Mobiles are coming under increasing effect from cyber criminals as they contain greater personal and financial information worth stealing.
The Q2 2012 Community Powered Threat report from AVG shows that attacks are combining social engineering with more complex malware authoring and that many of the attacks are both coming from China.
The quarter saw the introduction of the first Android bootkit, ‘DKFbootkit’, which masquerades as a legitimate application and damages the smartphone with malicious code.
Android users are tricked into clicking OK on notifications giving the malware permission to add itself to the boot sequence. When it starts up the mobile becomes a ‘zombie’ completely under the cybercriminals control.
This attack is spread over the third party applications market in China where there are now 1 million mobile web users.
“In our experience, an operating system attracts attention from cybercriminals once it secures five percent market share; once it reaches ten percent, it will be actively attacked.” Said Yuval Ben-Itzhak, Chief Technology Officer at AVG.
”It’s no surprise therefore that our investigations uncovered a further upsurge in malware targeting Android smartphones given its sustained popularity, with new attacks focused on rooting the devices to give cybercriminals full control. What’s new this quarter is the significant upsurge in these threats originating from China.”
The report also highlights Trojan infected email messages in China, Japan, South Korea Japan and the US, related to political issues around Tibet. These came on the back of a Microsoft ‘Patch Tuesday’ security bulletin. The email attachment contains an embedded file which collected sensitive user information and is able to download further additional malware.
Other items mentioned were the failure of Stuxnet equivalent Flame to affect users due to poor authoring and techniques, the latest version of LizaMoon which affects users of Firefox by installing a Trojan instead of playing a celebrity video and Internet Explorer by claiming to have found malware and offering a fix which then installs the infection.