According to the results of the “Mobile cyber-threats” survey carried out by Kaspersky Lab and INTERPOL between August 2013 and July 2014, every fifth Android-based device protected by Kaspersky Lab security solutions was a target of malware at least once during the reporting period. The most popular malicious programmes are SMS Trojans that send messages to premium rate numbers without the owner’s awareness.
A total of 1,000,000 Android device users around the world encountered dangerous software between August 2013 and July 2014, representing about one fifth of all Kaspersky Lab mobile product users. In fact, this period was the peak of cyber-attacks registered in recent years.
Users in Russia, India, Kazakhstan, Vietnam, Ukraine and Germany are among the main targets for cyber-attacks targeting Android OS. Mostly this is because people in these countries often pay for content and online services via SMS; for cybercriminals it is an attractive way to monetise malicious attacks because they can use these services to quickly and anonymously transfer money from prepaid mobile accounts to third-party bank accounts.
Among African countries Kaspersky Lab registered almost a similar number of mobile malware attacks in South Africa and in Nigeria, some less in Kenya.
The main reason for the increase in the number of attacks and attacked users was Trojan-SMS family programmes. These accounted for 57.08% of all detections made by Kaspersky Lab security solutions for Android-based devices globally. Second came RiskTool (21.52% positives), conditionally legitimate programmes which can, however, be used for malicious purposes (sending SMS notifications of paid messages, transmitting geo-data, etc.). Applications with aggressive advertising (pop-ups, notifications in the status bar, etc.) were in third place (7.37%).
In South Africa, Kenya and Nigeria the top 3 most active malware types look a bit different: RiskTool leads, followed with quite a distance by Trojan-SMS, after which goes AdWare.
“We often hear experts saying that Android users have nothing to worry about, that although malicious programmes for this system appear regularly, the number of attacks is not significant. Until recently, that could be regarded as a fair comment. However, the situation has changed dramatically over the last year – and not for the better,” said Roman Unuchek, senior virus analyst at Kaspersky Lab.
However, it cannot be concluded that the threat landscape for Android-based devices was entirely pessimistic during the reporting period. In April 2014, Kaspersky Lab experts noted a serious decline in the total number of attacks that happened, mostly due to a serious drop in the number of Trojan-SMS attacks. This may have been the result of new rules for the services paid via SMS introduced by Russia’s telecoms regulator. Now all Russian operators must be sent a confirmation message from any subscriber who is trying to pay for services via SMS. Since July 2014 the number of attacks has started increasing once more, it is possible that the new legislation contributed to the fall in April, indirectly confirming the effectiveness of legislation against cyber-fraud.
“INTERPOL and Kaspersky Lab have produced a report highlighting the currents threats and trends picked up over the course of 2013 and 2014. This report again underlines that cybercrime is not exclusively a new form of crime. What we see here is the model and structure of traditional organized crime encapsulated in a technologically advanced form,” said Dr. Madan Oberoi, Director of Cyber Innovation & Outreach at INTERPOL.