The Carrier IQ scandal has shifted attention from malicious mobile threats to carrier-sourced spyware over the past month, but a new report suggests the threat of more serious mobile malware continues to intensify. More than $1 million was stolen from Android smartphones alone in 2011 according to Lookout Mobile Security, which pulled data from more than a million apps and 15 million handsets around the world to compile its 2012 Mobile Threat Predictions report. The likelihood of an Android user encountering malware grew from 1% to 4% in 2011, and Lookout expects the trend to continue in 2012. Read on for more.

“2011 was a watershed year in terms of the types threats we saw emerging,” Lookout co-founder and CTO Kevin Mahaffey said in a statement. “Threats had greater sophistication and were deployed using more innovative and efficient distribution methods. In 2012, we expect to see the mobile malware business turn profitable. What took 15 years on the PC platform has only taken the mobile ecosystem two years.”

The firm highlights mobile pickpocketing — malware that steals money by making unauthorized use of carrier billing features — mobile botnets and browser attacks as specific threats that will intensify in 2012. Android users in particular now have a 36% chance globally of clicking an unsafe link, and those odds increase to 40% in the U.S. according to Lookout. The firm’s full press release follows below.

Lookout Unveils 2012 Mobile Threat Predictions: Mobile Pickpocketing, Botnets and Automated Repacking Will Be On the Rise

More than $1 Million Stolen from Android Users in 2011; Likelihood of Annual Malware Infection Rises to 4%

San Francisco – December 14, 2011 – Lookout Mobile Security, the global leader in mobile security, today unveiled its 2012 Mobile Malware Predictions, based on data collected from its Mobile Threat Network, which includes more than one million apps and 15 million user devices worldwide. Mobile threats are on the rise – Lookout estimates that mobile threats successfully stole more than one million dollars from Android users in 2011. In 2012, Lookout predicts that the criminal business of malware will be more profitable than ever before as the possibility of monetizing mobile devices grows and the cost of infecting devices lessens.

In the report, Lookout reveals that the annual likelihood of an Android user encountering malware today has increased to 4% up from a 1% likelihood measured at the beginning of 2011. Web-based mobile threats are also an important component of Lookout’s research, and the company found Android users worldwide have a 36% chance of clicking on an unsafe link in 2011. In the United States, the likelihood of encountering an unsafe link is higher than the global average at 40%. Additionally in the report, Lookout anticipates the methods that would-be thieves will use to target mobile users directly and discusses tips for consumers to protect themselves.

“2011 was a watershed year in terms of the types threats we saw emerging. Threats had greater sophistication and were deployed using more innovative and efficient distribution methods,” said Kevin Mahaffey, co-founder and chief technology officer at Lookout. “In 2012, we expect to see the mobile malware business turn profitable. What took 15 years on the PC platform has only taken the mobile ecosystem two years.”

Mobile Malware Monetization Trends

Mobile Pickpocketing (SMS/call fraud). In 2012, Malware writers will continue to steal money directly from consumers by accessing their mobile devices’ ability to charge phone bills via SMS billing and phone calls. Earlier this year, Lookout identified GGTracker, the first mobile malware that steals money from users in the U.S and earlier this week Lookout identified another Android Trojan, RuFraud, targeting Eastern European users.

Botnets. To date, Lookout notes botnet networks have yet to be used at scale. In 2012, Lookout anticipates malware writers could secretly integrate thousands of mobile devices into extensive botnet-like networks to distribute spam, steal private info, and install other malware. DroidDream and Geimini are examples of botnets.

Vulnerable Phones. Due to the difficulty of updating software and patching vulnerabilities on mobile phones, malware writers will continue to exploit iOS and Android OS at a pace greater than vulnerabilities can be resolved.

Mobile Malware Distribution Trends

Automated Repackaging. Malware writers will develop tools that enable the automatic repackaging of malicious applications. Lookout has seen instances where several infected apps were packaged by the same developer within a matter of seconds – quicker than someone could do manually – so the means for automated repackaging may already be in existence.

