The F-Secure Labs Mobile Threat Report discusses the mobile threat landscape as seen from the fourth quarter of 2012, includes statistics of all mobile malware the F-Secure Response Labs have seen during that period.
Our Mobile Threat Report is out, covering mobile threats found throughout the third quarter of 2012. 67 new families and variants of existing families were discovered, and some platforms that were previously enjoying quiet time (e.g. iOS, Windows Mobile) are now seeing their peace disturbed thanks to the multi-platform FinSpy trojan.
The document discusses the mobile threat landscape in Q2 2012, noting a 64% increase in malicious Android applications from the previous quarter, with 19 new families and 21 new variants identified. New infection methods like drive-by downloads and using Twitter as a bot mechanism were discovered. The report also found a trend in regionally-based attacks targeting banking users in Spain.
Since its debut, Android has quickly claimed significant market share in the mobile market. Unfortunately, such popularity (amongst other factors) makes Android a lucrative target for malware authors. New families and variants of malware keep cropping up each quarter, and this trend shows no sign of slowing down. In Q1 2011, 10 new families and variants were discovered. A year later, this number has nearly quadrupled with 37 new
families and variants discovered in Q1 2012 alone.
This document summarizes the mobile threat landscape in Q1 2012 based on analysis by F-Secure Response Labs. There was a significant increase in malicious Android application package files (APKs) detected, rising from 139 in Q1 2011 to 3063 in Q1 2012. New Android malware families and variants also increased sharply from 10 to 37 between the same periods. Existing malware families like DroidKungFu improved evasion techniques using encryption and randomization, while new threats like RootSmart.A demonstrated more complex infection behaviors like downloading root exploits. Overall, Android threats continued optimizing detection evasion and infection methods while mainly focusing on generating profit through premium SMS.
This document discusses trends in mobile malware, particularly related to Android devices. It finds that the number of Android malware samples has grown significantly, with over 70,000 unique samples known. Several Android malware families are highlighted, including Andr/Boxer and PJApps, which together account for over 65% of detected samples. The document also discusses how mobile device management solutions can help secure devices from malware through application control, patching, and other features.
Mobile Marketing: 99 Ways to Get Your App Noticed - Parisa FosterParisa Foster
This document provides 99 tips for getting a mobile app noticed, as it has become very difficult in today's crowded app market. Some key tips include optimizing the app for discovery in app stores through things like name, description, screenshots and keywords. It also emphasizes the importance of the first two weeks after launch through marketing efforts like press releases, giveaways and social media. Overall the document stresses the need for ongoing marketing both before and after launch to drive downloads and engagement in the competitive mobile landscape.
Next11 Xyologic - In The App Economy Germany Is Not A Technology Adoption Isl...Hmmaha
1) Mobile apps are disrupting industries globally through free apps and in-app purchases rather than paid apps.
2) Local app economies are no longer isolated but instead see international competition from major publishers.
3) Users are increasingly willing to pay for valuable features within free apps related to games, information, services and more through in-app purchases rather than paying for entire apps.
The PandaLabs annual report for 2012 summarizes key security events of the year. Mobile malware increased, targeting Android platforms. Ransomware known as the "Police Virus" spread through social engineering. Cyber attacks targeted corporations and social networks were misused to spread malware. Macs saw their largest infection to date, showing they are also vulnerable. Cyber espionage increased between countries. Trends for 2013 included more ransomware and the continued growth of mobile threats.
Our Mobile Threat Report is out, covering mobile threats found throughout the third quarter of 2012. 67 new families and variants of existing families were discovered, and some platforms that were previously enjoying quiet time (e.g. iOS, Windows Mobile) are now seeing their peace disturbed thanks to the multi-platform FinSpy trojan.
The document discusses the mobile threat landscape in Q2 2012, noting a 64% increase in malicious Android applications from the previous quarter, with 19 new families and 21 new variants identified. New infection methods like drive-by downloads and using Twitter as a bot mechanism were discovered. The report also found a trend in regionally-based attacks targeting banking users in Spain.
Since its debut, Android has quickly claimed significant market share in the mobile market. Unfortunately, such popularity (amongst other factors) makes Android a lucrative target for malware authors. New families and variants of malware keep cropping up each quarter, and this trend shows no sign of slowing down. In Q1 2011, 10 new families and variants were discovered. A year later, this number has nearly quadrupled with 37 new
families and variants discovered in Q1 2012 alone.
This document summarizes the mobile threat landscape in Q1 2012 based on analysis by F-Secure Response Labs. There was a significant increase in malicious Android application package files (APKs) detected, rising from 139 in Q1 2011 to 3063 in Q1 2012. New Android malware families and variants also increased sharply from 10 to 37 between the same periods. Existing malware families like DroidKungFu improved evasion techniques using encryption and randomization, while new threats like RootSmart.A demonstrated more complex infection behaviors like downloading root exploits. Overall, Android threats continued optimizing detection evasion and infection methods while mainly focusing on generating profit through premium SMS.
This document discusses trends in mobile malware, particularly related to Android devices. It finds that the number of Android malware samples has grown significantly, with over 70,000 unique samples known. Several Android malware families are highlighted, including Andr/Boxer and PJApps, which together account for over 65% of detected samples. The document also discusses how mobile device management solutions can help secure devices from malware through application control, patching, and other features.
Mobile Marketing: 99 Ways to Get Your App Noticed - Parisa FosterParisa Foster
This document provides 99 tips for getting a mobile app noticed, as it has become very difficult in today's crowded app market. Some key tips include optimizing the app for discovery in app stores through things like name, description, screenshots and keywords. It also emphasizes the importance of the first two weeks after launch through marketing efforts like press releases, giveaways and social media. Overall the document stresses the need for ongoing marketing both before and after launch to drive downloads and engagement in the competitive mobile landscape.
Next11 Xyologic - In The App Economy Germany Is Not A Technology Adoption Isl...Hmmaha
1) Mobile apps are disrupting industries globally through free apps and in-app purchases rather than paid apps.
2) Local app economies are no longer isolated but instead see international competition from major publishers.
3) Users are increasingly willing to pay for valuable features within free apps related to games, information, services and more through in-app purchases rather than paying for entire apps.
The PandaLabs annual report for 2012 summarizes key security events of the year. Mobile malware increased, targeting Android platforms. Ransomware known as the "Police Virus" spread through social engineering. Cyber attacks targeted corporations and social networks were misused to spread malware. Macs saw their largest infection to date, showing they are also vulnerable. Cyber espionage increased between countries. Trends for 2013 included more ransomware and the continued growth of mobile threats.
The PandaLabs annual report for 2012 summarizes key security events of the year. Mobile malware increased, targeting Android devices especially through third-party app stores. Ransomware like the "Police Virus" spread through social engineering. Cyber attacks targeted corporations and governments. Macs saw their largest infection to date, showing they are also vulnerable. Trends in social media threats and cyber espionage were analyzed. The report concludes with a forecast of security trends for 2013.
Security Issues in the Mobile EnvironmentLigia Adam
The document discusses security issues related to mobile applications and devices. It makes several key points:
1) Mobile device usage and app downloads are increasing rapidly worldwide. There were over 6 billion mobile subscriptions and 1.2 billion mobile web users in 2011.
2) Android devices are highly vulnerable to malware attacks, which have increased over 4500% in the last year for Android. The document expresses concerns about privacy issues and data leakage from iOS apps as well.
3) The document predicts that mobile security threats will get worse before improving, with a predicted 6000% increase in Android malware over the next 6 months targeting data theft. It recommends mobile security solutions to help address these growing threats.
MALWARE DETECTION TECHNIQUES FOR MOBILE DEVICESijmnct
Mobile devices have become very popular nowadays, due to is portability and high performance, a mobile
device became a must device for persons using information and communication technologies. In addition to
hardware rapid evolution, mobile applications are also increasing in their complexity and performance to
cover most the needs of their users. Both software and hardware design focused on increasing performance
and the working hours of a mobile device. Different mobile operating systems are being used today with
different platforms and different market shares. Like all information systems, mobile systems are prone to
malware attacks. Due to the personality feature of mobile devices, malware detection is very important and
is a must tool in each device to protect private data and mitigate attacks. In this paper, we will study and
analyze different malware detection techniques used for mobile operating systems. We will focus on the to
two competing mobile operating systems – Android and iOS. We will asset each technique summarizing its
advantages and disadvantages. The aim of the work is to establish a basis for developing a mobile malware
detection tool based on user profiling.
Malware detection techniques for mobile devicesijmnct
Mobile devices have become very popular nowadays, due to is portability and high performance, a mobile device became a must device for persons using information and communication technologies. In addition to hardware rapid evolution, mobile applications are also increasing in their complexity and performance to cover most the needs of their users. Both software and hardware design focused on increasing performance and the working hours of a mobile device. Different mobile operating systems are being used today with different platforms and different market shares. Like all information systems, mobile systems are prone to malware attacks. Due to
the personality feature of mobile devices, malware detection is very important and is a must tool in each device to protect private data and mitigate attacks. In
this paper, we will study and analyze different malware detection techniques used for mobile operating systems. We will focus on the to two competing mobile operating systems – Android and iOS. We will asset each technique summarizing its advantages and disadvantages. The aim of the work is to establish a basis for developing a mobile malware detection tool based on user profiling.
