The growing mobile malware scourge makes news every month. Perhaps you’re one of the lucky folks who’s never had an experience with fraud or malware, but fraudsters who make a living with it are reaching new lows these days. If your data’s being siphoned off, your privacy invaded or your money being swallowed up, how would you know? Here are a few things to keep an eye on.
Has your phone’s behavior become slow or erratic? Does it act sluggish when performing the same functions it did rapidly in the past? Is its battery draining at a more rapid pace than usual?
If malware has entered your phone’s system, it could be performing activities in the background, such as placing unauthorized text messages to premium numbers, sending out bots that gather and transmit your contact information, or other mischief.
Do you notice when you’re talking on your phone that your calls get disturbed or even dropped completely, for no apparent reason?
Same answer. Each form of malware has a specific task, whether it’s a bot that collects and sends out your data to a remote location, or a Trojan that opens up and releases viruses, or bots that have specific jobs. Bad code is programmed to go to work once it’s downloaded and receives a pre-determined signal to wake up. What you could be noticing is background activities that are interfering with your phone’s normal functions.
Check your phone bill carefully. Are there charges for SMS messages you know you didn’t send, or are small charges appearing that you can’t explain?
Some malware has the ability to dial out text messages from your phone to “premium” numbers, which automatically charge you for the call. This can be happening repeatedly without your knowledge. This happens in the background – you don’t see or hear it happening, but you’ll see the charges on your bill – they can become very expensive if they aren’t caught early. Small charges on your bill might indicate that your account’s being tested for viability.
As a matter of course, always check your credit card and bank statements. If you’ve downloaded malware that might have stolen your passwords or financial data, you could see your credit being used for things you never dreamed of buying.
Before you download apps, take a moment to look up reviews, and make sure you get all your apps from reliable sources, such as Google Play. Never, ever accept a free app, and try to avoid clicking on spammy ads and offers. Educate yourself about URLs, and how to spot one that doesn’t look right. Finally, don’t respond to any SMS messages, voice messages or emails from a sender with whom you’re not familiar.
Strong mobile security protection can prevent any form of nasty malware affecting your phone. With just a single download you can cross malware concerns off your list. Do it today, and relax about malware.
How smarter criminals are coming after your personal information
By now, most everyone has heard the story: on April 23rd, the AP’s twitter account was “hacked.” The tweet, which was a fairly obviously fake, still managed to send Wall Street into a panic. The Dow Jones Industrial Average dropped 145 points in 2 minutes.
The media flurry following this recent “attack” centered around the effect of social media on world markets. One little piece of misinformation had the power – albeit incredibly temporary – to spur a stock sell-off and make the dollar tumble.
What hasn’t been widely discussed is that this wasn’t the result of hacking like most people think about hacking. It was the result of carefully executed, targeted phishing campaign, or as it’s now called, “spear phishing.” The offending email looked legit. It didn’t come from a Nigerian prince. It wasn’t full of grammatical errors. Instead, it was a sophisticated message that targeted a specific group of people with a link relevant to them and appearing to come from a colleague. And it was a good enough fake that someone fell for it. And the rest is history.
The Reality of the Threat Landscape
So why is this important? It highlights the reality of the threat landscape.
The week prior to the AP spear-fishing attack, my company, NQ Mobile, released our 2012 and Q1 2013 mobile threat reports. The key takeaways of those reports were:
The number of threats is increasing
Threats are getting more and more sophisticated
Social Engineering tactics are increasingly being leveraged by malware developers
One of the main methods of infection is through malicious URLs
The AP Twitter hack gives us a perfect example of where things are headed. And that was executed, we assume, through a PC. Such a threat would be even more difficult to detect from a mobile handset. On a PC, the real URL will generally display when you hover your mouse over it, regardless of the text of the link. On a mobile device, the URL is generally concealed, making this type of scam incredibly easy to fall for.
When mobile security companies such as NQ Mobile release reports of malware discoveries, we often get accused of “fear mongering.” NQ Mobile’s Security Labs includes over 200 security experts. In addition to discovering and breaking apart new forms of mobile malware, our experts investigate key communication and collaboration channels populated by hackers and malware authors. It’s through these inspections that we spot trends or new malware tricks before they can be pushed out to smartphone users around the world.