Browser Attacks. As with PC-based threats in the past, malware writers will attempt to profit via Web-based distribution like email, text messages and fraudulent websites. Even iOS devices have been targeted by websites designed to jailbreak them. In 2012, Lookout expects a continued increase in mobile phishing and messages linked to websites that automatically install malware.

Malvertising. Instances of malvertising (genuine-looking advertisements that link back to fraudulent sites) will continue to increase. Given this method has been successful with Trojans like GGTracker, we expect other malware writers to try similar distribution tactics.

For the in-depth predictions, data and accompanying graphics, please see Lookout’s Mobile Malware Predictions: http://blog.mylookout.com/blog/2011/12/12/2012-mobile-threat-predictions.

A new report recently issued by the security firm McAfee suggests that the number of malware applications targeting Android devices jumped 76% during the second quarter of this year, making Android the “most attacked” mobile operating system. “This year we’ve seen record-breaking numbers of malware, especially on mobile devices, where the uptick is in direct correlation to popularity,” senior vice president of McAfee labs Vincent Weafer said. Android users typically install the malware accidentally and assume the app is from a safe and legitimate developer. The most prevalent malware-infected modified applications were:

• Android/Jmsonez.A -  a calendar app that sends SMS texts to a premium rate number.
• Android/Smsmecap.A – a fake comedy app that sends SMS texts to everyone in the user’s address book.
• Android/DroidKungFu – malware that is capable of installing its own software and updates.
• Android/DrdDreamLite – capable of sending data back to the attacker.

McAfee also noted a number of popular Android Trojans that have been making their way through devices. In addition, the company released compelling figures for how much a hacker can sell stolen email addresses for. In the United States, for example, 10,000,000 addresses can be sold to spammers for roughly $300. Read on for McAffee’s full press release, which includes several data points for PCs, too.

McAfee Q2 2011 Threats Report Shows Significant Growth for Malware on Mobile Platforms

Report Shows Record Growth for Malware and Rootkits; Major Hacktivist Activity

SANTA CLARA, Calif.–(BUSINESS WIRE)–McAfee today released the McAfee Threats Report: Second Quarter 2011, showing that the amount of malware targeted at Android devices jumped 76 percent since last quarter, to become the most attacked mobile operating system. 2011 has also resulted in the busiest ever first half-year in malware history, including a first-ever appearance of Mac fake AV and a significant uptick in rootkits, suggesting that McAfee’s comprehensive malware “zoo” collection will reach a record 75 million samples by the year’s end.

“This year we’ve seen record-breaking numbers of malware, especially on mobile devices, where the uptick is in direct correlation to popularity”

“This year we’ve seen record-breaking numbers of malware, especially on mobile devices, where the uptick is in direct correlation to popularity,” said Vincent Weafer, senior vice president of McAfee Labs. “Overall attacks are becoming more stealth and more sophisticated, suggesting that we could see attacks that remain unnoticed for longer periods of time. High-profile hacktivist groups have also changed the landscape by drawing a line between attacks for personal gain and attacks meant to send a message.”

The report also details specific activity shaping the way cybercriminals operate, such as cybercrime “pricebooks” that determine the going rate for large email address lists, and acts of hacktivism and cyberwar.

2011 On Track to Reach Record “Malware Zoo”

With an approximate 12 million unique samples for the first half of 2011, a 22 percent increase over 2010, this has been the busiest first half-year in malware history. With the addition of Q2’s numbers, the grand total of total malware samples in McAfee’s database has reached approximately 65 million, and McAfee researchers estimate that this “Malware Zoo” will reach at least 75 million samples by the year’s end.

Android Nabs Top Spot for Most Mobile Malware

With the vast amount of personal and business data now found on user’s mobile phones, mobile malware is steadily increasing, often mimicking the same code as PC-based threats. In the second quarter of 2011, Android OS-based malware surpassed Symbian OS for the most popular target for mobile malware developers. While Symbian OS and Java ME remain the most targeted to date, the rapid rise in Android malware in Q2 indicates that the platform could become an increasing target for cybercriminals – affecting everything from calendar apps, to comedy apps to SMS messages to a fake Angry Birds updates.

