07.30.13

July 2013: 10% of home users and 0.5% of mobile users are infected

As per the second quarter of 2013, 10% of home users that use wide network broadband and more than 0.5% of mobile devices connected to cellular networks are found infected with malware that allow hackers to break into the devices for industrial espionage or personal information theft, large scale of spam attacks, creating a denial of service attack (DOS) and deceptions of financial institutions.

Most of the threats that were found are associated with Spyware software, aimed at extracting information from the infected device, which poses a significant threat to business and governmental organizations that encourage the trend of BYOD (Bring Your Own Device) and allow their employees to integrate their personal mobile device in the organizational network. A large part of these threats are not recognized by most anti-viruses.

More findings are, 6% of home user networks contain a high level threats such as bots, rootkits and Trojans. 5% contain a more moderate threats, such as spyware, adware or browser hijacking.
The most popular malware is the ZeroAccess botnet, which owns 0.8% of the devices connected to wide broadband networks. This threat uses rootkit technology to disguise itself from disclosure, and may download additional malware advertising scams that are recorded as “clicks” on many of the advertisement windows, in order to generate revenues to the advertising networks and the hackers themselves.

Most infected mobile devices are Android phones and computers running the Windows OS connected through mobile phone network (tethering), or cellular modem accessory for mobile connection (such as MiFi).

An attempt to prevent malware combination in the Android applications stores, Google has integrated a mechanism that should indicate whether an application is “kosher” using a special signature. Although the operating system checks the application when installing, it does not try to determine whether the signature is legitimate, and even authorizes old signatures. This allows hackers to put all kind of threats under a signature, including Trojans hiding inside common software versions.

In addition, the signature is checked only when you install the software, but not every time the program is executed from the device. We have previously documented cases where APK files (that are running the application) have been changed and injected with a malicious code, after they have already been installed, without the operating system warning the user about it.