It’s in these forums, IRCs and newsgroups where NQ Mobile has discovered a troubling trend. While it likely hasn’t affected you, we’re offering the example as proof that these threats are real. Let me introduce you to the “Carder Kids.”
Young hackers, aged 13-20, are using a combination of mobile malware and social engineering to scrape credit card numbers, PayPal logins and other financial data from mobile devices. This information is then sold to “money mules” whose expertise lies in turning “virtual money” into real money.
NQ Mobile’s “Dark Web” experts have been chatting with these carders on underground forums where they buy and re-sell the bricks necessary for their scams. While they are located all over the world, we find a predominance coming from Russia and Eastern Europe domains in particular. Think Anonymous and you get an idea of the structure – there is none. Most don’t have any links to organized crime. Some even have “real” jobs and are just cloning credit cards for extra cash. In fact, most of these young hackers make very little money from carding.
So how does it work? Generally, “getting carded” starts with malware that will pirate a device’s contact book, notes (where people frequently store account data) and SMS data. This data is then used by hackers to socially engineer SMS and email spear phishing scams. When they collect sensitive financial data, it is frequently placed on the open “dark markets” for bidding and/or purchase by the “carders” who then sell the information to the “money mules.”
Money mules are generally older than the “carder kids,” but they have the skills needed to turn virtual money into real cash. They are most interested in account and CVV data along with full card “dump” files. A dump file contains all the data that is stored on your credit card’s magnetic strip. What might surprise you is that the mules actually transfer their financial rewards into legal bank accounts!
Full credit card information, PayPal logins, etc., are bought and sold in underground markets for anything between $2 and $5 each, usually using e-gold for payment. Most of the credit cards are bought by packs.
Then there is what we call “dumping.” This is when a fraudster steals credit or debit card information to commit financial fraud in a person’s name. In most instances this type of data is physically collected rather than through the Internet and or mobile. The card information, for example, can be skimmed almost anywhere and at any time – some of the more popular skimming locations are shops, restaurants, railway stations, gasoline stations and ATM machines. This card information is then sold on the dark market as “dumps.”
The point of the story is that mobile security isn’t just about protecting you from viruses. Threats don’t only come in the form of malicious applications that one inadvertently “sideloads” onto his or her device. Mobile security is also about making sure your data is protected.
It doesn’t matter whether the economic climate is good or bad, there is always a market for fraud. The marketplace for carding is growing and will continue to grow. And as the engineers behind these types of attacks get smarter and smarter, we can only expect to see them more and more often.
At NQ Mobile, we like to occasionally refresh our readers’ collective memory about safe smartphone practices. Follow these tips to diminish the chances of a privacy breach, malware invasion or ID theft.
Passwords: Passwords should be based on something obscure, like the initials of a favorite quote or personal mantra. Incorporate at least one special character, at least one number, and don’t use the name of your pets, kids, street name, company name or any other easy-to-guess word associated with you. Make sure to change your password frequently.
Updates: Download security updates when you’re prompted. Keep your phone current.
Phone lock: Keep the phone on a short leash with an auto-lock that will kick in after just a few minutes. If you leave your table to get a coffee, it won’t be vulnerable to prying eyes.
Social Networking: Don’t overshare – be careful not to post addresses, phone numbers or information about vacations, family or other tips for potential identity thieves, stalkers or bullies. Checking-in may be fun for your friends, but it also tells stalkers and other predators where you are. Forego it, if you can.
System: Keep your phone clean by deleting any data that doesn’t need to be there.
Notices: If you receive an urgent message from a bank or financial institution, do not click on it or provide any of the requested information. These flash messages often want you to think your account’s in jeopardy and that you need to re-enter your private data. It isn’t, you don’t – and you shouldn’t.
Permissions: Learn to read permission agreements, end-user license agreements and terms of service agreements to make sure you’re not giving away private data when downloading new apps. And while you’re at it, teach your kids what to look for.