Fake Anti-Virus for Apple, Rootkits and Stealth Malware Reach New Terrain

There are more Mac users than ever before, and as organizations increasingly adopt Macs for business use, Apple now has become more a target for malware authors. Though historically the Apple platform has been unaffected by fake anti-virus (fake AV) software, activity in Q2 indicates that it is now being affected. Although this type of fake AV is the first of its kind, McAfee Labs does expect fake AV in general will drop off over time.

Another malware category that is demonstrating recent steady growth is stealth malware. The tactic of hiding malware in a rootkit is used by cybercriminals to make malware stealthier and more persistent, and has seen this type of attack gain in prominence over the past year, with high-profile attacks such as Stuxnet. Stealth malware has increased more rapidly in the last six months than in any previous period, up almost 38 percent over 2010.

Acts of Hacktivism and Cyberwar Make Their Mark

Acts of hacktivism, primarily from the groups Anonymous and LulzSec, were among some of the most prominent cyber news generators for Q2. The report details hacktivist activity from Q2, with at least 20 global attacks reported in Q2 alone, and with the majority allegedly at the hands of LulzSec. The report also outlines acts of cyberwar that occurred in Q2, including attacks on United States’ Oak Ridge National Laboratory, and an attack on South Korea’s National Agricultural Cooperative Federation.

Email “Black Market” for Spammers

Though spam is still at historic low levels, due in part to the Rustock takedown, McAfee Labs still expects to see a sharp rise in activity over the coming months. A common method for cybercriminals to increase their volume of spam activity is to purchase a bulk list of emails in order to flood as much spam as possible to a widespread group of people. Whether it’s a botnet or a rental service, prices vary for such enterprises, often by location. For instance, in the United States, the going rate for 1 million emails is $25, whereas in England 1.5 million emails are worth $100.

For more information on trends related to hacktivism, cyberwar, web threats and malware, please download a full copy of the McAfee Threats Report: Second Quarter 2011 at http://www.mcafee.com/us/resources/reports/rp-quarterly-threat-q2-2011.pdf

The small group of hackers known as Lulz Security, or simply “LulzSec,” would never disband without one final round of fun. BGR reported on Monday that the group’s reign of terror was coming to an end after 50 lul-filled days. During that period of time, LulzSec released data stolen in a series of online breaches with targets ranging from Sony to the U.S. Government. In its coup de grâce, LulzSec released a stash of stolen data from a variety of targets, including AT&T, Disney and the U.S. Navy. But data obtained through online breaches wasn’t the only thing LulzSec stuffed into the file; a directory named “BootableUSB” also contained a variety of malware including trojans and worms. While “LulzSec” is no more and its notorious Twitter account now sits dormant, members of the well-known hacktivism group “Anonymous Operations” have confirmed that LulzSec is gone in name only — the six LulzSec members have been absorbed by Anonymous, according to the group’s official Twitter feed.

Read

Firm Lookout Mobile Security is warning of a new, sophisticated, Android-focused piece of malware that has been found in China. The security company warns that the trojan, dubbed Geinimi, can “compromise a significant amount of personal data on a user’s phone and send it to remote servers.” The malicious code is, currently, only found in third-party application stores attached to republished versions of legitimate applications.

“Geinimi is the first Android malware in the wild that displays botnet-like capabilities,” reads the post on the company’s blog. “Once the malware is installed on a user’s phone, it has the potential to receive commands from a remote server that allow the owner of that server to control the phone.”

Upon installation, compromised applications containing Geinimi’s payload will prompt users to grant the app far more permissions than the original application. The company notes that the trojan can relay IMEI, IMSI, and location information to remote servers as well as prompt users to install additional applications.

Again, Geinimi is only known to be found on third-party app stores in China, so there is no need to set your personal DEFCON level any lower than 4. All those here in good ol’ North America are safe for the time being, but such is the brave new world of mobile devices.

