Cybercrime has come a long way since it was mostly a digital form of vandalism. It has developed into a criminal business operated for financial gain and is now worth billions. In a new report, AVG focuses on some of the most notable cybercrime developments in the last quarter.
QR codes are becoming popular for mobile users to insert text and URLs into the mobile device without typing. Unfortunately they are also being discovered as an ideal way to distribute malware to unsuspecting victims. The user does not know what lurks behind the QR code until the malware is already installed and running.
Putting a malicious QR code sticker onto existing marketing material or replacing a website’s bona fide QR code with a malicious one could be enough to trick many unsuspecting people.
“In Q4 we clearly saw the convergence between computers and mobile phones applies to malware too. As phones become more like computers, so do the risks,” said Yuval Ben-Itzhak, CTO, AVG Technologies. “Many sophisticated tricks of the trade from computers are now being repurposed for phones. However, as phones are often tied into billing systems the gains can be far greater.”
2011 saw a surge in both Android users and Android malware samples. In December, Google removed another 22 malicious apps from the Android Market, making the total for 2011 pass the 100 mark.
Cyber criminals have now clearly discovered phones as an interesting target. In another sign that mobile phones are becoming more like computers every day, the use of stolen certificates is now making its way to mobile devices.
Digital certificates are often used to certify the identity of the author of an application. If a criminal can get their hands on the certificate belonging to a major software developer, their malware can circumvent security provisions and give
Malware targeting mobile devices is evolving “frighteningly” fast and has the potential to be even more destructive than ever before, according to a worrying new report.
The AVG Community Powered Threat Report is based on the online security firm’s community protection network traffic and data, collected over a three-month period and analysed by AVG Threat Labs.
It provides an overview of web, mobile devices, spam risks and threats, with statistics obtained from the community protection network, described as an “online neighbourhood watch”.
Information about the latest threats is collected from customers who choose to participate in the product improvement program, and shared with the community to ensure its protection.
According to the latest report, the rise of mobile devices has led to rapid growth of mobile malware, primarily targeting Android-based devices.
“Malware targeting mobile devices [is evolving] frighteningly fast, and the magnitude has the potential of being even more destructive than before,” the report said.
“At the end of 2010, numbers [were] already indicating that new mobile devices were overtaking new purchased PCs… While consumers are going mobile, so are the cyber criminals.”
“We have witnessed the use of the same malicious intent tactics targeting mobile devices: social engineering, stolen or fake certificates to sign malware, rootkits and other tactics.”
In 2011, AVG reported on the rapid growth of malware targeting Android devices, presenting examples of malicious code and infection methods.
According to AVG, this trend continues to grow against a backdrop of the “enormous” growth of activated Android devices in the past six months, from 100 million devices to 200 million.
“Cyber criminals have now clearly discovered phones as an interesting target… 2011 saw a surge in both Android users and Android malware samples,” AVG said in its report.
“In December, Google removed another 22 malicious apps from the Android market, making the total for 2011 pass the 100 mark.”
Malware targeting mobile devices is evolving “frighteningly” fast and has the potential to be even more destructive than ever before, according to a worrying new report.
The AVG Community Powered Threat Report is based on the online security firm’s community protection network traffic and data, collected over a three-month period and analysed by AVG Threat Labs.
It provides an overview of web, mobile devices, spam risks and threats, with statistics obtained from the community protection network, described as an “online neighbourhood watch”.
Information about the latest threats is collected from customers who choose to participate in the product improvement program, and shared with the community to ensure its protection.
According to the latest report, the rise of mobile devices has led to rapid growth of mobile malware, primarily targeting Android-based devices.
“Malware targeting mobile devices [is evolving] frighteningly fast, and the magnitude has the potential of being even more destructive than before,” the report said.
“At the end of 2010, numbers [were] already indicating that new mobile devices were overtaking new purchased PCs… While consumers are going mobile, so are the cyber criminals.”
“We have witnessed the use of the same malicious intent tactics targeting mobile devices: social engineering, stolen or fake certificates to sign malware, rootkits and other tactics.”
In 2011, AVG reported on the rapid growth of malware targeting Android devices, presenting examples of malicious code and infection methods.
According to AVG, this trend continues to grow against a backdrop of the “enormous” growth of activated Android devices in the past six months, from 100 million devices to 200 million.
“Cyber criminals have now clearly discovered phones as an interesting target… 2011 saw a surge in both Android users and Android malware samples,” AVG said in its report.
“In December, Google removed another 22 malicious apps from the Android market, making the total for 2011 pass the 100 mark.”
Third-party Android markets have always been the favorite means of malicious app dissemination, especially in regions like Asia, where users don’t have access to the official repository.
This is also the case with the latest campaign laid out by cyber-crooks to lure users into installing well-known applications on the genuine Android Market, but which have been tampered with in order to launch additional services along with the original app.
Shortly put, the original Android application downloaded from a third-party location contains “the real deal” as well as a Trojanized service (usually called “GoogleServicesFrameworkService”), which is launched as soon as the host application is started.
Identified by Bitdefender as Android.Trojan.FakeUpdates.A, this piece of malware connects to a CC server and fetches a list of links to different APKs. After that, it downloads each APK from the list and then displays a notification in the status bar area, reading “In order to have access to the latest updates, click Install).” This approach confuses the user, as they have no idea where the message came from.