The document discusses the growing popularity of Android smartphones and the associated risks of malicious Android applications. It notes that while Android makes it easy for developers to create and distribute apps, this open process allows spyware and malware to be secretly embedded within seemingly legitimate apps. The document examines examples of existing Android malware and analyzes data on how many apps access private user information like location, contacts and SMS messages without explicit permission.
The document summarizes a mobile threat report for Q3 2013. It finds that 252 of the 259 new mobile threat families and variants discovered were for Android, with trojans making up the largest percentage at 88%. It also notes an increasing trend of profit-motivated mobile malware, with 81.1% of new threats aiming to generate money through unauthorized SMS messages. The report discusses recent developments like the identification of the creator of the Pincer Android banking trojan and the emergence of tools that simplify inserting malware into legitimate apps.
This document provides an overview of 16 dynamic analysis platforms for analyzing Android applications and detecting malware. It evaluates these platforms' effectiveness using known malware samples and known Android bugs. The results show low diversity among platforms due to code reuse, making them vulnerable to evasion. Additionally, the platforms could be exploited by malware using the Master Key bugs to hide malicious behavior.
The report focuses on three things that stood out in the second half of 2012: botnets (with special reference to ZeroAcess), exploits (particularly against the Java development platform) and banking trojans (Zeus). Also discussed are multi-platform attack in which a coordinated attack campaign is launched against both desktop and mobile platforms, state of today's web concerning malware hosting and malvertising, and an update on the mobile threat scene.
The first mobile malware was Cabir/Caribe, a Symbian OS worm created in 2004. It replicated itself by transferring to other Bluetooth-enabled phones, shortening battery life. While less harmful than later malware by not causing damage, it marked the beginning of mobile threats. Rapid growth of smartphones and tablets has increased the scope of these threats over time.
The document summarizes malware threats from Q1 2012. There was significant growth in PC malware, mobile malware (especially on Android), and rootkits like ZeroAccess. Signed malware and password-stealing Trojans also increased substantially. Overall, 2012 is shaping up to be a challenging year for cybersecurity as attackers continue pushing technological boundaries.
A Comprehensive Study on Security issues in Android Mobile Phone — Scope and ...AM Publications
Due to tremendous development and growth in mobile phone software and hardware technologies now Security issues is a very big challenge to all concerned persons such as scientists, manufacturers, designers, industrialists and so on. Usually, such technology takes time to be absorbed into the market and this gives time to the security teams to develop effective security controls. The rapid growth of the smart-phone market and the use of these devices for email, online banking, and accessing other forms of sensitive content has led to the emergence of a new and ever-changing threat landscape [1]. Along with this, the fact that anyone can be a user has led to the smart-phone appearing in the hands of almost every person before the proper security controls can be developed. Currently, android has the biggest share in the market among all the smart-phone operating systems. As the powers and features of such phones increase, their vulnerability also increases and makes them prone towards security threats. In the present paper, the authors have made a systematic study on why android security is important, what some of the potential vulnerabilities are and what security measures have been adopted currently to ensure security.
AndRadar: Fast Discovery of Android Applications in Alternative MarketsFACE
Compared to traditional desktop software, Android applica- tions are delivered through software repositories, commonly known as application markets. Other mobile platforms, such as Apple iOS and BlackBerry OS also use the marketplace model, but what is unique to Android is the existence of a plethora of alternative application markets. This complicates the task of detecting and tracking Android malware. Identifying a malicious application in one particular market is simply not enough, as many instances of this application may exist in other markets. To quantify this phenomenon, we exhaustively crawled 8 markets between June and November 2013. Our findings indicate that alternative markets host a large number of ad-aggressive apps, a non-negligible amount of mal- ware, and some markets even allow authors to publish known malicious apps without prompt action.
Motivated by these findings, we present AndRadar, a framework for dis- covering multiple instances of a malicious Android application in a set of alternative application markets. AndRadar scans a set of markets in parallel to discover similar applications. Each lookup takes no more than a few seconds, regardless of the size of the marketplace. Moreover, it is modular, and new markets can be transparently added once the search and download URLs are known.
Using AndRadar we are able to achieve three goals. First, we can discover malicious applications in alternative markets, second, we can expose app distribution strategies used by malware developers, and third, we can moni- tor how different markets react to new malware. During a three-month eval- uation period, AndRadar tracked over 20,000 apps and recorded more than 1,500 app deletions in 16 markets. Nearly 8% of those deletions were related to apps that were hopping from market to market. The most established markets were able to react and delete new malware within tens of days from the malicious app publication date while other markets did not react at all.
The document summarizes Trend Micro's 2012 Mobile Threat and Security Roundup. It found that in 2012 there was a significant increase in detected Android malware, reaching 350,000 samples by year's end. Premium service abusers that charge users fraudulent fees were the most common mobile threat. The document also notes that threats are increasing in sophistication, with cybercriminals developing new methods of attacking users beyond traditional social engineering. As Android grows in popularity, it faces similar threats to what Windows faced as the dominant desktop platform.
Malware first appeared on smartphones in 2004 with worms, viruses, and trojans. Android malware saw major increases from 2010-2011 while iOS malware remained low. Notable Android malware included DroidDream, which infected apps on the Android Market, and fake Angry Birds apps that rooted devices. Plankton is sophisticated Android spyware that collects device information. Possible smartphone attacks include DoS on base stations, DDoS on call centers, remote wiretapping, and SMS spamming. Prevention methods involve app store screening, OS security features, anti-virus software, and user education.
The document provides an overview of threats in the first quarter of 2012 according to McAfee Labs. It saw significant increases in many areas of malware and threats after declines in late 2011. Mobile malware targeting Android devices increased dramatically, reaching nearly 7,000 samples. Established rootkits like Koutodoor rebounded and the new ZeroAccess rootkit emerged. Signed malware and password-stealing Trojans also increased substantially. Spam volume grew early in the quarter but resumed its downward trend. The US continued to host the most malicious web content.
This document discusses and compares the mobile operating systems Android and iOS. It begins with introductions to mobile operating systems in general and highlights Android and iOS specifically. It then analyzes the software architectures and security of each, noting Android is more vulnerable due to fragmentation and fewer security updates. Possible solutions to threats are outlined, and the document concludes that iOS is more secure due to timely updates, centralized management, and stronger access controls.
The document discusses malware improvements on Android OS. It provides an introduction to the growth of smartphones and Android's dominance of the market. It then covers the organization of the paper and defines malware. It reviews the Android OS architecture and literature on Android security. The objectives are to increase awareness of the Android security model and analyze malware development. The findings show Android security relies on user awareness and the open source nature makes it vulnerable. Future scopes include modifying the permission model and alpha testing apps for the Play Store.
How data breaches happen? What are their business implications? Learn more how to react when an incident does happen and how to get back to business as quickly as possible afterwards.
Article URL: https://business.f-secure.com/webinar-post-mortem-of-a-data-breach
In this webinar, Janne Pirttilahti, Director, New Services from F-Secure Cyber Security Services, will explain essential predictive measures, how to acquire evidence-based knowledge about existing or emerging adversaries and threats, and how to turn that insight into actions to better protect your organization.
Article URL: https://business.f-secure.com/webinar-how-to-predict-threat-landscape
More Related Content
Similar to F-Secure Labs Mobile Threat Report Q4 2012
The PandaLabs annual report for 2012 summarizes key security events of the year. Mobile malware increased, targeting Android devices especially through third-party app stores. Ransomware like the "Police Virus" spread through social engineering. Cyber attacks targeted corporations and governments. Macs saw their largest infection to date, showing they are also vulnerable. Trends in social media threats and cyber espionage were analyzed. The report concludes with a forecast of security trends for 2013.
Security Issues in the Mobile EnvironmentLigia Adam
The document discusses security issues related to mobile applications and devices. It makes several key points:
1) Mobile device usage and app downloads are increasing rapidly worldwide. There were over 6 billion mobile subscriptions and 1.2 billion mobile web users in 2011.
2) Android devices are highly vulnerable to malware attacks, which have increased over 4500% in the last year for Android. The document expresses concerns about privacy issues and data leakage from iOS apps as well.
3) The document predicts that mobile security threats will get worse before improving, with a predicted 6000% increase in Android malware over the next 6 months targeting data theft. It recommends mobile security solutions to help address these growing threats.