[Via Mobilized]

Read

The Duo seems to have been a failed experiment for battery maker Energizer in more ways than one. Sales of the USB nickle-metal battery charging station never really took off, and now, via a press release, the company has announced the monitoring software distributed with the Duo packs a fairly nasty Windows trojan. The rogue code, according to Computerworld: “listens for commands on TCP port 7777… can download and execute files, transmit files stolen from the PC, or tweak the Windows registry. The Trojan automatically executes each time the PC is turned on, and remains active, even if the Energizer charger is not connected to the machine.” Energizer released a statement saying: “Energizer is currently working with both CERT and U.S. government officials to understand how the code was inserted in the software.” 

Read

After a wave of attention surrounding a post on Apple’s support pages over the past few days, Cupertino has decided to pull the page from its site. The post in question encouraged “the widespread use of multiple antivirus utilities so that virus programmers have more than one application to circumvent, thus making the whole virus writing process more difficult.” As Apple’s OS X has yet to have any significant threats posed against it, the blogosphere questioned both the necessity and integrity of the recommendation, noting that two of the three recommended antivirus applications were available for sale from the Apple Store. Here we are a day or so later and Apple has removed the page from its site, stating:

We have removed the KnowledgeBase article because it was old and inaccurate. The Mac is designed with built-in technologies that provide protection against malicious software and security threats right out of the box. However, since no system can be 100 percent immune from every threat, running antivirus software may offer additional protection.

If that’s the case, then why pull the article? Is Apple now comfortable leaving its computer users vulnerable and open to an attack? Some speculate that Apple removed the note due to poor and confusing wording but if that were the case, surely the company would have merely clarified its position and recommendation rather than removing it completely. Right? Hopefully Apple will further clarify its position over the coming days as for the time being, some might say it looks like the company was looking to make a quick buck from less savvy users. After all, Apple doesn’t even require the use of antivirus software on its own in-store display units or the internal computers used by store employees.

Read

It looks like the care free days when Mac owners could sit back and relax without having to worry about malware are indeed coming to an end – maybe. Last month we told you about two new pieces of OS X malware that had been discovered and while neither poses a significant threat in most people’s eyes, it is clearly a sign of things to come. As loyal and vocal as Mac computer users are, until recently they hardly represented a significant portion of the market. As such, those responsible for creating end user-targeted malware focused on Windows since it was the clear and overwhelming market leader. Now that Apple’s computer market share is growing however, Mac user complacency with regards to viruses might lead to some big and easy scores for malware. Apple recently posted the following technical note as a result:

Apple encourages the widespread use of multiple antivirus utilities so that virus programmers have more than one application to circumvent, thus making the whole virus writing process more difficult.

The page goes on to recommend three antivirus solutions for OS X, two of which are offered for sale in the Apple Online Store. For the time being, we still haven’t heard any reported cases of a virus actually finding its way to a Mac computer in a real life situation so the following question is posed: Has Apple just firmed up its deals with antivirus providers or are we really in store for a hail storm of Mac malware sooner than we think? In either case, at least we won’t be seeing the commercial above air again any time soon.

[Via Newlaunches]

Read

Ruh roh, as Scooby would say. Once relatively untouchable, security experts have now found what they claim to be two new pieces of malware specifically targeting OS X. The first, ‘OSX.RSPlug.D’, is a Trojan capable of rerouting internet traffic to a malicious DNS server which will draw users to phishing sites and ads. So far the only reported sources of the Trojan are porn sites where it sits masked as a codec needed to display certain videos. The second piece of malware, ‘OSX.Lamzev.A’, is much less of a threat. While is is surely capable of doing some serious damage by letting hackers install backdoors in an affected user’s system, a hacker would need physical access to the user’s computer in order to place it. This news might not be terribly huge for most users right now, odds are it is indeed a sign of things to come as Apple computers grow more popular thus drawing the attention and resources of malicious hackers. No need to panic for the time being however, just watch where you go for, err, entertainment.

Read