This Trojan requires an extensive array of privileges upon installing, in order to make sure that it can take full control over the smartphone whenever necessary. Depending on the APKs to be downloaded and installed, the application may require up to 10 privileges prior to the installation and most of the users will accept it without any second thoughts, since they believe that what is to be installed is an update to one of the applications they already have installed.
Android application posted on third-party Android Markets are nothing new; however, what is particularly important is the attackers’ modus operandi: they publish a totally legit application on the respective Market, let it live for a couple of days to get the positive ratings and gain users’
NQ Mobile and the National Cyber Security Alliance (NCSA) have jointly produced and published a new ‘Report on Consumer Behaviors and Perceptions of Mobile Security.’
The report, conducted independently, surveys 1,158 American smartphone users and provides a thorough and sometimes surprising insight into consumers’ attitudes toward and understanding of mobile security. It highlights, for example, that business really should be concerned about the security implications of evolving consumerization (or ‘bring your own device’) in the workplace.
Participants were presented with nine types of data that could be vulnerable on their smartphones. Unsurprisingly, most were concerned about protecting their passwords (67%). More worryingly, fewest were concerned about protecting work-related data (34%).
That’s just one statistic from a detailed survey. But it supports a strong impression that emerges from the report: smartphones may be encroaching on business use, but they very much remain a personal device primarily used for personal purposes.
The report also indicates a fairly relaxed attitude toward personal information. Nine out of ten users are aware that their phones contain personal information, but only 35% of users are very concerned about it. Surprisingly, 23% of users are unaware that security features are able to protect privacy.
The report also presents a mine of information for anyone interested in the sociology of security since the responses are frequently broken down by men and women. Men are more aware of general security threats; men are more aware that smartphones contain personal information, but women are more concerned about privacy issues; and, of course, men are significantly more confident that they know what they need to know.
Overall, the message that comes from this survey is that users are aware and somewhat concerned about smartphone security, but neither understand enough about security nor what to do to get it. “It’s clear that smartphone users
This figure is derived from the number of users who put their bank accounts at risk from phishing and other cyber attacks through the use of insecure public WiFi. Commissioned by web hosting and domain registry company UK2, the YouGov survey shows that more than half (56%) of UK adults who use public WiFi either do not or rarely check to see if the network is encrypted. “Public WiFi networks in places such as coffee shops, pubs, airports or hotels, are often unsecured connections which can expose personal data and leave devices open to online threats such as malware, spyware and cyber-snooping.”
Worryingly, 15% of the UK’s public WiFi users have entered credit or debit card details over public WiFi, while 14% have logged on to online banking.
These figures are particularly surprising since the same users are far more security conscious using their own home WiFi, where 86% of WiFi users take measures to ensure their WiFi is secure.
“The results of our research on public WiFi usage suggest that users prioritise convenience over taking sensible security precautions,” says Russell Foster, managing director of VPNHQ (UK2’s VPN-based security solution). “The amount of personal data transmitted from mobile devices is growing, making them increasingly attractive targets for cyber criminals.”
AuthenTec (NASDAQ: AUTH – News), a leading provider of mobile and network
security, announced the availability of the new fingerprint security
solution – including an Eikon fingerprint sensor and TrueSuite identity
management software – for Apple Mac laptops and desktop computers
running on Lion and Snow Leopard operating systems.
The new Eikon-TrueSuite offering from AuthenTec includes the following
features:
Web site logon (new) – logon to websites with a swipe of the finger;
no need to type passwords
QuickLaunch (new) –launch and logon to favorite websites; associate
websites with different fingers
Easy fingerprint enrollment/setup
Mac logon
Fast user switching
Automatic updates (new) – ensure your software always incorporates the
newest features
The new Eikon fingerprint reader for Mac and matching TrueSuite user
software will be
ARCEP, the French telecommunications regulator, has promised to investigate whether new network operator Free Mobile is still offering the level of coverage required by its license, following complaints by employees of rival networks. But it also warned the company’s critics to stop whining, saying that the existing three network operators had all failed to meet their coverage obligations at launch.
Free Mobile expected to make waves when it barged into the French 3G market on Jan. 10 with a €20 ($26) plan offering unlimited voice, SMS and data, and another plan offering 60 minutes and 60 texts for €2 a month. It succeeded: Within days, rival Orange slashed the cost of its Sosh 24/7 unlimited voice and data plan from €39.90 to €24.90, and introduced a new plan at €9.90 with 120 minutes and unlimited texts and access to its Wi-Fi hotspots.
The impact of Free Mobile’s launch could be felt across Europe, even though the company has no operations outside France. With many countries auctioning off spectrum to operate 4G mobile services over LTE (Long Term Evolution), new market entrants will be keeping a close eye on Free Mobile’s low-cost business model. It may also affect mobile pricing across Europe by providing a new benchmark for regulators, particularly the European Commission in its mission to lower the cost of roaming: One element keeping roaming fees high is the cost of network access in the country visited.
When Bruce Poon Tip was exploring in the South Pole earlier this month, he needed a way to communicate with his 1,500 employees scattered across the globe.
But Mr. Poon Tip, the founder of Toronto-based global travel company G Adventures, was faced with a challenge: His laptop was too heavy to carry across Antarctica.
When Bruce Poon Tip was exploring in the South Pole earlier this month, he needed a way to communicate with his 1,500 employees scattered across the globe.
But Mr. Poon Tip, the founder of Toronto-based global travel company G Adventures, was faced with a challenge: His laptop was too heavy to carry across Antarctica.
Third-party Android markets have always been the favorite means of malicious app dissemination, especially in regions like Asia, where users don’t have access to the official repository.
