Cybercriminals are combining social engineering with more complex malware for PCs and mobile, with Android users increasingly a target, says AVG Technologies’ Community Powered Threat Report. Attacks also target Rovio’s Angry Birds game and the IE and Firefox browsers.
Android smartphone users remain a lucrative target as the platform currently has 59 percent global market share and is on track to stay the most shipped mobile operating system until 2016.
Much of this new malware has also been identified as originating from China and targeting users there and in neighboring markets, reflecting the fact that this is now the world’s top smartphone market with over one million mobile web users
New attacks coming from China
Yuval Ben-Itzhak, Chief Technology Officer at AVG, said: “In our experience, an operating system attracts attention from cybercriminals once it secures five percent market share; once it reaches ten percent, it will be actively attacked.”
He added, “It’s no surprise therefore that our investigations uncovered a further upsurge in malware targeting Android smartphones given its sustained popularity, with new attacks focused on rooting the devices to give cybercriminals full control. What’s new this quarter is the significant upsurge in these threats originating from China.”
Consumer scams include Angry Birds
The latest version of the LizaMoon mass injection SQL attack this quarter deceives users into downloading a Trojan or some rogue software by exploiting human interest and hiding inside non-existent celebrity sex videos or fake antivirus websites. Injecting malicious code into legitimate but vulnerable websites, this attack targeted Mozilla’s Firefox® browser and Microsoft’s Internet Explorer® with two attack vectors. In Firefox, users are lured by raunchy videos of socialite Paris Hilton and actress Emma Watson and asked to update their Flash installation in order to view them. Users never get to see the video as the malware installed a Trojan disguised as a Flash update.
In Internet Explorer, users receive a prompt seemingly from an antivirus website which would claim to have found malware on their computer. They are encouraged to download the malware and, once installed, to ‘purchase it’ which would then simply remove the malware in return for payment.
Should the victim decide not to purchase, nag screens would pop up until the rogue was cleaned from the machine. In the most recent version, the malware was updated to enable ‘drive-by downloads’ where victims need only visit the website to become infected and it is no longer enough to close the web page to be safe.
Rovio’s ‘Angry Birds Space’ application was also frontline for consumer scams this quarter. Using the same graphics as the legitimate version, a fully functional Trojan-infected version was uploaded to unofficial Android application stores.
It uses the GingerBreak exploit to root the device, gaining Command and Control functionality to communicate with the remote server to download and install additional malware, botnet functionality, and to enable the modification of files and launch of URLs.
To download the full Q2 2012 Community Powered Threat Report, see: http://mediacenter.avg.com/en/press-tools/avg-threat-reports/avg-community-powered-threat-report-q2-2012.html
- Angry Birds Space blasts off to megahit status
- Malware aimed at Android devices leaps 76 percent
- Trojans, ransomware on the rise, worm attacks fading
- Warning: mobile malware threats are rapidly increasing
- Apple iPhone users ripe for geo-targeted mobile ads
© 2012, TechJournal. All rights reserved.