"We recorded a new negative record for 2013, with 1.2 million Android malware programs. In doing so, the eCrime industry is largely relying on the theft of personal data that can be sold for profit in dedicated markets," explains Eddy Willems, G Data Security Evangelist. And there is no chance of the expert giving the all-clear for this year. "From the perpetrators' perspective, 2014 is the Year of Data Theft, since fraud involving expensive premium rate SMS messages is no longer profitable as a result of the security mechanisms installed in Android 4.2 and higher. This means that cross-platform attacks and digital currencies such as Bitcoin are growing in interest for cyber criminals in the mobile sector."
672,940 new Android malware strains in the second half of 2013
The number of new Android malware instances increased by 30 percent compared to the first half of 2013, and in doing so reached a new record. The criminals also achieved a new negative best in the total number of 1,199,758 new malware apps – this is an increase of 460 percent compared to the whole of 2012.
Trojan horses continue to dominate
Eight out of ten malware apps sorted into malware families are Trojan horses. These are used by criminals with the aim of stealing personal data and making money out of it in dedicated eCrime markets.
Another major problem is potentially unwanted programs (PUPs), which make up more than half of the malware programs counted in the second half of 2013. “PUP” includes applications that are not strictly malicious, but are conspicuous for displaying unwanted advertising and for spying functions. They are often hard to remove too.
Three forecasts for the first half of 2014
- SMS malware continues to decline: Fraud involving premium rate SMS messages will continue to decline because Android contains a special security mechanism from version 4.2. Criminals will mainly concentrate on stealing personal data instead.
- Bitcoin and the like targeted: Digital currencies are becoming more and more popular among customers and vendors on the Internet. However, these are based purely on data, which makes the cash easy to steal. G Data believes that cyber thieves will use Android malware to steal information for Bitcoin and other digital currency amounts directly from smartphones and tablets.
- Cross-platform attacks grow in frequency: Mobile devices are popular for online banking via an mTAN process, to carry out payment transactions securely for example. Criminals will be increasingly focusing on this and using cross-platform malware programs and attacks.
The G Data Mobile Malware Report is available online at: www.gdatasoftware.com/rdk/dl-en-mmwr_2013_02