Page 1 of 2
Amid escalating concerns around mobile phone malware, a new study suggests that SMS-based Trojans have become the favored means of gaining access to mobile devices.
According to Kaspersky's third quarter 2012 Malware Threat Report, 57 percent of all malware detected on smartphones was made up of SMS Trojans, which are designed to extract money from mobile accounts by sending SMS messages to numbers that automatically charge fees upon receipt of the message. But the company also suggests that mobile malware is continuing to advance. The report says that a new and more sophisticated breed of malware for the theft of data is already gaining momentum, accounting for approximately 35 percent of android malware sampled in third quarter 2012.
"SMS Trojan horses are really very rudimentary, but a huge problem for the Android ecosystem," said Roel Schouwenberg, senior researcher at Kaspersky Lab, via email. "Android 4.2 will introduce new mitigations to make it harder to send text messages to premium numbers silently. As the threat landscape evolves, we'll see an increasing amount and focus on more sophisticated malware. That will most likely be focused on backdoors and infostealers, most certainly targeting mobile banking/payments in the future."
The report also says that 28 percent of mobile devices hit by malware during the third quarter of this year were running Android OS version 2.3.6, which is also known as "Gingerbread." Although the platform is more than a year old, it is still one of the most widely deployed versions, representing 55 percent of all Android devices, according to Kaspersky.
"With Android, it depends on your carrier and device model when you get [security] patches," explained Schouwenberg. "Generally, there's a big delay between when Google fixes vulnerabilities and when those fixes are available for all the various devices. That means there's a big window of opportunity for the bad guys. Additionally, Google's platform is much more open than competing platforms. That means it's easier for attackers to introduce malware to the device -- be that via the market place, external medium or browser."
Looking beyond the mobility sector, the Malware Threat Report also claims that Java vulnerabilities were exploited in 56 percent of all attacks. It claims that part of the problem is due to the fact that Java updates are installed on demand rather than automatically. This extends the window of opportunity for attackers, according to Kaspersky. But the report also points to the software's multiversion compatibility with Windows, combined with its widespread deployment, as other reasons why it is so heavily leveraged by cybercriminals.
NEXT: Adobe Reader Ranks Second