to execute arbitrary code and escalate privileges. Other Android versions are not patched and more-likely it will not happen. Trojan-Banker.AndroidOS.Binv.a Published on official Google Play store as banking application of two well known Brazilian banks. Because in Brazil are not used tokens or OTPs, application just showed phishing website and capture credentials.
  • 17.
    Example of latestthreats NotCompatible - First appeared in 2012 (variant A) - Currently completely rewritten (variant C) - Most sophisticated mobile malware - 4M infected devices operating in botnet - embedded iframe causes automatic download of malware - masking itself as security update - developed as botnet-for-rent - using end-to-end encryption, obfuscation and peer-to- peer communication - sending spams and compromising websites for the drive-by-download attacks - bruteforcing WordPress websites and installing c99 web shells - proprietary and sophisticated CnC protocol - multiplex proxy server
  • 18.
  • 19.
    Install good antivirus/antimalwareon mobile device Disable/Deny installation from different sources other than official app stores Install applications only from well known developers Do not allow application access data which are not essential for functionality Prevent device jailbraking/rooting Update OS and applications when possible Encrypt whole disk Consider “always-on VPN” functionality Use two-factor authentication for critical applications (tokens, one-time passwords, …) Strict rules for BYOD enforced via MDM or separated network segment Educate users/employees about network and mobile security
  • 20.
  • 21.
    Thank you! MartinČmelík www.linkedin.com/in/martincmelik www.security-portal.cz | www.securix.org | www.security-session.cz