New mobile malware threatens endpoint security

by Charles Leaver

October 17, 2013

access_time 4 min read

Experts recently determined that there were over 1 million malicious mobile applications present in the wild. These represent a significant threat to data loss prevention, especially within businesses with bring-your-own-device policies.

While BYOD policies can provide flexibility for employees as well as increased productivity, allowing workers to utilize the same device for personal and business purposes can threaten company data present on such endpoints. Therefore, IT professionals should remain up to date about new mobile threats and preventative measures.

Sys-Con Media contributor Peter Silva stated that mobile malware consequences can range from a device sending unauthorized text messages to adware redirecting users to infected websites. Experts recently discovered that 75 percent of all malware samples perform outright malicious activities, including data leakage. Another 25 percent execute dubious activities, like adware.

Silva stated that one of the most popular malware forms are apps that steal banking information from mobile devices, as seen with FAKEBANK and FAKETOKEN. These have been known to disguise themselves as official financial applications, as well as displaying phishing notices on devices asking for personal information.

Another popular form of malware is FAKEINST, which appears as a legitimate application that registers users for costly services like premium rate text messaging. Of the million malware samples discovered, this kind of threat comprises 34 percent, Silva stated.

Copycat App
A new strain of mobile malware similar to FAKEISNT repackages applications and is currently threatening data loss prevention efforts. The malware, called Copycat App or a.frau.longjian.a, has been affecting Android smartphone users primarily in China and Southeast Asia. According to Dark Reading, the malware presents itself as an application update, but aims to track data usage on infected systems. When a user downloads the malicious update, the malware also downloads other repackaged apps in the background. These repackaged apps consume the user's data as well as performing other malicious activities.

The apps subscribe the user to premium rate SMS services without notification, where fees show up on the monthly bill. The malware also has the ability to view and collect information on the device, including the phone number and information from applications, stated Dark Reading. Mobile security expert Gavin Kim said superior technology was used to isolate and identify this malware, which spread across nine countries.

"This again, shows that malware knows no boundaries and will continue to spread as more affluent markets are targeted," Kim told Dark Reading.