MALWARE DETECTION TECHNIQUES FOR MOBILE DEVICESijmnct
Mobile devices have become very popular nowadays, due to is portability and high performance, a mobile
device became a must device for persons using information and communication technologies. In addition to
hardware rapid evolution, mobile applications are also increasing in their complexity and performance to
cover most the needs of their users. Both software and hardware design focused on increasing performance
and the working hours of a mobile device. Different mobile operating systems are being used today with
different platforms and different market shares. Like all information systems, mobile systems are prone to
malware attacks. Due to the personality feature of mobile devices, malware detection is very important and
is a must tool in each device to protect private data and mitigate attacks. In this paper, we will study and
analyze different malware detection techniques used for mobile operating systems. We will focus on the to
two competing mobile operating systems – Android and iOS. We will asset each technique summarizing its
advantages and disadvantages. The aim of the work is to establish a basis for developing a mobile malware
detection tool based on user profiling.
Malware detection techniques for mobile devicesijmnct
Mobile devices have become very popular nowadays, due to is portability and high performance, a mobile device became a must device for persons using information and communication technologies. In addition to hardware rapid evolution, mobile applications are also increasing in their complexity and performance to cover most the needs of their users. Both software and hardware design focused on increasing performance and the working hours of a mobile device. Different mobile operating systems are being used today with different platforms and different market shares. Like all information systems, mobile systems are prone to malware attacks. Due to
the personality feature of mobile devices, malware detection is very important and is a must tool in each device to protect private data and mitigate attacks. In
this paper, we will study and analyze different malware detection techniques used for mobile operating systems. We will focus on the to two competing mobile operating systems – Android and iOS. We will asset each technique summarizing its advantages and disadvantages. The aim of the work is to establish a basis for developing a mobile malware detection tool based on user profiling.
The document discusses the growing popularity of Android smartphones and the associated risks of malicious Android applications. It notes that while Android makes it easy for developers to create and distribute apps, this open process allows spyware and malware to be secretly embedded within seemingly legitimate apps. The document examines examples of existing Android malware and analyzes data on how many apps access private user information like location, contacts and SMS messages without explicit permission.
The document summarizes a mobile threat report for Q3 2013. It finds that 252 of the 259 new mobile threat families and variants discovered were for Android, with trojans making up the largest percentage at 88%. It also notes an increasing trend of profit-motivated mobile malware, with 81.1% of new threats aiming to generate money through unauthorized SMS messages. The report discusses recent developments like the identification of the creator of the Pincer Android banking trojan and the emergence of tools that simplify inserting malware into legitimate apps.
This document provides an overview of 16 dynamic analysis platforms for analyzing Android applications and detecting malware. It evaluates these platforms' effectiveness using known malware samples and known Android bugs. The results show low diversity among platforms due to code reuse, making them vulnerable to evasion. Additionally, the platforms could be exploited by malware using the Master Key bugs to hide malicious behavior.
The report focuses on three things that stood out in the second half of 2012: botnets (with special reference to ZeroAcess), exploits (particularly against the Java development platform) and banking trojans (Zeus). Also discussed are multi-platform attack in which a coordinated attack campaign is launched against both desktop and mobile platforms, state of today's web concerning malware hosting and malvertising, and an update on the mobile threat scene.
The first mobile malware was Cabir/Caribe, a Symbian OS worm created in 2004. It replicated itself by transferring to other Bluetooth-enabled phones, shortening battery life. While less harmful than later malware by not causing damage, it marked the beginning of mobile threats. Rapid growth of smartphones and tablets has increased the scope of these threats over time.
The document summarizes malware threats from Q1 2012. There was significant growth in PC malware, mobile malware (especially on Android), and rootkits like ZeroAccess. Signed malware and password-stealing Trojans also increased substantially. Overall, 2012 is shaping up to be a challenging year for cybersecurity as attackers continue pushing technological boundaries.
A Comprehensive Study on Security issues in Android Mobile Phone — Scope and ...AM Publications
Due to tremendous development and growth in mobile phone software and hardware technologies now Security issues is a very big challenge to all concerned persons such as scientists, manufacturers, designers, industrialists and so on. Usually, such technology takes time to be absorbed into the market and this gives time to the security teams to develop effective security controls. The rapid growth of the smart-phone market and the use of these devices for email, online banking, and accessing other forms of sensitive content has led to the emergence of a new and ever-changing threat landscape [1]. Along with this, the fact that anyone can be a user has led to the smart-phone appearing in the hands of almost every person before the proper security controls can be developed. Currently, android has the biggest share in the market among all the smart-phone operating systems. As the powers and features of such phones increase, their vulnerability also increases and makes them prone towards security threats. In the present paper, the authors have made a systematic study on why android security is important, what some of the potential vulnerabilities are and what security measures have been adopted currently to ensure security.
AndRadar: Fast Discovery of Android Applications in Alternative MarketsFACE
Compared to traditional desktop software, Android applica- tions are delivered through software repositories, commonly known as application markets. Other mobile platforms, such as Apple iOS and BlackBerry OS also use the marketplace model, but what is unique to Android is the existence of a plethora of alternative application markets. This complicates the task of detecting and tracking Android malware. Identifying a malicious application in one particular market is simply not enough, as many instances of this application may exist in other markets. To quantify this phenomenon, we exhaustively crawled 8 markets between June and November 2013. Our findings indicate that alternative markets host a large number of ad-aggressive apps, a non-negligible amount of mal- ware, and some markets even allow authors to publish known malicious apps without prompt action.
Motivated by these findings, we present AndRadar, a framework for dis- covering multiple instances of a malicious Android application in a set of alternative application markets. AndRadar scans a set of markets in parallel to discover similar applications. Each lookup takes no more than a few seconds, regardless of the size of the marketplace. Moreover, it is modular, and new markets can be transparently added once the search and download URLs are known.
Using AndRadar we are able to achieve three goals. First, we can discover malicious applications in alternative markets, second, we can expose app distribution strategies used by malware developers, and third, we can moni- tor how different markets react to new malware. During a three-month eval- uation period, AndRadar tracked over 20,000 apps and recorded more than 1,500 app deletions in 16 markets. Nearly 8% of those deletions were related to apps that were hopping from market to market. The most established markets were able to react and delete new malware within tens of days from the malicious app publication date while other markets did not react at all.
The document summarizes Trend Micro's 2012 Mobile Threat and Security Roundup. It found that in 2012 there was a significant increase in detected Android malware, reaching 350,000 samples by year's end. Premium service abusers that charge users fraudulent fees were the most common mobile threat. The document also notes that threats are increasing in sophistication, with cybercriminals developing new methods of attacking users beyond traditional social engineering. As Android grows in popularity, it faces similar threats to what Windows faced as the dominant desktop platform.
Malware first appeared on smartphones in 2004 with worms, viruses, and trojans. Android malware saw major increases from 2010-2011 while iOS malware remained low. Notable Android malware included DroidDream, which infected apps on the Android Market, and fake Angry Birds apps that rooted devices. Plankton is sophisticated Android spyware that collects device information. Possible smartphone attacks include DoS on base stations, DDoS on call centers, remote wiretapping, and SMS spamming. Prevention methods involve app store screening, OS security features, anti-virus software, and user education.
The document provides an overview of threats in the first quarter of 2012 according to McAfee Labs. It saw significant increases in many areas of malware and threats after declines in late 2011. Mobile malware targeting Android devices increased dramatically, reaching nearly 7,000 samples. Established rootkits like Koutodoor rebounded and the new ZeroAccess rootkit emerged. Signed malware and password-stealing Trojans also increased substantially. Spam volume grew early in the quarter but resumed its downward trend. The US continued to host the most malicious web content.
This document discusses and compares the mobile operating systems Android and iOS. It begins with introductions to mobile operating systems in general and highlights Android and iOS specifically. It then analyzes the software architectures and security of each, noting Android is more vulnerable due to fragmentation and fewer security updates. Possible solutions to threats are outlined, and the document concludes that iOS is more secure due to timely updates, centralized management, and stronger access controls.
The document discusses malware improvements on Android OS. It provides an introduction to the growth of smartphones and Android's dominance of the market. It then covers the organization of the paper and defines malware. It reviews the Android OS architecture and literature on Android security. The objectives are to increase awareness of the Android security model and analyze malware development. The findings show Android security relies on user awareness and the open source nature makes it vulnerable. Future scopes include modifying the permission model and alpha testing apps for the Play Store.
Similar to F-Secure Labs Mobile Threat Report Q4 2012 (20)
How data breaches happen? What are their business implications? Learn more how to react when an incident does happen and how to get back to business as quickly as possible afterwards.
Article URL: https://business.f-secure.com/webinar-post-mortem-of-a-data-breach
In this webinar, Janne Pirttilahti, Director, New Services from F-Secure Cyber Security Services, will explain essential predictive measures, how to acquire evidence-based knowledge about existing or emerging adversaries and threats, and how to turn that insight into actions to better protect your organization.
Article URL: https://business.f-secure.com/webinar-how-to-predict-threat-landscape
When a cyber security incident occurs, you need to understand exactly how the attack happened, so you can plan the best way to respond. Earlier this week, we hosted a webinar where our cyber security expert, Janne Kauhanen, talked about incident response.