Wi-Fi: Public Wi-Fi hotspots are often an easy target for cybercriminals. Make sure you’re working within a secured network. Hotels, coffee shops and malls are often the worst places to go online. Merchants don’t always provide super-tight WiFi security because they don’t want to require passwords, and they want to accommodate every kind of device. Besides, a good cyber-criminal knows how to break most Wi-Fi systems.
Security: Always use a strong mobile security product to keep out the viruses, malware and fraudulent demons that tend to slip into your phone’s system when you do a lot of web surfing.
When you dispose of a phone, be sure it’s wiped clean of all data.
You wouldn’t invite strangers to comb through and memorize the information in your wallet. Your best bet is to regard your smartphone as a receptacle of your personal and private life, and treat it accordingly.
Do you have stories that involve privacy with a smartphone? We’d love to hear from you. Join us on our Facebook page, or leave a comment on our blog.
Most mobile users know that apps frequently collect private information. While it’s true some people aren’t aware of it, most who are aware tend to be indifferent to the idea. But, don’t we deserve a little more info about what app makers actually do with the data they extract from our mobile devices?
An article by NBC’s Bob Sullivan describes a flashlight app that tracks a smartphone user’s location. It was surprising to many folks to find out that such a handy, seemingly harmless app would be tracking their physical whereabouts, and you have to wonder why an app as simple as a flashlight would need to know that. What’s more distressing is many apps collect device IDs, photos, contacts and even our gender.
Jason Hong at Carnegie Mellon University’s Human-Computer Interaction Institute revealed that users don’t care as much about what apps do with our data, as we do about being kept in the dark and being surprised about it. When seemingly innocuous apps want user data like our geographical location, like the “flashlight” example, it’s a natural response to be suspicious.
Here are a few reasons why personal data is collected:
Your data can help app makers to make important decisions related to future feature enhancements. These features may help the app to work for you in a more personalized way.
Some apps gather your personal data so that they can target specific ads to you. If your data shows you meet certain criteria, advertisers will tailor their marketing efforts accordingly.
In the case of a malicious app, your personal data could be sold or used for illegal purposes. For example, this type of app might send text messages without your consent to premium numbers. In such instances some users have reported being charged as much as $10 per message. Getting access to your contact list can be a goldmine for malware authors and spammers.
Data gathering doesn’t always have a sinister purpose, but unfortunately we usually aren’t informed why it’s needed. It’s reasonable to wonder how our private information will be used.
Although not required to say why, mobile apps most often warn us when they’re going to collect our information, and they often even specify what data they’ll take. The downside is that we aren’t given a choice – we can either agree to the exchange of data, or pass on downloading the app. That’s not satisfactory to most of us, and perhaps it will change eventually. But, for now, developers aren’t required to give us a choice and the research shows most of us are still willing to take the risk.
As users, what’s the best practice? Make it a habit to read the permission screens on all apps you download. Make a conscious decision about whether you want to give away the information wanted by the app. If you can’t understand or interpret the permission screen, go to the apps’ website, if it has one, and see if you can get more information before downloading. Make sure you have a strong mobile security app on board to catch any malicious code.
Have you used apps that surprised you with how much or what type of data they want to collect? Tell us about your experiences on our blog, or join us on Facebook.
Computers and Smartphones aren’t so much like apples and oranges as we may have thought. Researchers at NQ Mobile Security Center identified and confirmed a surprising new threat that showed up last month on Google Play.
We all know that syncing up your mobile gadgets using your PC’s USB port is important for keeping your personal tech environment in good order. But could an electronic infection be exchanged in the process? Apparently, yes.
Here’s how it works
Security experts discovered that a new malware was able to hijack a legitimate Android cache-cleaning app. The malware came to life when a mobile device was synchronized with a PC using the computer’s USB port. You know how when you plug something into a PC port or drive, the “auto-run” feature kicks in? This malicious app delivered a “USB AutoRun Attack.”
Here’s what it can do
This sinister variety of malware can be designed to target the Autorun.inf file in your Windows-based computer system, sending worms or Trojans across that try to load a rootkit. The worm tries to copy itself to all the PC’s drives, including removable ones such as flash drives, as well as mapped network drives. Some of these treacherous worms will also try to disable your Windows anti-virus software.
