Date: 2014-04-14


F-Secure has studies mobile threats in the 3th quarter of 2013 in a report. You can see the important parts of the report in the following post.


Mobile Malware Statistics

New mobile threats families and variants discovered in Q3 2013, broken down into types.

NOTE: No new adware families or variants were discovered in Q3 2013; new families or variants of other PUA types (e.g., Spyware, Riskware) were recorded during this same period.

Comparison between new threats discovered in Q3 2013 that are profit-motivated versus non-profit-motivated ones.

Comparison between new threats discovered in Q3 2013 that connected to C&C servers versus those that did not.


Threats Highlights


This malware takes advantage of the Masterkey vulnerability in Android, which allows attackers to make changes to an app’s code without affecting the cryptographic signature used to check the legitimacy of an app.


Similar to rogue anti-spyware programs found on PCs, FakeDefender is a rogue anti-spyware program for the mobile device. The program does not provide the scanning or malware removal functionalities as claimed.


Once installed on the device, Obad variants gain administrator privileges and uses an exploit to break through the Android operating system’s security layer. Obad collects and sends the following details about the device to a remote C&C server: the Media Access Control (MAC) address and IMEI, the operator name, the time and root access. The C&C server is also able to issue commands to the installed application, including to send SMS messages, make the device act as a proxy or a remote shell, launch a URL in the mobile browser, download and install additional components, get the Contact list as well as further details of a specific installed app and send a file via Bluetooth.


A Bot capable of receiving commands to send SMS messages and change or update its C&C server.


Generally this malware monitors the user’s SMS messages and steals the followingdetails from user’s phone: phone numbers, carrier and SMS. An interesting aspectof this malware is that it can receive the following commands through Google CloudMessaging (GCM):

• Send message

• Block call

• Get current location

• Observe

• Contact


The malware disguises itself as “Umeng” SDK library, a mobile analytic platform used by developers. The original application that was trojanized to create this appears to be a legitimate gaming app available on the official Google Play Market. Upon installation of this malware, affected devices are silently subscribed to a premium-SMS service, then SMS messages are sent to the service. Uten also performs click-fraud by emulating the user clicking on certain advertisements in the background.


This malware’s installation package contains two executables, one of which is responsible for downloading and installing the real payload silently, while the other executable kills any uninstallation attempts by terminating relevant processes. Typically, the kill list also includes some anti-virus vendors’ processes and network connection status indicators.

Android Malware Statistics

Total malware Count Against TOTAL detection count for Android Threats, 2012-2013

Android Threats by Category, Q3 2013

Top-15 Android malware receivedand identified in Q3 2013





بدون نظر
شما برای نظر دادن باید وارد شوید


تاریخ ایجاد: 25 فروردین 1393



امتیاز شما
تعداد امتیازها:0