Threats from Mobile Ransomware & Banking Malware Are Growing

Trend Micro Incorporated, a global leader in cybersecurity solutions released a report on the 2017 Mobile Threat Landscape. According to the report, ransomware, banking malware, and other threats aimed at smartphones increased sharply in volume last year and will pose a growing threat to organizations and individuals in 2018 and beyond.

Trend Micro’s report comes amid growing enterprise concerns over the threat to data security posed by mobile devices. Ransomware was not the only mobile threat. In 2017, the number of unique mobile banking malware samples that Trend Micro spotted increased 94%, to 108,439. On the good news front, less than 1% of the mobile ransomware samples that Trend Micro spotted last year actually ended up hitting end-user devices.

Nilesh Jain, Vice President – South East Asia and India, Trend Micro said, “With banking increasingly becoming an integral part of mobile device usage, attackers have begun building more-sophisticated capabilities into their mobile banking malware. By staying under the radar, they steal more than just credit card data, and bypass security mechanisms. On a positive note, the threat landscape is also prompting a stronger approach to mobile security, as reflected by initiatives on mobile vulnerability research and proactive coordination with various vendors and platforms.”

“App developers and original equipment and design manufacturers are fortunately poised to enforce security by design, go beyond functionality and incorporate data privacy and security in the lifecycle of an app’s development and operations. Everyday users also need to adopt best practices, while organizations, especially those with BYOD policies, must find a middle ground between the need for mobility and significance of security,” he further added.

In 2017, Trend Micro’s Mobile App Reputation Service (MARS) analyzed more than 468,830 unique mobile ransomware samples. That number represented a 415% increase in new ransomware from 2016. Mobile ransomware detections were highest in China, which accounted for nearly one-third of all detections, followed by Indonesia, India, and Japan.

Apple’s walled garden, though much harder to scale, wasn’t completely impervious, either. Many applications infected with adware and other unwanted functionality found their way to the company’s App Store. “Android is the predominant platform today for most malicious apps, including ransomware. But iOS appears to be a platform that threat actors are starting to target due to the number of potential victims. Apple’s walled garden makes it a more difficult platform to compromise,” says Jon Clay, director of global threat communications for Trend Micro.

The most pervasive mobile ransomware in 2017 was SLocker, an Android file-locking malware tool that alone accounted for more than 424,000 of the unique samples that Trend Micro analyzed during the year. The reason for SLocker’s pervasiveness stemmed from the fact that its authors released the malware’s source code publicly. This ensured that a lot more threat actors had access to the code and resulted in multiple versions of SLocker in the wild, each with different capabilities and ransom demands. One variant mimicked the user interface of the WannaCry crypto malware and was assembled using a do-it-yourself Android development kit.

BankBot, a reportedly improved version of an open-source malware whose source code was dumped in an underground hacking forum, emerged in early 2017 and eventually made its way to Google Play. BankBot’s latest versions spoof 160 banks from 27 countries. It is equipped with anti-sandbox and anti-signature capabilities and capable of communicating with command-and-control servers using Google’s Firebase Cloud Messaging services. One BankBot version found its way to Google Play and was downloaded between 5,000 and 10,000 times last year alone, according to Trend Micro.