This type of malware is able to deliver multiple instances of something used by Windows called “svhosts.exe” files to your computer during the mobile syncing process. Through an engineered “back door” to the files, cyber criminals can gain access to a PC, and download files that steal data and capture keystrokes–-such as bank account numbers. The data is typically encrypted and sent to locations such as the Ukraine, Russia or Brazil. The virus can store its ill-gotten treasure on your phone’s SD card, or any other non-system Android folder in your mobile device’s memory.
If you make your living developing mobile malware, and you spend hours looking for ways to quickly and efficiently multiply your demons, it would make logical sense to design them so they are able to transmit themselves between a PC and a mobile device. It was only a matter of time. Experts call this kind of exchange a “cross-platform attack.” Makes sense.
What to do
Mobile security apps provide ongoing protection beginning before the download of apps and software. NQ Mobile Security™ detects and quarantines this malware prior to installation of the malicious files on an SD card.
Given the malware threat posed by the Autorun.inf file, here’s some info that may help:
Windows XP/Vista users:
Have you downloaded this February, 2011 Windows patch? “AutoRun disabled by default”?
As the world’s largest mobile security provider, NQ Mobile believes families should possess the most comprehensive knowledge base on all aspects of mobile security and privacy when using Android, BlackBerry, Symbian, Windows Phone and Apple iOS devices. NQ Mobile aims to inform and educate families on the current and future threats and suggest simple methods on how to stay safe and free from unwanted charges when using a mobile device.
Join the discussion on Facebook or comment on our blog. We’d love to hear from you.
NQ Mobile’s Security Research Center has unearthed a nasty piece of malware called “Bill Shocker.” Using our proprietary RiskRanker™ cloud scanning engine, our engineers have confirmed this disturbing discovery.
What makes it shocking? First, it’s potentially one of the most costly viruses yet discovered. In addition, it’s already impacted over 600,000 users in China, and presents a potential threat to Android devices worldwide.
How this particular infection spreads
Bill Shocker is an SDK-type virus (Software Development Kit). Our experts, using NQ’s RiskRanker system, found the virus attached to several of the most popular mobile apps in China, including Tencent QQ Messenger and Sohu News. Third-party online app stores and retail installation channels are distributing the infected versions of these apps, which is allowing them to spread like wildfire.
What Can Bill Shocker Do?
Bill Shocker malware silently downloads itself in the background of your mobile device without your knowledge. It takes remote control of the device, including your contact list, Internet connections, dialing and texting functions. Once it’s turned your phone into a “zombie,” it sends text messages that create financial gains for advertisers. In many cases, the threat will overrun a user’s bundling quota, which subjects you to even more unwanted charges.
NQ Mobile’s RiskRanker system identifies potentially dangerous apps before they have the opportunity to impact users’ phone bills. RiskRanker determined that the Bill Shocker malware is capable of upgrading itself and automatically expanding to other apps, multiplying its potentially disastrous effects.
What we’re doing about it
Because Bill Shocker can be used to send costly messages remotely, NQ Mobile believes it poses a serious threat to Android users.
We’ve already inoculated our cloud-based NQ Mobile Security product to keep our customers safe.
As a public service, NQ Mobile has posted an anti-malware app to help protect all Android users. It can be found here.
Our researchers have alerted Chinese mobile carriers of the threat to prevent the spread of these kinds of threats. We’ve also provided our RiskRanker cloud-scanning engine to China’s top mobile carriers including, China Mobile and China Unicom as well as Baidu Mobile Services, to help them prevent any further spread of malicious mobile viruses.
NQ Mobile technology helps to curb the spread of malware such as Bill Shocker and variants across borders and oceans. However, this is an important reminder that these threats are very real and can have devastating effects. With its proprietary threat detection system that includes the collective intelligence provided by users in more than 150 countries, NQ Mobile finds most threats before anyone else.
Our tips to avoid mobile infection
To avoid becoming a victim of mobile malware, our experts ask you to follow some common-sense guidelines for smartphone security:
1) Only download applications from trusted sources, reputable application stores, and markets, and be sure to check reviews, ratings and developer information before downloading.
