Documente Academic
Documente Profesional
Documente Cultură
New Channel
Mobile Malware Adapting PC
Threat Techniques
May 2014
Table of Contents
Introduction 3
PC Threat Techniques Expanding to Mobile
Mobile Malware
Conclusion
|2
Introduction
As the number of cell phones exceeds the number of people on our planet, businesses are quickly embracing
mobile technology. According to Juniper Research, consumers see the advantage of accessing banking
capabilities from their mobile device, with mobile banking users expected to exceed 1 billion in 2017.1
Banking customers enjoy the flexibility to transact and interact with their financial institution whenever and
wherever they want.
Unfortunately, mobile fraud is also gaining ground as cybercriminals increasingly target this channel. Malicious
code infects more than 11.6 million mobile devices at any given time. 2 End users are falling victim to this
growing mobile attacks.
|3
Mobile Malware
Mobile devices can be infected when users access malicious or compromised websites with exploit code
that targets mobile browser vulnerabilities, also known as drive-by downloads. In these cases, a malicious
application is downloaded and run transparently so that the user never sees any suspicious activity on
the device.
Recently, an Android banking Trojan called SVPENG was discovered targeting Russian and European
financial institutions. SVPENG represents a significant advancement for mobile malware. This attack directly
targets mobile banking application users by tricking the victim into providing his/her credentials by using a
common PC malware technique called an overlay attack. In this attack, the malware on the infected device
waits for the user to open the banks mobile application. Once the malware identifies that a mobile banking
application session is starting it displays a screen on top of the application (hence the term overlay)
that mimics the look and feel of the banks application, but is in fact, a fake page. This forces the user to
|4
unknowingly interact with the malware generated page, thinking it is the real banks page, and provide the
banking credentials. While this is not an HTML injection, it is a significant jump in mobile malware capabilities
and represents a PC-grade mobile malware.
|5
|6
functionality based on device risk level; for example, by limiting specific application functionssuch as adding
a payee or transferring moneyon a jailbroken device. Typically, no single device risk factor is conclusively
indicative of fraud, but when multiple device risk factors are correlated with additional account risk factors,
fraud determination becomes far more conclusive.
Device risk factors are an important component of the Trusteer Mobile Risk Engine analysis, and they
also provide device-level protection before such analysis. Again, whether device risk factors are taken
individually or in combination, their analysis may lead a financial institution to deny account access, restrict
account capabilities or require additional authentication. Furthermore, offering end users the option of
self-remediation allows the institution to better protect itself and its customers while providing exemplary
customer support.
Device-level protection or account-level analysis alone is helpful, but correlating these two protection layers is
a very effective way to reliably and accurately identify mobile fraud.
|7
In addition, the Trusteer Mobile SDK creates a persistent mobile device ID allowing the financial institution
to uniquely identify any device using the native mobile banking application. The persistent device ID is
associated with the users account and uniquely identifies the device, even after the application has been
uninstalled and re-installed. This helps ensure that new devices are identified, login attempts from known
devices are unchallenged, and potential fraudster devices are flagged.
Figure 3: Trusteer Mobile App (Secure Browser) notifies the user of the device security risks. In this case, the
device has been rooted and malware has been detected.
|8
With the Trusteer Mobile App, users can view their device security status via a dedicated dashboard that alerts
users of their device security risks. Indications of malware infection, unsecure wireless connections and other
security risks are identified. The user can resolve these risks by following step-by-step remediation guidance
provided by the application.
Conclusion
Todays mobile devices lack security to stay ahead of the evolving mobile threat landscape. Cybercriminals will
continue to target the mobile channel with sophisticated attack techniques and new emerging techniques
in the mobile channel, such as targeted mobile application phishing attacks and customized malware. With
the rise of mobile risks and attack techniques, its even more important to have a dynamic, integrated fraud
prevention platform. As fraudsters continue to innovate and extend PC threat techniques to the mobile device,
the ability to quickly recognize changes in fraud risks and rapidly deploy appropriate risk mitigating responses
is absolutely essential to helping to secure the mobile channel.
|9
1. http://www.juniperresearch.com/viewpressrelease.php?pr=356
2. http://www.infosecurity-magazine.com/view/36686/mobile-malware-infects-millions-lte-spurs-growth/
| 10
Old Techniques, New Channel | Mobile Malware Adapting PC Threat Techniques, 2014, May, 2014
Trusteer, an IBM Company
545 Boylston Street, 5th Floor
Boston, MA 02116
T: +1 (866) 496-6139
T: +1 (617) 606-7755
trusteer.info@us.ibm.com
trusteer.com