According to the results of the “Mobile cyber-threats” survey carried out by Kaspersky Lab and INTERPOL between August 2013 and July 2014, every fifth Android-based device protected by Kaspersky Lab security solutions was attacked by malware at least once during the reporting period. The most popular malicious programs are SMS Trojans that send messages to premium rate numbers without the owner’s awareness.
A total of 1,000,000 Android device users around the world encountered dangerous software between August 2013 and July 2014, representing about one fifth of all Kaspersky Lab mobile product users. In fact, this period was the peak of cyber-attacks registered in recent years.
Detections made by Kaspersky Lab security solutions for Android-based devices over the whole period of monitoring. Source: Kaspersky Security Network
Users in Russia, India, Kazakhstan, Vietnam, Ukraine and Germany are among the main targets for cyber-attacks targeting Android OS. Mostly this is because people in these countries often pay for content and online services via SMS; for cybercriminals it is an attractive way to monetize malicious attacks because they can use these services to quickly and anonymously transfer money from prepaid mobile accounts to third-party bank accounts.
In the Middle East region most mobile malware attacks were registered by Kaspersky Lab in Saudi Arabia (36% of the joint figure for top affected countries), followed by Egypt (24%) and United Arab Emirates (20%).
The main reason for the increase in the number of attacks and attacked users globally was the spread of Trojan-SMS family programs. These accounted for 57.08% of all detections made by Kaspersky Lab security solutions for Android-based devices globally. Second came RiskTool (21.52% positives), conditionally legitimate programs which can, however, be used for malicious purposes (sending SMS notifications of paid messages, transmitting geo-data, etc.). Applications with aggressive advertising (pop-ups, notifications in the status bar, etc.) were in third place (7.37%). In the Middle East the top 3 most active malware types are ranked differently: RiskTool (55%), AdWare (19%), Trojan-SMS (8%).
“We often hear experts saying that Android users have nothing to worry about, that although malicious programs for this system appear regularly, the number of attacks is not significant. Until recently, that could be regarded as a fair comment. However, the situation has changed dramatically over the last year – and not for the better”, said Roman Unuchek, senior virus analyst at Kaspersky Lab.
However, it cannot be concluded that the threat landscape for Android-based devices was entirely pessimistic during the reporting period. In April 2014, Kaspersky Lab experts noted a serious decline in the total number of attacks that happened, mostly due to a serious drop in the number of Trojan-SMS attacks. This may have been the result of new rules for the services paid via SMS introduced by Russia’s telecoms regulator. Now all Russian operators must be sent a confirmation message from any subscriber who is trying to pay for services via SMS. Since July 2014 the number of attacks has started increasing once more, it is possible that the new legislation contributed to the fall in April, indirectly confirming the effectiveness of legislation against cyber-fraud.
“INTERPOL and Kaspersky Lab have produced a report highlighting the currents threats and trends picked up over the course of 2013 and 2014. This report again underlines that cybercrime is not exclusively a new form of crime. What we see here is the model and structure of traditional organized crime encapsulated in a technologically advanced form,” said Dr. Madan Oberoi, Director of Cyber Innovation & Outreach at INTERPOL. Other results from the Kaspersky Lab “Mobile cyber-threats” survey are available on Securelist.com.