2) Never accept application requests from unknown sources. Closely monitor permissions requested by any application; an application should not request permission to do more than what it offers in its official list of features.
3) Be alert for unusual behavior on the part of mobile phones and be sure to download a trusted security application that can scan the applications being downloaded onto your mobile device. NQ Mobile Security users are already fully protected from the “Bill Shocker” threat.
NQ Mobile Security™ for Android is available for download from our website, and on Google Play.
It’s here again – that time of year when bargain holiday shopping kicks into high gear. More of us are shopping online than ever before. Who wants to fight the crowded malls, bad weather and jammed up traffic? But, don’t forget — it’s important to know the safety rules when you’re tracking down those Black Friday and Cyber Monday bargains.
Holiday scams in past years include fake websites touting reduced-price merchandise, fake virus alerts, fake bank notices wanting you to re-enter your private information, offers for the season’s hottest item at unbelievably low prices, and ads that, when they’re clicked, silently place premium calls at your expense.
So, put on your favorite holiday music, pour a cup of something, and learn these tips to make your shopping experience safe, enjoyable and problem-free.
Don’t make purchases from unsecure websites or payment screens. Always look for the green lock symbol next to the URL to be sure you’re on a secure sight. If you don’t think the payment apparatus is secure, try giving the company a call to place your order.
Ignore offers for free merchandise. Nothing is truly free, and these sites are most often loaded with malware or viruses that can make you wish you’d never clicked on them. Don’t forget, cybercriminals need holiday money, too. Make sure it’s not yours.
Have a super-strength mobile security product downloaded on your mobile device before you begin your shopping. You’ll never have to worry about being on an unsafe site or downloading an app that might be trying to trick you.
Use one specific credit card for all your online shopping, and avoid using debit cards if you can.
Why re-invent the wheel? Look at online deals websites that compare prices and products. Sites like dealnews.com, techbargains.com and slickdeals.net do all the pricing work for you - you’ll have your shopping done in no time.
Buy from reputable dealers. Fly-by-night retailers are in full swing at this time of year. Check for warranties, guarantees and customer support services.
Before you place your order, make sure the shipping costs for your purchase aren’t more expensive than the item itself.
Use NQ Mobile’s Vault, a super-safe cyber-locker app, to keep messages about holiday surprises private!
Use all that extra time you’ve saved to have fun with your friends and family. Holidays can be much less stressful when you go online safely during Black Friday and Cyber Monday to shop – the deals are fabulous, and the peace of mind – immeasurable.
Our NQ Mobile research team has discovered a mobile phone virus called Fake Angry Birds. Within a half day after we confirmed it, over 7500 mobile phones were hacked. The majority of victims live in China. But the United States was also impacted The virus rides along on the upgraded version of Flow Killer, and can result in significant charges to victims’ mobile bills. Our researchers are advising smartphone users to be careful when downloading Angry Birds or other games, as they’re hot targets for scammers.
Star Wars Angry Birds is coming soon
Angry Birds Star Wars is set for a November 8 release date and, based on past experience, we can expect a malware-loaded version to hit the market immediately afterward.
Recent history tells us that every release of Angry Birds for Android is followed almost immediately with a fake version of the app that contains malware. It’s a proven pattern that a tainted version comes out within 24 hours of each new version. Knowing that, it’s almost guaranteed that it will happen again when Angry Birds Star Wars is released next month.
How do you know if you have the real thing?
A powerful mobile security package will alert you before you download a malware-loaded app. NQ Mobile Security protects you from viruses like the one in China, and malware like we’ve seen in the past in the Angry Birds app. Catching and eliminating an infected app before it’s able to reach your smartphone is like a reprieve from the abyss – malware can cost great sums of money and a lot of headaches.
When you go to download the new Angry Birds Star Wars app, you’re likely to see more than ten download offers. You won’t know which one is clean and which carries a payload of malware. Make sure you get your apps from a trusted source, and don’t opt for free apps – they almost always contain more than you’ve bargained for. But most importantly, download NQ Mobile Security today – it’s free – and it will take the guesswork out of installing that new AB app you’ve been waiting for! If you try to download a malicious game or app, NQ Mobile Security will tell you it’s not safe. Problem solved!
