Cybercrime research firm IntelCrawler recently discovered a new mobile malware sample that has already infected thousands of mobile endpoints. The infection has been dubbed XXXX.apk or simply XXXX and is one of the fastest spreading botnets discovered in the past few months.
SC Magazine contributor Tim Ring reported that the malware has the ability to cause data leakage on infected users’ smartphones, including collecting information about the endpoint model, encryption method, password, utilization of Wi-Fi networks and other data. The sample’s capabilities also enable it to use affected devices as “zombies” that gather information pertaining to all hotspots in the surrounding area without authorization.
“One aspect of the malware seems to detect the cellphone connection through the PC through USB, which could allow for its wireless detection work to be done without degrading battery power,” IntelCrawler stated to SC Magazine UK. “It also might be an avenue into the PC in the next generation of malware.”
As of Jan. 7, XXXX was identified on 23,856 endpoints, including smartphones of different makes, models and operating systems. Currently, experts suspect the main motive of the malware is intelligence gathering, as opposed to criminal activity.
Preventing mobile malware infections
IntelCrawler CEO Andrey Komarov said that in today’s environment, privacy is becoming an ever growing challenge.
“Cellphone malware that can track your location, and possibly even sniff you home wireless network for a possible hack, poses a serious threat to everyone,” Komarov said.
For this reason, it is increasingly important that users take steps to ensure the safety of their mobile devices, especially when used within a business setting. Organizations with BYOD practices in place should have endpoint data protection installed on all devices used by employees to mitigate the risk of data leakage.
In addition, IT Business Edge also advised checking mobile applications on a regular basis for any out-of-the-ordinary activity. Users should be aware of which applications are running on their devices and be sure to close any that they don’t need. As even legitimate programs can be a source of malware infection, it is important to keep a close eye on applications. Anything that seems suspicious should be immediately deleted from the endpoint.
Individuals can also watch for any changes in their mobile bills, as any inconsistencies can also be a sign of malware infection.
“One of the most common fraud techniques criminals use is sending SMS messages to premium numbers using your phone,” IT Business Edge stated. “It means that for every SMS sent from your phone on the background, they are charging you a significant amount of money.”