When was the last time you ran a Windows PC without anti-viral protection? In fact, anti-virus and other forms of protection are so common on computers that we almost take them for granted. Things are not really the same for mobile phones and tablets. We hardly ever think about such solutions, and when they do come for the various phones, they bring shock and horror to all the consumers. In the run up to MWC, F-Secure has released its list of top 10 Android threats from the past year, and also one that we must watch out in 2016.
The complete release, as well as an infographic from F-Secure is for your perusal below.
Don’t let these top 10 Android threats infect your mobile world
Ahead of Mobile World Congress, F-Secure releases its list of top 10 Android threats from the past year – plus, a new threat to watch out for in 2016.
Buckinghamshire, UK – 18th February 2016: The top Android threats last year antagonised people by locking their devices for ransom and pilfering their money in SMS-sending fraud, according to F-Secure Labs. The Labs top 10 Android threat list of 2015 is out today, offering a new look at how attackers have been taking aim at users of the open source OS. As the tech world prepares to converge on Mobile World Congress, the list is a stark reminder of the need for security for all things connected.
The ransomware family Slocker rose to prevalence in 2015, taking the number two position just under 3 per cent of detections. Slocker encrypts a device’s image, document and video files, and then displays a message accusing the user of breaking the law by having visited pornographic sites. It demands the user pay a penalty of $500 (via a service like PayPal) to unlock the device. To further intimidate the victim, it claims it has photos of their face and knows their location. Slocker infects via porn-related apps, and also via spam emails claiming to be an Adobe Flash Player update.
Making up 15 per cent of detections, the older SmsSend family was the number one Android threat detected by F-Secure Labs in 2015. But it’s not the only SMS sending family on the list – further down are also Fakeinst, SmsPay and SmsKey. Attackers profit by setting up their own premium rate number. An infected device sends text messages to the number, racking up charges on the user’s phone bill and fattening the attacker’s wallet. These trojans infect either via apps posing as games in third party app stores, or via porn-related apps.
Rounding up the top 10 list are the information-stealing GinMaster, two exploits that obtain device root access and a backdoor that gives the attacker access to a device to do as they please.
Rising in 2016: malicious payment apps
As far as threats that could be gaining ground in 2016, Zimry Ong, senior analyst in F-Secure Labs, predicts malicious online payment apps will become more prevalent. These apps are pushed at the user while making a purchase on a perfectly legitimate website – one that’s been hacked.
“When you go to the checkout, instead of the usual checkout process, the website would push an app at you, asking you to use the app to complete your transaction,” Ong says. “If you do so, the attacker of course obtains the credit card and personal information you enter. Bottom line: if you’re shopping on a familiar website and there is suddenly a change from the usual checkout process, it’s a red flag that something is amiss.”
F-Secure will exhibit at Mobile World Congress 2016, showcasing products to enable “The Trusted Internet” on all your connected things and mobile devices. On display will be the IoT and mobile security and privacy products SENSE, Freedome and SAFE. Visitors to MWC who would like to speak with an F-Secure spokesperson can contact us to schedule a meeting. F-Secure can be found at Hall 6, Stand B60.