Article URL: https://business.f-secure.com/got-hacked-cyber-security-webinar4
Building in-house breach detection and response capabilities is difficult. When chosen right, your managed detection and response service provider actually become your cyber security partner: its capabilities become an extension of your own. One of the biggest reasons why your organization should consider a managed security service instead of an in-house SIEM (security information and event management) deployment for breach detection and response: cost, cost, cost!
We hope to demystify cyber security for you. Learn to speak like a pro and check out the most important security terms with our official explanations from F-Secure Labs.
Article Link: https://business.f-secure.com/security-a-to-z-glossary-of-the-most-important-terms
Le Chief Research Officer de F-Secure Mikko Hypponen donnera une conférence de 45 minutes intitulée « The Cyber Arms Race » (conférence C16) le mercredi 25 janvier de 14h45 à 15h30, où il analysera l’évolution récente des cyber menaces. Il abordera notamment les élections et la cyber géopolitique, ainsi que le danger des Objets Connectés. Cette conférence sera traduite simultanément en français.
Le Chief Research Officer de F-Secure Mikko Hypponen donnera une conférence de 45 minutes intitulée « The Cyber Arms Race » (conférence C16) le mercredi 25 janvier de 14h45 à 15h30, où il analysera l’évolution récente des cyber menaces. Il abordera notamment les élections et la cyber géopolitique, ainsi que le danger des Objets Connectés. Cette conférence sera traduite simultanément en français.
Sur place, nos experts vous présenteront également le panel des nouvelles solutions de cyber sécurité F-Secure, notamment Radar, une solution d’analyse des vulnérabilités des réseaux.
Retrouvez-nous au FIC du mardi 24 au mercredi 25 janvier sur le stand B24 : nous répondrons à toutes vos questions en matière de cyber sécurité et de protection des données.
Cyber security webinar 6 - How to build systems that resist attacks?F-Secure Corporation
This document summarizes strategies for building secure systems. It discusses making security a core requirement from the beginning, employing secure software architecture and development practices, isolating processes using sandboxes, avoiding cleartext data, using libraries carefully and keeping them updated, auditing code, and continuously improving security. The overall message is that security must be prioritized throughout the entire system development lifecycle in order to successfully build resilient systems.
There are many ways to protect servers from cyber-attacks. However, in the end, your best defense is to limit the attacker’s options. You can do this by minimizing the possible entry points into your network, by minimizing the tools available on the server, by making the data difficult to access in various ways, and by making the data useless when extracted from the content. Learn more about the ways to defend servers by watching the webinar recording from the following link and find more information in this presentation slides.
https://business.f-secure.com/defending-servers-recording-from-cyber-security-webinar-3/
The document discusses strategies for cybersecurity defenses against attacks. It notes that while attackers may seem powerful, they are actually constrained by resources and need vulnerabilities to exploit. It recommends techniques like hardening systems, applying patches, minimizing exposed software, using endpoint detection systems, and pretending to be in a malware analysis environment to discourage attacks. The overall message is that simple changes can make a system much harder to attack than the typical unmodified configuration that attackers rely on.
There is nothing mystical about cyber security. Any company can be a target – if not specifically selected, then a target of opportunity. Cyber attackers try to get their victims any way they can, and will do anything to profit. Watch the recording of cyber-security first webinar and download the presentation materiel to learn more how you can prevent from targeted cyber attacks.
Article URL : https://business.f-secure.com/cyber-security-what-is-it-all-about/
F-Secure Radar offers you complete control over vulnerability management.
It lets you:
- Map your true attack surface, before someone else does
- Measure yourself against PCI compliance
- Improve your security measures with easy management
- Get customized reports that fit your company’s needs
- Scale and adapt F-Secure Radar to your needs
- Use seamless API integration with 3rd party solutions
F-Secure Radar is a European solution that can be implemented on premise or be used from the cloud.
F-Secure Policy Manager - onsite security management with superior controlF-Secure Corporation
Get on top of your IT security and manage risks centrally.
Policy Manager gives you the control of your IT security. You decide what sites your employees are allowed to access, and what software is allowed to be run the web.
F-Secure Policy Manager automates daily operations such as protection of new computers and removal of disconnected hosts. This allows you to focus on more critical issues. Multiple administrators with different admin level rights can work simultaneously and you can control their access rights individually.
Online Threats and Malware Trends in India 2012-2014.
Summary:
- The top malware infection in India is still Botnet related.
- Hackers own your PC’s and use them for spamming, DDOS or other malicious activity to make money.
- Banking related malware has been consistently topping the chart in India.
- Ramnit malware steals bank user names and passwords.
- The malware spreads through USB removable drives.
- PC’s in India are moving away from Windows XP.
- We have also observed the decline in Downadup/Conficker infection over the past 3 years in India.
AV-Test awarded F-Secure with "Best Protection" award for corporate endpoint protection. This is the 4th year in a row that F-Secure has received this award, clearly showing that our Windows security is of top-notch quality.
Six things to take into account when choosing cloud solutionsF-Secure Corporation
The document discusses the benefits of cloud computing for businesses. Key benefits include paying for cloud services through operational expenditures (Opex) rather than capital expenditures (Capex), which provides more flexibility and lower upfront costs. Additionally, cloud services allow data to be securely stored in virtual locations in datacenters and accessed from anywhere, rather than requiring expensive on-site data storage. The document also outlines best practices for securely using cloud services, such as implementing basic security measures and policies, carefully choosing cloud solutions based on needs and risks, and ensuring proper protection, management and flexibility.
Small and midsize companies (<250 employees) drive global economy, accounting for 99% of all global enterprises and two thirds of employment. There are currently over 203 million SMBs worldwide. It’s a business with a huge potential.
Digital attacks targeted at the smaller end of business are also on the rise, and the need for small business protection s is imminent. Largely under- or unprotected, they are the digital villain’s dream. Together with our partner network, F-Secure stands in the vanguard and leads the front to safe business and business confidentiality.
The information released by whistleblower Edward Snowden exposed and unprecedented amount of government surveillance. The new film CITIZENFOUR just how significant this information is.
Digitaliseringens påverkan gör att vårt sätt att arbeta genomgår en förändring. Det som en gång var en värld av kontorsmoduler och stationära datorer, är nu ett nätverk av mobila enheter – smartphones, surfplattor och laptops.
I takt med att privat- och yrkesliv i allt större takt flyter ihop, kommer det bara att återstå en tunn suddig skiljelinje mellan yrkesroll och konsument. Anställda i små och medelstora företag använder samma enheter både privat som i jobbet. Jobbet är en aktivitet, och inte en plats man går till. Oberoende av plats, och inte längre begränsat till kontoret, kommer arbetsplatsen att omfatta kundbesök, caféer, seminarier, flygplan, hotell och sträcka sig utanför den traditionella kontorstiden. Vi går från 9–5 till en 24/7-kultur. Att möjliggöra flexibla arbetssätt är ett fundament för det moderna affärslivet.
Den nya världen för med sig både nya möjligheter och hot. När företaget sprider ut sig över världen och nås från massor av olika enheter från en ständigt föränderlig arbetsstyrka, exponeras företagens information för en allt större mängd hot så som digileaks, nätfiske, datastöld, förstörelse och bedrägerier.
Vidtar du det nödvändiga säkerhetsåtgärderna för att hålla ditt företag säkert?
"$10 thousand per minute of downtime: architecture, queues, streaming and fin...Fwdays
Direct losses from downtime in 1 minute = $5-$10 thousand dollars. Reputation is priceless.
As part of the talk, we will consider the architectural strategies necessary for the development of highly loaded fintech solutions. We will focus on using queues and streaming to efficiently work and manage large amounts of data in real-time and to minimize latency.
We will focus special attention on the architectural patterns used in the design of the fintech system, microservices and event-driven architecture, which ensure scalability, fault tolerance, and consistency of the entire system.
"NATO Hackathon Winner: AI-Powered Drug Search", Taras KlobaFwdays
This is a session that details how PostgreSQL's features and Azure AI Services can be effectively used to significantly enhance the search functionality in any application.
In this session, we'll share insights on how we used PostgreSQL to facilitate precise searches across multiple fields in our mobile application. The techniques include using LIKE and ILIKE operators and integrating a trigram-based search to handle potential misspellings, thereby increasing the search accuracy.
We'll also discuss how the azure_ai extension on PostgreSQL databases in Azure and Azure AI Services were utilized to create vectors from user input, a feature beneficial when users wish to find specific items based on text prompts. While our application's case study involves a drug search, the techniques and principles shared in this session can be adapted to improve search functionality in a wide range of applications. Join us to learn how PostgreSQL and Azure AI can be harnessed to enhance your application's search capability.
From Natural Language to Structured Solr Queries using LLMsSease
This talk draws on experimentation to enable AI applications with Solr. One important use case is to use AI for better accessibility and discoverability of the data: while User eXperience techniques, lexical search improvements, and data harmonization can take organizations to a good level of accessibility, a structural (or “cognitive” gap) remains between the data user needs and the data producer constraints.
That is where AI – and most importantly, Natural Language Processing and Large Language Model techniques – could make a difference. This natural language, conversational engine could facilitate access and usage of the data leveraging the semantics of any data source.
