Mobile Malware and Malvertising are on the Rise

[fa icon="calendar"] May 11, 2016 8:52:59 AM / by David Geer

blog-phone-infected.jpg

In March, attackers set loose malvertising that infected 288 websites based in the Netherlands. Its payload, the Angler exploit kit is one that cyber crooks often use to inject CryptoWall 4 ransomware. This series of infections was only one of many recent cases of malvertising mayhem. Others include the attacks on The Pirate Bay and on Android devices.

Malvertising attacks are rising, appearing with increasing frequency in the news media while news sites such as the BBC, The New York Times, the Hill, MSN, AOL and NewsWeek also rank among victims of  infection from the malicious ads.

Malvertising can hijack legitimate ad space on websites, replacing real advertising with bogus ads and infected links or inserting infected links into legitimate ads. Cyber thugs use malvertising to launch ransomware attacks, add devices to botnets or inflict networks with APTs. Malvertising appears in Web browsers on devices including smartphones and so crosses into the domain of mobile malware.

Mobile Malware Metastasizes

Mobile malware is a growing concern as the number of apps users download multiplies. Users are granting access and privileges to new apps daily, enabling them to log in to personal, financial and retail accounts where PII, savings, investment, and credit card data reside. This can give infecting malware the same access as these apps.

As the “Modern Day Malware Primer” from Moses Hernandez demonstrates, Malware has not been a simple problem for a long time. With the increasing consumers of malware such as nation-states, cyberterrorists, crime syndicates, and hacktivists and with malware’s growing use cases such as for corporate espionage and financial gain through identity theft, the insidious software has become the poster child for Internet-borne break-ins.

Among the many other forms of mobile malware such as those that launch DDoS, Ransomware and bank hacking attacks are examples where criminal developers have purposely insinuated malicious code deep inside mobile apps they create or clone for the Goolge’s Play store and for unsanctioned app stores where users go to get apps of questionable provenance. These apps are a primary social engineering platform for hoodlum hackers who want users to eagerly download mobile malware, bypassing security measures, many of which users void when they approve the app and its privileges on their device.

Cybersecurity That Is Mobile Threat Capable

Security should use cybersecurity technologies like next-gen, signature-based port scanning, integrated IDS/IPS, application analysis, and stateful deep packet inspection tools to protect data that crosses networks and devices together with granular BYOD protection and optional MDM protection for the wireless and mobile counterparts, both BYOD and corporate, securing devices across mixed mobile deployments.

Because mobile devices are full computers with the same or similar attack vectors, cybersecurity should apply all the same behavioral- , exploit-, and data- analysis to mobile data security that it does to protecting corporate information anywhere else.

Appropriate cybersecurity measures should recognize attempts by malvertising infections to call back to the Internet to retrieve executable files used in ransomware attacks. It should detect and address threats like botnets, C&C traffic, and DDoS attacks. Cybersecurity should detect what malware is attempting to accomplish by recognizing atypical data movement. This can help identify even stealthy APTs.


Read the Miercomm Report on Technology to Stop Mobile Malware

Download Now

David Geer

Written by David Geer

David Geer writes about security technologies for CSOonline.com and other publications. His website is www.davidgeer.com