Mobile attackers have been consistently targeting owners of Android smartphones and tablets in China and Russia, but McAfee said Monday that it is seeing signs of the mobile threat spreading to other parts of the world.
Mobile device owners in South Korea, Italy and India suffered targeted attacks primarily aimed at Android devices, according to the McAfee Threats Report, which outlined malware and attack trends its security researchers identified in the first quarter of 2013.
McAfee said the total number of samples in its mobile malware database reached 50,926, with 28 percent detected in 2013. The security vendor said it only counts unique malware families and variants in its tally of threats. The report supports the consistent rise of attacks targeting mobile devices and specifically owners of Android devices. Many of the threats are phony apps, downloaded from third-party app stores, and text messaging Trojans, designed to rack up premium phone number charges, McAfee said. A large number of identified threats include aggressive apps that act as spyware, forwarding contact information and other data to remote servers for use by advertisers without the consent of the user.
"Although the threats of commercial spyware and adware are declining, we see that malicious spyware and targeted attacks are becoming more prominent," McAfee said in its report. "Malicious spyware combined with botnets are among the latest threats."
McAfee said it identified a text messaging attack in South Korea attempting to dupe people by masquerading as a coupon app for Starbucks coffee stores. It was detected in April and was capable of silently forwarding text messages to a location in China. In India, mobile attackers targeted job hunters. The attack usesfa fake job offer in an email attachment or phony app and attempted to trick users into sending a fee for travel expenses to the nonexistent interview.
Android device owners in Italy, Thailand and Australia fell victim to an online banking attack. The attackers touted mobile apps that masqueraded as secure software for banking. Once installed, it forwarded personal information, including mobile transaction numbers to attackers believed to be located in Russia.
In addition to mobile malware, McAfee said browser-based attacks continued to dominate the threats posed to desktops and laptops among its customer base. SQL injection attacks that target websites and blogs also were among the most frequent threats, followed by attacks targeting vulnerabilities in Windows remote procedure calls.
McAfee identified a rapid increase in AutoRun malware, which spreads on USB drives and is automatically triggered when a victim plugs the USB into the PC. The firm said it saw an increase of 1.7 million new AutoRun threats. Ransomware attacks also are becoming a serious problem, according to McAfee, which said it identified 250,000 unique samples. Attackers lock victims out of their data and then demand a payment to unlock the data or provide a phony service to remove the infection after collecting a fee.
The Cutwail spam botnet, was the most prevalent botnet in the first quarter of 2013, according to McAfee. The Festi botnet, another spam botnet that surfaced in 2009 and is associated with Denial-of-Service attacks, also ranked highly. The Kelihos botnet, which spreads spam and malware, has been disrupted by security researchers several times, but continues to be a problem, McAfee said.
PUBLISHED JUNE 3, 2013