The objective of the presentation is to propose a technical approach and a way forward to achieve this goal.
The key concept is to enable users to express their search queries in natural language, which the LLM then enriches, interprets, and translates into structured queries based on the Solr index’s metadata.
This approach leverages the LLM’s ability to understand the nuances of natural language and the structure of documents within Apache Solr.
The LLM acts as an intermediary agent, offering a transparent experience to users automatically and potentially uncovering relevant documents that conventional search methods might overlook. The presentation will include the results of this experimental work, lessons learned, best practices, and the scope of future work that should improve the approach and make it production-ready.
Session 1 - Intro to Robotic Process Automation.pdfUiPathCommunity
👉 Check out our full 'Africa Series - Automation Student Developers (EN)' page to register for the full program:
https://bit.ly/Automation_Student_Kickstart
In this session, we shall introduce you to the world of automation, the UiPath Platform, and guide you on how to install and setup UiPath Studio on your Windows PC.
📕 Detailed agenda:
What is RPA? Benefits of RPA?
RPA Applications
The UiPath End-to-End Automation Platform
UiPath Studio CE Installation and Setup
💻 Extra training through UiPath Academy:
Introduction to Automation
UiPath Business Automation Platform
Explore automation development with UiPath Studio
👉 Register here for our upcoming Session 2 on June 20: Introduction to UiPath Studio Fundamentals: https://community.uipath.com/events/details/uipath-lagos-presents-session-2-introduction-to-uipath-studio-fundamentals/
What is an RPA CoE? Session 1 – CoE VisionDianaGray10
In the first session, we will review the organization's vision and how this has an impact on the COE Structure.
Topics covered:
• The role of a steering committee
• How do the organization’s priorities determine CoE Structure?
Speaker:
Chris Bolin, Senior Intelligent Automation Architect Anika Systems
Discover the Unseen: Tailored Recommendation of Unwatched ContentScyllaDB
The session shares how JioCinema approaches ""watch discounting."" This capability ensures that if a user watched a certain amount of a show/movie, the platform no longer recommends that particular content to the user. Flawless operation of this feature promotes the discover of new content, improving the overall user experience.
JioCinema is an Indian over-the-top media streaming service owned by Viacom18.
"Choosing proper type of scaling", Olena SyrotaFwdays
Imagine an IoT processing system that is already quite mature and production-ready and for which client coverage is growing and scaling and performance aspects are life and death questions. The system has Redis, MongoDB, and stream processing based on ksqldb. In this talk, firstly, we will analyze scaling approaches and then select the proper ones for our system.
As AI technology is pushing into IT I was wondering myself, as an “infrastructure container kubernetes guy”, how get this fancy AI technology get managed from an infrastructure operational view? Is it possible to apply our lovely cloud native principals as well? What benefit’s both technologies could bring to each other?
Let me take this questions and provide you a short journey through existing deployment models and use cases for AI software. On practical examples, we discuss what cloud/on-premise strategy we may need for applying it to our own infrastructure to get it to work from an enterprise perspective. I want to give an overview about infrastructure requirements and technologies, what could be beneficial or limiting your AI use cases in an enterprise environment. An interactive Demo will give you some insides, what approaches I got already working for real.
Keywords: AI, Containeres, Kubernetes, Cloud Native
Event Link: https://meine.doag.org/events/cloudland/2024/agenda/#agendaId.4211
Getting the Most Out of ScyllaDB Monitoring: ShareChat's TipsScyllaDB
ScyllaDB monitoring provides a lot of useful information. But sometimes it’s not easy to find the root of the problem if something is wrong or even estimate the remaining capacity by the load on the cluster. This talk shares our team's practical tips on: 1) How to find the root of the problem by metrics if ScyllaDB is slow 2) How to interpret the load and plan capacity for the future 3) Compaction strategies and how to choose the right one 4) Important metrics which aren’t available in the default monitoring setup.
This talk will cover ScyllaDB Architecture from the cluster-level view and zoom in on data distribution and internal node architecture. In the process, we will learn the secret sauce used to get ScyllaDB's high availability and superior performance. We will also touch on the upcoming changes to ScyllaDB architecture, moving to strongly consistent metadata and tablets.
Dandelion Hashtable: beyond billion requests per second on a commodity serverAntonios Katsarakis
This slide deck presents DLHT, a concurrent in-memory hashtable. Despite efforts to optimize hashtables, that go as far as sacrificing core functionality, state-of-the-art designs still incur multiple memory accesses per request and block request processing in three cases. First, most hashtables block while waiting for data to be retrieved from memory. Second, open-addressing designs, which represent the current state-of-the-art, either cannot free index slots on deletes or must block all requests to do so. Third, index resizes block every request until all objects are copied to the new index. Defying folklore wisdom, DLHT forgoes open-addressing and adopts a fully-featured and memory-aware closed-addressing design based on bounded cache-line-chaining. This design offers lock-free index operations and deletes that free slots instantly, (2) completes most requests with a single memory access, (3) utilizes software prefetching to hide memory latencies, and (4) employs a novel non-blocking and parallel resizing. In a commodity server and a memory-resident workload, DLHT surpasses 1.6B requests per second and provides 3.5x (12x) the throughput of the state-of-the-art closed-addressing (open-addressing) resizable hashtable on Gets (Deletes).
Northern Engraving | Modern Metal Trim, Nameplates and Appliance PanelsNorthern Engraving
What began over 115 years ago as a supplier of precision gauges to the automotive industry has evolved into being an industry leader in the manufacture of product branding, automotive cockpit trim and decorative appliance trim. Value-added services include in-house Design, Engineering, Program Management, Test Lab and Tool Shops.
QA or the Highway - Component Testing: Bridging the gap between frontend appl...zjhamm304
These are the slides for the presentation, "Component Testing: Bridging the gap between frontend applications" that was presented at QA or the Highway 2024 in Columbus, OH by Zachary Hamm.
AI in the Workplace Reskilling, Upskilling, and Future Work.pptxSunil Jagani
Discover how AI is transforming the workplace and learn strategies for reskilling and upskilling employees to stay ahead. This comprehensive guide covers the impact of AI on jobs, essential skills for the future, and successful case studies from industry leaders. Embrace AI-driven changes, foster continuous learning, and build a future-ready workforce.
Read More - https://bit.ly/3VKly70
2. Mobile Threat Report Q4 2012
F-Secure Labs
At the F-Secure Response Labs in Helsinki, Finland, and Kuala
Lumpur, Malaysia, security experts work around the clock to
ensure our customers are protected from the latest online
threats.
At any given moment, F-Secure Response Labs staff is on top
of the worldwide security situation, ensuring that sudden
virus and malware outbreaks are dealt with promptly and
effectively.
Protection around the clock
Response Labs work is assisted by a host of automatic
systems that track worldwide threat occurences in real
time, collecting and analyzing hundreds of thousands of
data samples per day. Criminals who make use of virus and
malware to profit from these attacks are constantly at work
on new threats. This situation demands around the clock
vigilance on our part to ensure that our customers are
protected.
2
3. Mobile Threat Report Q4 2012
abstract
THIS REPORT DISCUSSES THE MOBILE THREAT LANDSCAPE AS SEEN IN THE fourth QUARTER OF 2012, AND
INCLUDES STATISTICS AND DETAILS OF THE MOBILE THREATS THAT F-SECURE RESPONSE LABS HAVE SEEN AND
ANALYZED DURING THAT PERIOD. The data presented in this report was last updated on 31 December 2012.
