Mobile phones are becoming an integral part of our connected lives, aptly indicated by the surge in usage of mobile wallets, online transactions and app downloads. However, these devices are also on the radar of cyber criminals. “With banking increasingly becoming an integral part of mobile device usage, attackers have begun building more-sophisticated capabilities into their mobile banking malware. By staying under the radar, they steal more than just credit card data, and bypass security mechanisms.,” said Nilesh Jain, vice president – South East Asia and India, Trend Micro. “On a positive note, the threat landscape is also prompting a stronger approach to mobile security, as reflected by initiatives on mobile vulnerability research and proactive coordination with various vendors and platforms.” According to a Trend Micro 2017 Mobile Threat Landscape report, ransomware, banking malware, and other threats aimed at smartphones increased sharply in volume last year and will pose a growing threat to businesses and individuals in 2018 and beyond. The number of unique mobile malware samples increased to 1,08,439 in 2017, which was 94% more than the total in 2016, the report said. The good news was that less than 1% of the mobile ransomware samples that Trend Micro spotted last year actually ended up hitting end-user devices.
Trend Micro’s report comes amid growing enterprise concerns over the threat to data security posed by mobile devices. In 2017, Trend Micro’s Mobile App Reputation Service (MARS) analysed more than 468,830 unique mobile ransomware samples. That number represented a 415% increase in new ransomware from 2016. Mobile ransomware detections were highest in China, which accounted for nearly one-third of all detections, followed by Indonesia, India, and Japan. The most pervasive mobile ransomware in 2017 was SLocker, an Android file-locking malware tool that alone accounted for more than 424,000 of the unique samples that Trend Micro analysed during the year. The reason for SLocker’s pervasiveness stemmed from the fact that its authors released the malware’s source code publicly. This ensured that a lot more threat actors had access to the code and resulted in multiple versions of SLocker in the wild, each with different capabilities and ransom demands.
BankBot, a reportedly improved version of an open-source malware whose source code was dumped in an underground hacking forum, emerged in early 2017 and eventually made its way to Google Play. BankBot’s latest versions spoof 160 banks from 27 countries. One BankBot version found its way to Google Play and was downloaded between 5,000 and 10,000 times last year alone, according to Trend Micro.
“App developers, original equip-ment and design manufacturers are fortunately poised to enforce security by design, go beyond functionality and incorporate data privacy and security in the lifecycle of an app’s development and operations. Everyday users also need to adopt best practices, while companies, especially those with BYOD policies, must find a middle ground between the need for mobility and significance of security,” Jain added.