We at NQ Mobile aren’t the only ones working to raise public awareness about mobile security. The federal Government Accountability Office (GAO) has been looking into mobile security issues, and they’re not particularly pleased with what they’ve found.
The GAO agency recognizes that mobile malware has, primarily, a couple different means of infiltrating our phones and tablets. One is through taking advantage of design flaws or gaps in the devices’ operating system and the use of downloaded apps. The other is through simple inattention on the part of us, the users.
However, is it lack of attention, or just a matter of simply not being aware? We’re bombarded with so much information every day — it’s interesting to wonder how many people actually take the time to educate themselves before turning on their new smartphones. After all, once you’ve had one, you pretty much know what you’re doing, right?
We need to know
The sad truth is that too many people are still not aware of the need for mobile security on their smartphones. As the GAO mentions, NQ’s Consumer Study(conducted with NCSA) showed that a large percentage of smartphone owners don’t know enough about mobile security to even be aware of whether or not they need it. The rate of mobile malware incidents reportedly soared a whopping 185% in ten short months. Smartphones have flooded the market, and you probably either have one or know someone who does.
Let’s review some of the standard safety practices for good mobile security:
Implement a strong password and let the phone lock down after a short period of idleness.
Use different passwords for different functions, especially financial transactions.
Always have a powerful security app downloaded to protect you from malware before it can even reach your mobile device.
Be sure to have a strong loss and theft system set up in your phone. If you lose your phone or give it away, wipe it clean of all data first.
Don’t respond to free app offers or to text messages or voicemails from anyone you don’t know.
Learn to read permission screens on apps so you don’t give away more than necessary.
Avoid public Wi-Fi hot spots when possible.
Don’t overshare. Stop and think before you post personal information.
Keep your phone clean of anything you don’t absolutely need to store on it, or at least keep private stuff safe in an impenetrable app.
Update your system regularly.
These are just some of the safety tips we need to remember. Being good mobile citizens, we want to prevent the spread of malware in every way we can. Let’s take responsibility for our mobile habits and keep cyber thieves from lining their pockets with our hard-earned money.
Has your phone been invaded or compromised by malware? Share your stories with us on our blog or on our Facebook page. Or send us a message on Twitter. We’d love to hear from you.
NQ Mobile researchers discovered yet another malware threat for Android this week. Much like last week’s discovery of DyPusher, this one, called VDLoader, has an added feature – it pushes infected apps and URLS, but also pushes its own upgrades.
What is it?
To refresh your memory, an app-pusher is disguised malware that “pushes” unwanted apps and URLs into your smartphone’s system, obeying commands from a remote server. This one masks itself on your phone as an SMS text message. Once you click on the details of the fake message, it goes to work downloading infected apps.
Our scientists say VDLoader not only causes unnecessary consumption of data leading to potential financial loss, but introduces some serious security threats to your Android phone, as well.
How can you tell if VDLoader’s in your smartphone?
Unfortunately, you can’t. You won’t see an icon or any other evidence of VDLoader on your phone. You’ll only see fake text messages from unknown senders. This malware kicks into action once you click on a link within the SMS message where it’s hiding.
What to do?
NQ Mobile Security users are already fully protected from VDLoader and all other malware threats. If you don’t have a powerful mobile security application on your phone, we recommend that you take the following precautions to prevent any damage from VDLoader (and other threats):
Avoid and delete uninvited or unfamiliar text messages. If you do open one, don’t click any links contained in the message.
Only download applications from trusted sources, reputable application stores, and markets.
Be sure to check reviews, ratings, and developer information before you download anything.
Look out for unusual behavior on your smartphone, such as your device shutting down unexpectedly or displaying constant pop-up messages.
Download NQ Mobile Security for Android today to make sure you’re protected against mobile malware and other privacy threats.
Do SMS (text) messages ever show up on your phone from unfamiliar senders? What do you usually do with them? Have you ever been stung by SMS malware? Tell us your stories about unwanted text messages here on our blog, or on our Facebook page.