The Million Mobile Malware March

Milestone has been breached according to Trend Micro. Just a few months ago, they reported in their 2Q Security Roundup that there were 718,000 malicious or risky Andriod mobile apps available (up from 509,000 in Q1) and crystal-ball'd that the million mobile malware milestone would be reached by the end of 2013. Well, it came a couple months early.

Contained in that million are straight pieces of malware, those that abuse premium services like sending unauthorized text messages to certain numbers and registering people to costly services along with high-risk apps, those that aggressively serve ads that lead to dubious sites. They found that 75% perform outright malicious routines, while another 25% exhibit dubious routines, which include adware.

The most infamous malware families included FAKEINST at 34% and OPFAKE at 30%. FAKEINST is typically disguised as a legitimate app and was responsible for the fake Bad Piggies versions, which were found right after the game’s release. They can also register users for costly services by sending unauthorized text messages to those services for enrollment. in its ability to wolf legitimate apps clothing but it was also able to launch a web page that asks the person to download a potentially malicious file. Those are the primary risks but there are many others with this type of malware. Such fun.

For the high risk apps, ARPUSH came in at 33% and LEADBLT garnered 27% of the total. These are known to steal data like GPS location and OS information along with delivering malware.

The threats don't stop with these gems. Crooks are also looking to hijack mobile banking transactions with FAKEBANK and FAKETOKEN malware variants. They like to spoof legitimate financial apps along with the ever popular phishing notices enticing people to enter personal info.

And I thought mobile devices were supposed to make our lives easier. Hmm. The dedicated circuit of a couple cans with high speed twine (HST) sounds a lot more secure these days.