Mobile malware threats on the rise

• Android popularity making it a fave OS target
• BYOD trend increases the mobile threat

THREATS on the mobile platform are increasing in complexity and volume, security specialist Trend Micro Inc said in unveiling its Q1 2012 Asia Pacific security roundup report.
 
“We identified nearly 5,000 new malicious Android apps just this quarter,” said Myla Pilao, director of marketing communications at TrendLabs.
 
“Cybercriminal use of the mobile platform has evolved from the past hit-and-miss approach to more aggressive ways of exacting information,” he added.
 
Given the popularity of smartphones for Internet access and the huge Android user base, the increase in attacks targeting the operating system is not surprising, Trend Micro said in a statement.
 
Popular spy tool apps are among the 17 malicious apps in Google Play that enjoyed 700,000+ downloads so far, the company added.
 
Asia’s growing Bring Your Own Device (BYOD) trend also opens the mobile landscape to more security risks, it added.
 
Spam and Advanced Persistent Threats (APTs) were also listed as top security risks. Social media and vulnerabilities remain critical sources of exploits and malware.
 
The report noted a significant shift from “smash-and-grab incidents" used to be favored by cybercriminals to long-term, ongoing targeted attacks that often leverage social engineering and malware.
 
“Asia is the world’s largest source of spam, making it more vulnerable to threats” said Pilao. “This quarter, we uncovered evidence of black hole exploit campaigns that use sophisticated-looking spam.”
 
“We investigated spam runs that use the name of Facebook, US Airways, USPS, CareerBuilder, and others that trick users to click, then redirect them to landing pages compromised with the black hole exploit kits,” he said.
 
Common vulnerabilities of Adobe, Java, Windows and other software are exploited to drop malware and steal personal information, the company said.
 
Threats in social media are still ongoing, though not at a critical stage yet. The most significant points in Trend Micro’s report, however, are the cunning social engineering tactics that put data in peril.
 
For example, Whitney Houston’s death, and other sociopolitical upheavals have provided cybercriminals new social-engineering campaign material. It is worth noting that even well-known campaigns may run for a long period of time. People behind these attacks use variants of the same malware and constantly launch new attacks against their targets while continuing exploiting newsworthy events to lure potential victims, the company said.
 
“Generally speaking, the threats Asia Pacific experienced in the first quarter of this year did not change much from the previous quarter. Nevertheless, of this quarter’s four threats, the increasing mobile usage opens most users to maximum security risks,” Pilao said.
 
“Though many organizations are still uncomfortable with consumerization, security and data breach incidents in 2012 will force them to face BYOD-related challenges.”