As you may have read here, the GameOver Zeus botnet and CryptoLocker ransomware have been disrupted. However, it is still too early for a victory celebration. First, it’s possible that, following the breathing-space created by the police actions, the cybercriminals will re-establish control of the botnet and continue their activities. Second, stories of the GameOver Zeus and CryptoLocker campaign have already spawned a number of copycats – among mobile malware writers.
Banking Trojans and ransomware are well-established threats to PCs and laptops. The recent GameOver Zeus Trojan, for example, not only operates as a classic banking Trojan, searching your computer for personal information such as passwords and financial data; it also installs the CryptoLocker Trojan, which encrypts your data and demands a ransom payment for decrypting it.
But people are much less aware of the threat to mobile devices. Smartphone ownership in the UK is currently at 59 per cent, with one in three households owning tablets and yet device protection is a subject that constantly flies under the radar. Yet the quantity of mobile malware is increasing at an alarming rate. In just the first quarter of 2014, we saw half the number of mobile malware samples (100,000) that we’d seen since during the period 2004-13. If this trend continues, this means the quantity of mobile malware will increase by 100 per cent by the end of the year.
We made some predictions last December about the likely development of mobile malware, some of which have haven’t taken long to materialise – specifically the emergence of ransomware for mobile devices. For example, there’s a new mobile Trojan called Svpeng which combines the functionality of financial malware with ransomware capabilities (see blog on Securelist). This Trojan, which has been around for some time, has been focused on victims in Russia. But this latest version targets mainly US victims (although people in the UK, Switzerland, Germany, India and Russia have also been affected). This is the first time that the cybercriminals behind this well-known money-stealing Trojan have turned their attention to other markets and today, more than 91% of attacks using this Trojan target English-language users. As with mobile malware generally, this malware targets Android devices, and tries to extort money from its victims by blocking access to the device and demanding money to unblock it. It’s evident that cybercriminals now see mobiles as an attractive target and are employing techniques that have already proven to be lucrative when implemented on PCs and laptops.
Whilst our goal is to help protect the public from these threats, we also want to make them aware that they can help protect themselves from malware and data theft. Please find below some top tips:
– Don’t ‘jailbreak’ or ‘root’ your device;
– Use a PIN or (even better) a long passcode;
– Don’t install apps from untrusted sources;
– Avoid public Wi-Fi for confidential transactions;
– Don’t store sensitive data on the device and make sure you backup important data.
David Emm, Senior Security Researcher, Kaspersky Lab
David is an internet safety expert who works with the Global Research and Analysis Team at Kaspersky Lab. What David doesn’t know about online security is not worth knowing and he is passionate about sharing his knowledge with others. David writes articles and white papers on the latest cyber security issues and delivers presentations and training on malware-related matters. Having worked at Kaspersky Lab for over nine years and in the security industry for more than 22, he’s well schooled on the various issues faced by both businesses and consumers.