Contents
abstract3
2012 Mobile Landscape Calendar 5
Executive Summary 6
Latest threats In the last three months 7
Figure 1: New Mobile Threat Families And Variants Received Per Quarter,
Q1–Q4 2012 8
Figure 2: Threat Families And Variants By Platform,2010–2012 9
Potentially unwanted software 10
Hack-Tool:Android/Aniti.A11
Hack-Tool:Android/DroidSheep.A11
Hack-Tool:Android/EksyPox.A11
Monitoring-Tool:Android/GpsSpyTracker.A, and variant B 11
Monitoring-Tool:Android/SheriDroid.A12
Monitoring-Tool:Android/SmsSpy.A12
Monitoring-Tool:Android/SmsUploader.A12
Monitoring-Tool:Android/SpyMob.A13
Monitoring-Tool:Android/SpyPhone.A13
Monitoring-Tool:Android/TheftAware.A14
Monitoring-Tool:Android/TrackPlus.A14
Riskware:Android/AutoRegSMS.A14
Riskware:Android/SmsReg.A, and variant.B 15
Riskware:Android/SmsSpy.A16
Figure 3: Mobile Threats By Type, Q4 2012 17
Figure 4: Mobile Threats By Type, 2012 17
3
4. Mobile Threat Report Q4 2012
Malware 18
Backdoor:Android/FakeLook.A19
Trojan:Android/Citmo.A19
Trojan:Android/EcoBatry.A19
Trojan:Android/FakeFlash.A20
Trojan:Android/FakeGuard.A20
Trojan:Android/GeoFake.A, and variant B 20
Trojan:Android/Gmuse.A21
Trojan:Android/InfoStealer.A22
Trojan:Android/MaleBook.A22
Trojan:Android/Placsms.A23
Trojan:Android/QdPlugin.A24
Trojan:Android/SMSAgent.A24
Trojan:Android/SpamSoldier.A24
Trojan:Android/Stesec.A25
Trojan:Android/Stokx.A25
Trojan:Android/Temai.A25
Trojan:Android/Tesbo.A26
Trojan:SymbOS/Ankaq.A27
Trojan:SymbOS/Khluu.A27
Figure 5: Mobile Threats Motivated By Profit Per Year, 2006-2012 28
Figure 6: Mobile Threats Motivated By Profit Per Quarter, Q1–Q4 2012 28
Figure 7: Profit-Motivated Threats By Platform, 2012 29
New variants of already known families 30
Figure 8: Number Of Android Threats Received Per Quarter, Q1–Q4 2012 31
Figure 9: Top Android Detections, Q4 2012 31
Table 1: Top Malware and Potentially Unwanted Software On Android, Q4 2012 32
4
5. Mobile Threat Report Q4 2012
2012 Mobile Landscape Calendar
JAN feb mar apr may jun jul aug sep oct nov dec
62
21
20 21
Google Bouncer
Eurograbber attack
introduced to iOS 6 and iPhone
Android 4.1 on European banks
Play Store 5 launched
17 (Jellybean) reported
released
13
Drive-by malware 14 13
10 10 Samsung Berlin police
found on Android TouchWiz exploit warned of Android
Fidall found reported banking trojan
on iOS 8
Samsung
Exynos exploit
FinSpy found on reported
4 multiple platforms
0
1 4 1
3 3
6 5
SMS-trojans
6 found on J2ME
7 Zitmo found on
8 Blackberry
Nokia halts almost
all Symbian 13
development Symbian Belle
refresh rolls out
Threat Statistics notable events
New families/variants on Android Android
New families/variants on Symbian
Blackberry
iOS
J2ME
Windows Mobile
Symbian
5
6. Mobile Threat Report Q4 2012
Executive Summary
Android malware has been strengthening its position in the mobile threat scene. Every
quarter, malware authors bring forth new threat families and variants to lure more
victims and to update on the existing ones. In the fourth quarter alone, 96 new families
and variants of Android threats were discovered, which almost doubles the number
recorded in the previous quarter. A large portion of this number was contributed by
PremiumSMS—a family of malware that generates profit through shady SMS-sending
practices—which unleashed 21 new variants. “Bank Info Security
Quite a number of Android malware employ an operation similar to PremiumSMS. It reported that
is a popular method for making direct monetary profit. The malware quietly sends
out SMS messages to premium rate numbers or signs up the victims to an SMS-based
Eurograbber managed
subscription service. Any tell-tale messages or notifications from these numbers and/ to steal USD47 million
or services will be intercepted and deleted; therefore, the users will be completely
unaware of these activities until the charges appear on their bills. from over 30,000
retail and corporate
In addition to SMS-sending malware, some malware authors or distributors may choose
to make profit through banking trojans. Citmo.A (a mobile version of the Carberp accounts in Europe.”
trojan) recently made its debut in Q4. Just like Zitmo (Zeus for mobile) and Spitmo
(SpyEye for mobile), Citmo.A operates in the same manner—it steals the mobile
Transaction Authentication Number (mTAN) that banks send via SMS to customers
to validate an online banking transaction. Using this number, it can transfer money
from the victims’ account and the banks will proceed with the transaction because it
appears to be coming from the rightful account owner.
Such is the case with Eurograbber, a variant of the Zeus trojan; Bank Info Security
reported that Eurograbber managed to steal USD47 million from over 30,000 retail and
corporate accounts in Europe1. It first infected the victims’ personal computers before
tricking them into installing a version of it onto their mobile devices. By positioning
itself on both the victims’ computers and devices, Eurograbber can impersonate the
victims and carry out transactions without raising suspicions from either the victim or
the banking institution. The trojan had been found to infect not only devices running
on Android, but also Symbian and BlackBerry operating systems.
The rise of Android malware can be largely attributed to the operating system’s
increasing foothold in the mobile market. Android’s market share has risen to 68.8%
in 2012, compared to 49.2% in 20112. On the threat side, its share rose to 79% in 2012
from 66.7% in 2011. Symbian on the other hand, is suffering from the opposite fate.
In 2012, it only held 3.3% market share which is a huge drop from 16.5% in the year
before3. Its share in the threat scene also reflected this drop, going from 29.7% in 2011
to 19% in 2012. Nokia’s decision to halt all Symbian development in February 2012 may
have contributed to the huge drop in numbers. As its market share declines, so does
malware authors’ interest in the platform as evidenced by the statistics seen in Q4
where only four new families and variants of Symbian malware were recorded.
As for the other platforms, i.e., Blackberry, iOS, Windows Mobile, they may see some
threats popping up once in a while. But most likely, the threats are intended for
multiple platforms similar to the case of FinSpy4.
1
Bank Info Security; Tracy Kitten; Eurograbber: A Smart Trojan Attack; published 17 December 2012;
http://www.bankinfosecurity.com/eurograbber-smart-trojan-attack-a-5359/op-1
2,3
Engadget; Jon Fingas; IDC: Android surged to 69 percent smartphone share in 2012, dipped in Q4; published 14 February 2013;
http://www.engadget.com/2013/02/14/idc-android-surged-to-69-percent-smartphone-share-in-2012/
4
F-Secure Weblog; Mikko Hyppönen; Egypt; FinFisher Intrusion Tools and Ethics; published 8 March 2011;
https://www.f-secure.com/weblog/archives/00002114.html
6
8. Mobile Threat Report Q4 2012
Figure 1: New Mobile Threat Families And Variants Received Per Quarter,
Q1–Q4 2012
100 100
96 all threats
90 Android
Blackberry
80 iOS
74 J2ME
70
66 Windows Mobile
60 61 Symbian
50 49
47 46
40
30
21
20 18
14
10
4
2 2 1,1
25+25+a 33+34+33a 50+50+a 25+25+a
0,0,0,0 0,0,0 0 0,0,0,0
Q1 2012 Q2 2012 Q3 2012 Q4 2012
NOTE: The threat statistics used in Figure 1 are made up of families and variants instead of unique files. For instance, if two
samples are detected as Trojan:Android/GinMaster.A, they will only be counted as one in the statistics.
8
9. Mobile Threat Report Q4 2012
Figure 2: Threat Families And Variants By Platform,2010–2012
11+3+2363x
Android, 11.25%
J2ME, 2.5%
2010
TOTAL = 80 Windows Mobile,
families and 23.75%
variants
Symbian, 62.5%
66+3+130x
Symbian, 29.7%
2011
TOTAL = 195
families and
variants
Windows Mobile, 1% Android, 66.7%
J2ME, 2.6%
77+1+217x
Symbian, 19%
Windows Mobile, 0.3%
J2ME, 0.7%
iOS, 0.7% 2012
Blackberry, 0.3% TOTAL = 301
families and
variants Android, 79%
NOTE: The threat statistics used in Figure 2 are made up of families and variants instead of unique files. For instance, if two
samples are detected as Trojan:Android/GinMaster.A, they will only be counted as one in the statistics.
9
10. Potentially
unwanted
software
We consider the following
program as potentially unwanted
software, which refers to
programs that may be considered
undesirable or intrusive by a user
if used in a questionable manner.
11. Mobile Threat Report Q4 2012
Hack-Tool:Android/Aniti.A
Also known as the Android Network Toolkit, Aniti.A is a penetration testing tool that
allows user to perform certain tests via its automation interface. Using the tool, the
user may evaluate or demonstrate a weak security point in the network by:
• Performing network scanning
• Generating network report
• Checking the password strength
• Checking for vulnerable machines in the network
• Attacking a vulnerable machine
• Monitoring unsecured connections
• Sniffing ‘man-in-the-middle’ attacker
• Performing a denial of service (DoS) attack
Like most penetration testing programs, this tool is intended for use in a legitimate
context. It may however also be misused by malicious parties.
Hack-Tool:Android/DroidSheep.A
DroidSheep.A is a tool that is capable of hijacking a logged-on session conducted
over a shared wireless network. It is intended to demonstrate poor security
properties in a network connection, but may be misused for malicious intent by
irresponsible parties.
Hack-Tool:Android/EksyPox.A
EksyPox.A is a program that offers a workaround for a vulnerability found on the Exynos 4: A system-on-chip (SoC) that
Exynos 4 chip. This vulnerability, if successfully exploited, could allow any application is used by some Samsung devices, e.g.,
Galaxy S III, Galaxy Note II, Galaxy Camera,
to gain root access on devices running on the Exynos 4 chip. EksyPox.A provides a
etc.
way to patch the security hole, but not without exploiting the vulnerability first.
