Apple iCloud Attack Pales In Comparison To Mobile Banking Malware Danger

A malicious mobile app that can tap into SMS messages and steal passwords, two-factor authentication passcodes and other sensitive mobile data makes the recent attack against celebrity iCloud accounts pale in comparison to the dangers it foreshadows against mobile users.

Researchers at security vendor FireEye said the Android KorBanker malware app, which has been used against a variety of victims in Korea, provides evidence that mobile malware can be part of a larger operation to collect data on corporate users. KorBanker is designed to gain access to SMS text messages and steal as much information it can glean from device owners, and send it to a remote server where criminals can retrieve it.

The attack campaign has been ongoing for the last 11 months, but the criminals behind KorBanker conducted a new round of attacks in August, infecting more than 1,700 devices with the malware, said Hitesh Dharmdasani, a FireEye malware researcher in a blog post about the threat. Dharmdasani said the attack is adding to an already complex threat landscape.

[Related: Horror Stories: Top 5 BYOD Threats]

Over the course of 55 days, FireEye researchers monitoring one of the command-and-control servers connected to KorBanker uncovered 10,000 SMS messages from nearly 100 devices. The messages contained two-factor authentication codes from social networks, and other services and passwords to VPN services, Dharmdasani said. The information also included location sharing and mobile banking information, he said.

"Since such information can potentially be used to access corporate networks, mobile malware plays an important role in the newly evolving multivector threat landscape," Dharmadasani said.

Mobile threats are growing but remain more widespread in Eastern Europe, Russia and Asia, according to several new reports. Mobile malware and high-risk apps numbered 2 million in the first half of 2014 and are growing at a rate of 170,000 apps per month, according to Trend Micro, which issued its mobile threat report last week.

Threats to mobile users took center stage this week following the leak of hundreds of nude celebrity photos that were stolen by hackers who gained access to their Apple iCloud accounts. Apple acknowledged the iCloud security incident this week, following its investigation, which found the attacks were targeted at users and were not part of a data breach. But security experts point out that the Apple application believed to have been used to tap into the data didn't contain a security mechanism to thwart brute-force attacks that use automated tools to make repeated attempts to guess account passwords.

The isolated mobile security incidents shed light on potential new dangers to mobile users, said solution providers, who are advising businesses about the risks posed by mobile devices. Mobile device owners can be easily tricked into downloading an app that could be used to steal data, said Bob Coppedge, owner of Hudson, Ohio-based managed service provider Simplex-IT. The risks in the near term seem mundane, but dangerous threats often rely on time-tested techniques because they work, Coppedge said.

"I don't really know how a flashlight app works, but I know it doesn't need to have access to who my contacts are or require a password to function," Coppedge said. "Millions of consumers are giving up their security and privacy by blindly installing applications, and it may have a future impact on data protection."

NEXT: Future Mobile Threats Trump Apple iCloud Attack

Among the new threats uncovered by security researchers were a new mobile malware designed to support Bitcoin mining and mobile ransomware designed to lock up a device and extort a fee for the unlock code. In July, Trend Micro uncovered a criminal gang that targets bank customers that use session tokens sent through SMS as a security measure. The campaign potentially impacted users in Austria, Sweden, Switzerland and other European countries where session tokens are more widely used by banks.

Kaspersky Lab analysis of the new mobile ransomware called Koler, found that those infected with the threat were greeted with a phony message from law enforcement demanding up to a $300 fine to unlock the device. The security vendor said the attack was detected on at least 2,000 Android users in the U.S. and in 30 other countries.

Encountering mobile malware is extremely low in the U.S., according to a report issued last year by San Francisco-based Lookout Mobile Security. The biggest threat to U.S. mobile device owners is adware that relies on device data, such as location for display ads, the study found. The company's analysis found that malware, such as spyware and Trojans that secretly steal data from device owners, affects an estimated 0.2 percent of U.S. mobile users.

While the attacks remain limited to specific regions, they deserve attention as users increasingly conduct banking and buying on tablets and smartphones, said Justin Flynn, a security consultant with Chicago-based solution provider Burwood Group. Criminals will target any platform where the biggest return can be earned from their efforts, Flynn said.

"It's only a matter of time where all the talk about mobile threats becomes reality for many users," Flynn said.

The most malicious mobile app downloads were documented in Israel, followed by Vietnam, China and South Korea, according to Trend Micro, which cited increased malicious downloads as a result of the prevalence of piracy in many of the countries. The U.S. and Japan did not make this list, the company said, because users there rely on official app stores maintained by Apple and Google.

PUBLISHED SEPT. 3, 2014