F-Secure: Don’t Let These Top 10 Android Threats Infect Your Mobile World
February 2016 by F-Secure
The top Android threats last year antagonized people by locking their devices for ransom and pilfering their money in SMS-sending fraud, according to F-Secure Labs. The Labs’s Top 10 Android Threats of 2015 list is out today, offering a new look at how attackers have been taking aim at users of the open source OS. As the tech world prepares to converge on Mobile World Congress, the list is a stark reminder of the need for security for all things connected.
The ransomware family Slocker rose to prevalence in 2015, taking the number two position with 2.46% of detections. Slocker encrypts a device’s image, document and video files, and then displays a message accusing the user of breaking the law by having visited pornographic sites. It demands the user pay a penalty of $500 (via a service like PayPal) to unlock the device. To further intimidate the victim, it claims it has photos of their face and knows their location. Slocker infects via porn-related apps, and also via spam emails claiming to be an Adobe Flash Player update.
Making up 15% of detections, the older SmsSend family was the number one Android threat detected by F-Secure Labs in 2015. But it’s not the only SMS sending family on the list – further down are also Fakeinst, SmsPay, and SmsKey. Attackers profit by setting up their own premium rate number. An infected device sends text messages to the number, racking up charges on the user’s phone bill and fattening the attacker’s wallet. These trojans infect either via apps posing as games in third party app stores, or via porn-related apps.
Rounding out the Top 10 list are the information-stealing GinMaster, two exploits that obtain device root access, and a backdoor that gives the attacker access to a device to do as they please.
Rising in 2016: malicious payment apps
As far as threats that could be gaining ground in 2016, Zimry Ong, Senior Analyst in F-Secure Labs predicts malicious online payment apps will become more prevalent. These apps are pushed at the user while making a purchase on a perfectly legitimate website – one that’s been hacked.
“When you go to the checkout, instead of the usual checkout process, the website would push an app at you, asking you to use the app to complete your transaction,” Ong says. “If you do so, the attacker of course obtains the credit card and personal information you enter. Bottom line: if you’re shopping on a familiar website and there is suddenly a change from the usual checkout process, it’s a red flag that something is amiss.”