NOTE: For additional reading, please refer to the article at (http://www.xda-developers.
com/android/dangerous-exynos-4-security-hole-demoed-and-plugged-by-chainfire/).
Monitoring-Tool:Android/GpsSpyTracker.A, and variant B
GpsSpyTracker.A is a location tracking tool that performs its tracking function using
a specific key and an email address assigned to a particular device. Once activated,
it tracks the device’s location every 15 minutes. It displays the current location on a
map and keeps the location history in a local file.
11
12. Mobile Threat Report Q4 2012
Monitoring-Tool:Android/SheriDroid.A
SheriDroid.A is advertised as an application that allows the user to perform these
activities using its monitoring and alarm setting features:
• Record pre-alarm warning message
• Remotely trigger a location tracker using a password
• If lost or stolen, enable the device to stealthily send SMS messages
related to alarm or location tracking
• Set system unlock pattern
However, without the user’s consent or knowledge, the application keeps track of
the user’s web surfing behaviors and other activities carried out on the device.
SheriDroid.A’s icon (left), and EULA (right)
Monitoring-Tool:Android/SmsSpy.A
Please refer to Riskware:Android/SmsSpy.A on page 16.
Monitoring-Tool:Android/SmsUploader.A
SMSUploader.A uploads every SMS messages’ content found on the device to a
remote server. Once installed, SmsUploader.A places an icon titled ‘SMSUpload’ on
the application menu. When launched, it requests that the user restart the device
and informs the user that the application will be running in the background.
12
13. Mobile Threat Report Q4 2012
Monitoring-Tool:Android/SpyMob.A
SpyMob.A is a commercial monitoring tool that collects information pertaining to
SMS messages, contact list, call log and GPS location of a targeted device. These
details are later uploaded to Spy2Mobile servers and can be viewed by logging in to
the user’s account at Spy2Mobile.com.
SpyMob.A’s icon (left), and requested permissions (right)
To use this application, the user must first installs SpyMob.A onto the targeted device
and register an account at SpyMobile.com.
Installation and registration
Monitoring-Tool:Android/SpyPhone.A
SpyPhone.A is promoted as an application that lets user sneakily capture a photo
or record a video/audio. However, it also keeps track of activities on the device and
collects information such as a log of events, GPS locations, visited URLs, and the user
ID.
13
14. Mobile Threat Report Q4 2012
SpyPhone.A’s icon (left), and user interface (right)
Monitoring-Tool:Android/TheftAware.A
TheftAware.A is a commercial monitoring tool that helps the user to locate a stolen
or a missing device. It allows the user to obtain the device’s GPS location, lock it, and
delete data by issuing commands through SMS messages.
Monitoring-Tool:Android/TrackPlus.A
TrackPlus.A is a tracking tool that can be used to locate a device. It sends out the
device’s International Mobile Equipment Identity (IMEI) number to a remote server,
and has a web portal to keep track of the device’s location.
Once installed, TrackPlus.A does not place an icon on the application menu but
appears as a transparent widget on the device.
Riskware:Android/AutoRegSMS.A
Upon launching, AutoRegSMS.A displays the message “Hello, Android” but in the
background, it secretly activates a game application using the user’s information.
It also sends out SMS messages to the user’s contact list to get an activation serial
number.
AutoRegSMS.A is represented by an icon titled ‘Main Activity’ which can be located
on the main application menu.
14
15. Mobile Threat Report Q4 2012
AutoRegSMS.A’s icon (left), and the message it displays (right)
Riskware:Android/SmsReg.A, and variant.B
SmsReg.A is marketed under the name ‘Battery Improve,’ and claims to help
maximizes a device’s battery usage.
SmsReg.A as ‘Battery Improve’
Unbeknownst to the user, the application also collects the following information:
• API key
• Application ID
• Carrier
• Device manufacturer
• Device model
• GPS location
• IMEI number
• Network operator
• Package name
• SDK version
15
16. Mobile Threat Report Q4 2012
Riskware:Android/SmsSpy.A
SmsSpy.A is a stealthy application that places no visible icon on the application menu;
its presence is only visible from the ‘Manage applications’ option under Settings.
All of its activities are carried out inconspicuously in the background. These activities
include tracking the device’s GPS location, accessing and reading SMS messages
received on the device, and sending out SMS messages.
SmsSpy.A as seen from ‘Manage applications’ (left), and requested permissions (right)
16
17. Mobile Threat Report Q4 2012
Figure 3: Mobile Threats By Type, Q4 2012
Backdoor
1%
3+1+41027253v
Adware
3% Hack-Tool
4%
Monitoring-Tool
10%
Trojan
53%
Riskware
27%
Spyware
2%
Figure 4: Mobile Threats By Type, 2012
4+2+168125573v
Trojan-Spy Application
1.0% 1.7%
Adware
2.7% Backdoor Hack-Tool
Trojan-Downloader
0.3% 5.6%
0.7%
Monitoring-Tool
7.0%
Riskware
11.2%
Trojan
66.1%
Spyware
3.7%
NOTE: The threat statistics used in Figure 3 and Figure 4 are made up of families and variants instead of unique files. For
instance, if two samples are detected as Trojan:Android/GinMaster.A, they will only be counted as one in the statistics.
17
18. Malware
Programs categorized as
malware are generally
considered to pose a
significant security risk to
the user’s system and/or
information.
Malicious actions carried out
by these programs include
(but are not limited to)
installing hidden objects as
well as hiding the objects
from the user, creating new
malicious objects, damaging
or altering any data without
authorization, and stealing
any data or access credentials.
19. Mobile Threat Report Q4 2012
Backdoor:Android/FakeLook.A
FakeLook.A avoids placing an icon on the application menu to hide its presence from
the device owner. However, it can be seen listed as ‘Updates’ under the ‘Manage
applications’ option in Settings.
FakeLook.A connects to a command and control (CC) server to receive further
instructions. It collects information such as the device ID and SMS messages, gets
files list from the SD card, and compress files before uploading them to an FTP server
using the username ‘ftpuser’ and the password ‘upload.’
Trojan:Android/Citmo.A
Citmo.A is the mobile version of Carberp, a banking trojan that infects personal mTAN: Mobile Transaction Authentication
computers to steal banking credentials. Citmo.A’s functions are similar to Zitmo Number. This number is used to
(Zeus for mobile) and Spitmo (SpyEye for mobile)—it monitors incoming SMS authenticate an online banking transaction.
messages and steals the mobile Transaction Authentication Number (mTAN) that
banks send to their customers to validate an online banking transaction.
NOTE: For additional reading on banking trojan, please refer to the article ‘Berlin
Police: Beware Android Banking Trojans’ at (http://www.f-secure.com/weblog/
archives/00002457.html).
Trojan:Android/EcoBatry.A
Upon installation, EcoBatry.A requests for permissions that will allow it to access
Internet, contact data, and information on the device. The malware then establishes
an outgoing connection to a remote server, where it will be instructed to collect
user’s contact information and upload the details to the server.
EcoBatry.A’s icon (left), and requested permissions (right)
19
20. Mobile Threat Report Q4 2012
Trojan:Android/FakeFlash.A
FakeFlash.A takes the appearance of a legitimate Flash Player application. When
launched, it displays a message to the user notifying that the Flash Player application
has been successfully installed, and then redirects the user to another website.
FakeFlash.A’s icon (left), and the application it supposedly has installed (right)
Trojan:Android/FakeGuard.A
FakeGuard.A is a malware that is capable of handling incoming SMS/WAP Push. WAP Push: A specially encoded message
It steals user information, and establishes a connection to a remote server. The that includes a link to a WAP address.
response received from the server will be decoded using MS949 character set, while
the outgoing data is encoded in EUC_KR character set.
Trojan:Android/GeoFake.A, and variant B
GeoFake.A is distributed as a Chinese calendar application, but requests for
unnecessary permissions during the installation process. The permissions it
requested are as follows:
• Manage account list
• Access and use the account’s authentication credentials
• Read and edit SMS or MMS messages
• Read system log files
• Access location information
20
21. Mobile Threat Report Q4 2012
GeoFake.A’s icon (left), and requested permissions (right)
Once successfully installed on a device, the malware sends SMS messages to
premium rate numbers. It uses the Google Maps API to select which premium service
should be used according to the geolocation of the device.
GeoFake.A is distributed as a Chinese calendar application
Trojan:Android/Gmuse.A
Gmuse.A is marketed as an application that allows the user to store files and
documents in a secret, password-protected location. However, without the user’s
consent, it will sync the user’s file list through an SMTP server to an unknown user
using the email “hbwhhouse@gmail.com” with the password “whwxhjbu.”
21
22. Mobile Threat Report Q4 2012
Gmuse.A’s icon (left), and user interface (right)
Gmuse.A also connects to a remote server to download an updated version of the
application, which is named as “lightbox.apk.”
