Skip to main content

For many consumers and business users alike, mobile devices represent critical tools to access information and communicate on the go. In fact, mobile devices are now the primary end point for internet access in many countries, including the U.S., Canada, U.K, China and Mexico, among others.

However, as more people utilize their smartphones, tablets and laptops for critical corporate and personal activities, hackers have begun to take notice. Attackers are continually redirecting their efforts from the desktop to the mobile endpoint, and as a result, threats to the mobile platform are currently on the rise.

Mobile malware: Increase in unique samples

According to data gathered from Trend Micro’s Mobile App Reputational Service (MARS) included in the 2017 Midyear Security Roundup, an increasing amount of unique mobile ransomware samples have been seen this year. Figures peaked in March 2017, when MARS identified 56,000 mobile ransomware samples.

“Ransomware figures peaked in March 2017, when MARS identified 56,000 mobile ransomware samples.”

The shift from desktop ransomware to mobile ransomware is only natural for cyber criminals. These types of attacks scare victims with robust encryption and a ransom notification, and attackers have seen considerable – and profitable – success from desktop ransomware.

Now, mobile ransomware is becoming increasingly common, like, for example, the recently discovered SLocker sample. Trend Micro’s Mobile Threat Response Team reported on SLocker in July, noting that this new variant was following in the footsteps of the now-infamous WannaCry.

“The SLocker family is one of the oldest mobile lock screen and file-encrypting ransomware and used to impersonate law enforcement agencies to convince victims to pay their ransom,” the Trend Micro Mobile Threat Response Team wrote. “After laying low for a few years, it had a sudden resurgence last May. This particular SLocker variant is notable for being an Android file-encrypting ransomware, and the first mobile ransomware to capitalize on the success of the previous WannCry outbreak.”

As ransomware will continually be used on mobile endpoints in addition to desktop systems, it’s imperative that users – especially those leveraging their devices for enterprise operations  – have the right protection in place.

mobile ransomwareMobile devices are just as likely to be hit by ransomware as PCs.

Third-party app stores continue to pose risks

Ransomware isn’t the only threat mobile users should be aware of. In the past, attackers have leveraged the somewhat lax security of third-party app stores to spread malware-containing mobile apps, and this strategy is still creating security risks.

Trend Micro noted in September that one of the most recent attacks in this category was dubbed Red Alert 2.0 after a popular video game. The banking Trojan particularly targeted Android devices via third-party app stores – it has not been discovered in the official Google Play store.

Red Alert 2.0 is a particularly powerful attack which looks to steal user credentials, and has the ability to block incoming calls from banks to prevent verification. In addition, the sample can also intercept SMS messages, which hackers can data mine and utilize for future attacks, according to Trend Micro.

As evidenced by Red Alert 2..0, last year’s Fobus Super Mario Run attack and other similar samples, third-party app stores can be ripe with threats and are best avoided.

Person in a tee-shirt holding a smartphone, close up on the device and person's hands. Are your mobile devices at risk?

Toast Overlay enables Android malware installation

In early November, Trend Micro Mobile Threats Analyst Lorin Wu wrote about the Toast Overlay attack, which is now being leveraged to enable malicious mobile apps to install additional malware after being deployed in Android mobile devices.

The Toast Overlay, also known as ANDROIDOS_TOASTAMIGO, is supported by several infected apps currently, one of which boasts 500,000 installs as of November 6, 2017. This overlay-style of attack enables hackers to use drawings or superimpositions to trick users into clicking certain buttons or running other apps. To the victim, it appears as if the app and their device is functioning regularly, but they’re actually seeing an overlay as the attacker guides them through malicious activity in the background.

Although the attack leverages a vulnerability that was patched in September, those that have not installed the recent update are still at risk.

Guarding against mobile attacks

In order to avoid infection, users should quickly install any security updates as soon as possible. In addition, only downloading apps from recognized and official app stores can reduce the chances of installing an infected program on a mobile end device.

It’s also imperative to have the right security in place. Trend Micro’s Mobile Security is an ideal solution, and can be particularly helpful when applied in an enterprise setting. Click here to learn more.