Mobile phone viruses have transformed from an inconvenience to a serious economic threat in just a few years. “It’s no longer a concept. It’s everywhere,” said Jeff Fu from SecNeo.
Mobile malware is becoming more focused on making profits more effectively. Threats include mobile phishing, theft of credit card information, and money transfers from bank cards to mobile phones and from phones to the criminals’ e-wallets.
Fu said that from just four mobile malware varieties a few years ago, last year saw 143,211 new malwares, which created nearly four million unique installation packages. From 2011 to 2013 there were about 10 million unique malicious installation packages.
Fu, who spoke yesterday on “Win the cyberwar on mobile banking” at Cartes Secure Connexions Asia in Hong Kong, said 88% are Trojans and Android apps are the prime target (accounting for 98%) because they are easier to hack than iOS.
Russia is by far the top target, accounting for 40% of all attacked unique users. India was second (7.9%), followed by Vietnam (4%), Ukraine (3.84%), the UK (3.42%) and Germany (3.2%). The US was eighth with 2% of the attacks.
The new mobile banking virus – svpeng – has quickly stolen more than 36 million euros. Fu said most thefts are in the $500 to $2,500 range, so many times people don’t notice the loss right away.
Svpeng collects phone info, steals voice call/SMS messages, steals money from the victim’s bank account, steals logins and passwords to online banking accounts, and steals bank card info.
He asked the developers in the audience “is your app safe? It might be published on Android Market, but it is still in danger. Why are attacks so common?
Look at attack method.”
He said it takes just five minutes to bypass integrity protection and verification or to steal source code and security logic. It’s also simple for hackers to repacking an app and conduct fraud or insert malware code.
SecNeo is a mobile app security service provider for developers. He said developers of high-value apps are now taking steps to protect their source code.