Trojan:Android/InfoStealer.A
InfoStealer.A, as clearly indicated by its name, is a malware that steals contact
information and uploads the details to a remote MySQL server. Stolen information
include:
• Device ID
• Email address
• Latitude and longitude
• Phone number
• Postal code
• Region
• Street
• Username
Trojan:Android/MaleBook.A
MaleBook.A collects device information, and later forwards the details to several remote
servers. The collected information include:
• Application ID
• Application version
• Country code
• Device name
• Device type
• Device width and height
• International Mobile Equipment Identity (IMEI) number
• International Mobile Subscriber Identity (IMSI) number
• Language
• Operation system version
• SDK version
22
23. Mobile Threat Report Q4 2012
Additionally, the malware also attempts to download advertisements from the
servers onto the infected device.
MaleBook.A’s icon (left), and user interface (right)
Trojan:Android/Placsms.A
Placsms.A appears as ‘sp_pay’ on the application menu, and requests for permissions
that will allow it to access Internet, SMS messages, SD card contents, and the device’s
system during the installation process.
Placsms.A’s icon (left), and requested permissions (right)
The application collects information such as the device’s International Mobile
Equipment Identity (IMEI) number and phone number; it later uploads the details to
a remote server.
NOTE: Placsms.A exhibits behavior that are similar to trojans in the PremiumSMS family
(http://www.f-secure.com/v-descs/trojan_android_premiumsms.shtml).
23
24. Mobile Threat Report Q4 2012
Trojan:Android/QdPlugin.A
QdPlugin.A is repackaged into another legitimate application before being
distributed to potential victims. Once installed and activated on a device, the
malware will send out device information such as IMEI number and IMSI number to
remote servers.
It also receives commands from the servers, which may instruct it to carry out actions
such as installing and removing packages. The command and control (CC) servers’
URLs are stored and encoded with a simple byte shift algorithm within the embedded
malicious APK.
Trojan:Android/SMSAgent.A
SMSAgent.A appears as a game application, but silently performs malicious routines
in the background. It attempts to download other potentially malicious files from a
remote server and sends out SMS or MMS messages that place expensive charges on
the user’s bill.
SMSAgent.A’s icon (left), and requested permissions (right)
Additionally, SMSAgent.A displays advertisements and collects the following
information which are later uploaded to the remote server:
• Device ID
• IMEI number
• Network type
• Operator
Trojan:Android/SpamSoldier.A
SpamSoldier.A is distributed via unsolicited SMS messages that contain a link for
a free application download. Once successfully installed on a device, the malware
contacts a command and control (CC) server and obtains a list of phone numbers.
To these numbers, it sends out more spam messages containing a link that entices
users with attractive freebies.
24
25. Mobile Threat Report Q4 2012
Trojan:Android/Stesec.A
Once installed on the device, Stesec.A does not place any icon on the application
menu to hide its presence from the user. It can only be viewed from the ‘Manage
applications’ option in Settings, listed as ‘newService.’
Stesec.A sends out SMS messages containing the device information such as IMEI
number, software version, and other details to a remote server.
Stesec.A listed as ‘newService’ (left), and the permissions it requested (right)
Trojan:Android/Stokx.A
Stokx.A connects to a remote server and receives an XML file. The file contains
details such as client ID, phone number that it will send SMS messages to, and URL for
downloading additional APKs.
The malware will forward the device’s International Mobile Equipment Identity (IMEI)
number to the remote server, and sends out an SMS message with the content
“SX357242043237517” to the number 13810845191.
Trojan:Android/Temai.A
Temai.A collects the following device information, and later forwards the details to a
few remote addresses:
• Application ID
• Application version
• Country code
• IMEI number
• IMSI number
• Operating system version
25
26. Mobile Threat Report Q4 2012
Different icons used by Temai.A
In addition to collecting and forwarding device information, the malware also
downloads and installs potentially malicious APKs and script files onto the infected
device. Users may also be exposed to other risk resulting from the various
permissions granted to the malware during the installation process.
Permissions requested by Temai.A during installation
Trojan:Android/Tesbo.A
Tesbo.A establishes connection to a couple of remote servers, to which it forwards
details such as the device’s International Mobile Subscriber Identity (IMSI) number
and application package name.
Furthermore, the malware will also send out SMS messages with the content
“[IMSI]@[random from 1-10]” to the number 10658422.
26
27. Mobile Threat Report Q4 2012
Trojan:SymbOS/Ankaq.A
Ankaq.A is a program that sends out SMS messages to premium-rate numbers,
and silently installs new software onto the infected device. To avoid detection, it
terminates all processes belonging to anti-virus products.
Trojan:SymbOS/Khluu.A
Khluu.A is a program that sends out SMS messages to premium-rate numbers,
and silently installs new software onto the infected device. To avoid detection, it
terminates all processes belonging to anti-virus products.
27
28. Mobile Threat Report Q4 2012
Figure 5: Mobile Threats Motivated By Profit Per Year, 2006-2012
200 profit-motivated NOT profit-motivated
189
173
150
128
100 99 96
50
42 41 39
23 26
12
2 3 5
0
2006 2007 2008 2009 2010 2011 2012
Figure 6: Mobile Threats Motivated By Profit Per Quarter, Q1–Q4 2012
not profit-motivated profit-motivated
Q1 2012 27 34
Q2 2012 26 40
Q3 2012 42 32
Q4 2012 33 67
NOTE: The threat statistics used in Figure 5 and Figure 6 are made up of families and variants instead of unique files. For
instance, if two samples are detected as Trojan:Android/GinMaster.A, they will only be counted as one in the statistics.
28
29. Mobile Threat Report Q4 2012
Figure 7: Profit-Motivated Threats By Platform, 2012
141
blackberry
1 0 P = profit motivated
P NP NP = not profit motivated
97
29 28
symbian
2
ios
0
P NP P NP
Windows mobile
Android
J2me
2
0 0 1
P NP P NP P NP
NOTE: The threat statistics used in Figure 7 are made up of families and variants instead of unique files. For instance, if two
samples are detected as Trojan:Android/GinMaster.A, they will only be counted as one in the statistics.
29
30. New
variants
of already
known
families
THE FOLLOWING IS A LIST OF
NEW VARIANTS OF EXISTING
MALWARE FAMILIES. THEIR
FUNCTIONALITY IS NOT
SIGNIFICANTLY DIFFERENT
COMPARED TO THE
EARLIER VARIANTS
DESCRIBED
IN PREVIOUS
REPORTS.
»» Adware:Android/AdWo.C
»» Adware:Android/AirPush.B
»» Adware:Android/Gappusin.B
»» Hack-Tool:Android/SmsBomber.B
»» Monitoring-Tool:Android/AccuTrack.B
»» Riskware:Android/Boxer.E
»» Riskware:Android/Maxit.B
»» Riskware:Android/PremiumSMS.F-Z (21 variants)
»» Spyware:Android/EWalls.B
»» Spyware:Android/SmsSpy.I
»» Trojan:Android/DroidDream.H
»» Trojan:Android/FakeInst.S-Y (7 variants)
»» Trojan:Android/GinMaster.E-J (6 variants)
»» Trojan:Android/GoldDream.B, and variant D
»» Trojan:Android/HippoSms.B
»» Trojan:Android/IconoSys.B
»» Trojan:Android/JiFake.J
»» Trojan:Android/MarketPay.B
»» Trojan:Android/OpFake.I, L-O, (5 variants)
»» Trojan:Android/SmsSend.E-G
»» Trojan:Android/SmsSpy.G, H
»» Trojan:Android/Vdloader.B
»» Trojan:SymbOS/Foliur.B
»» Trojan:SymbOS/CCAsrvSMS.D
31. Mobile Threat Report Q4 2012
Figure 8: Number Of Android Threats Received Per Quarter, Q1–Q4 2012
75,000
60,326
51,447
50,000
25,000
3,063 5,033
0
Q1 2012 Q2 2012 Q3 2012 Q4 2012
Figure 9: Top Android Detections, Q4 2012
15+13+109872125z
Adware:Android/AirPush, 13.5%
Others, 24.4%
Adware:Android/AdWo, 11.8%
Adware:Android/Gappusin, 1.2%
Total samples =
Trojan:Android/Ginmaster.J, 1.3% 60,326
Trojan:Android/Kmin.A, 2.1%
Adware:Android/Ropin, 7.7% Heuristic–Malware, 10.4%
Application:Android/Counterclank, 8.1%
Trojan:Android/Boxer.C, 9.9%
Heuristic–Potentially Unwanted
Software, 9.6%
NOTE: The threat statistics used in Figure 8 and Figure 9 are made up of the number of unique Android application package
files (APKs).
31
33. Mobile Threat Report Q4 2012
f-SEcure mobile security
F-Secure Mobile Security effectively protects
your mobile device, smartphone or tablet, from
all common mobile threats. It guards against
loss and theft, protects your children online
with powerful parental control functions,
keeps your device free of malware and lets you
browse the web safely.
Find out more:
http://www.f-secure.com/web/home_global/mobile-security
Purchase F-Secure Mobile Security:
https://shop.f-secure.com/cgi-bin/shop/?ID=FSMAV
33