Around the globe, NQ Mobile’s team of security professionals are taking the pulse of the mobile landscape every day. They report back all the good news – like, about how we consumers are doing better at protecting our mobile devices – and sometimes they have some less-than-pleasant news to report. Unfortunately, that’s the kind of news they have for us this week.
Our researchers are noticing an increase in skilled hackers partnering up with criminals by selling them data that they’ve stolen. In turn, cybercriminals are using the info they purchase to get access to the finances of consumers like you and me. They use tricky methods that, in the mobile business, are called “social engineering.” In simple terms, they manipulate unwitting consumers into giving up their valuable confidential information.
This is amazing
Our professionals estimate that more than 10 million devices have already been infected in the first quarter of this year! Here are some of their key findings:
Over 32.8 million Android devices were infected in 2012 vs. 10.8 million in 2011 – a whopping increase of over 200 percent
The top five markets for infected mobile devices were China (25.5%), India (19.4%), Russia (17.9%), United States (9.8%) and Saudi Arabia (9.6%)
65% of malware discovered in 2012 falls into a broader category of Potentially Unwanted Programs (or PUPs). PUPs include root exploits, spyware, pervasive adware and Trojans (surveillance hacks)
28% of mobile malware discovered in 2012 was designed to collect and profit from a user’s personal data
7% of malware was simply designed to make a user’s device stop working (i.e., “bricking” their phones)
Our Co-CEO, Omar Khan, said “The security industry’s ‘discover-first-and-inoculate-second’ strategy is no longer enough,” said Omar Khan , Co-CEO, NQ Mobile. “We need smarter systems that can discover threats before they infect consumers as well as more education so consumers can better spot and avoid these new mobile scams.”
What we can do as consumers
The very first step we can take is to make sure we have the strongest mobile securityproduct available on our mobile devices. When purchasing a new phone or tablet, make this your first priority. If you already own mobile devices, take a moment to get them protected from all the viruses, scams and malware that have the potential to invade your privacy and steal your assets.
Cyber criminals get trickier every day. As consumers, we need to get ahead of them and become a cohesive force to thwart their illegal activities. Cyber crime is no joke. Don’t wait until it happens to you. No one’s exempt. Protect the privacy and well-being of your family and business as a first priority.
Computers and Smartphones aren’t so much like apples and oranges as we may have thought. Researchers at NQ Mobile Security Center identified and confirmed a surprising new threat that showed up last month on Google Play.
We all know that syncing up your mobile gadgets using your PC’s USB port is important for keeping your personal tech environment in good order. But could an electronic infection be exchanged in the process? Apparently, yes.
Here’s how it works
Security experts discovered that a new malware was able to hijack a legitimate Android cache-cleaning app. The malware came to life when a mobile device was synchronized with a PC using the computer’s USB port. You know how when you plug something into a PC port or drive, the “auto-run” feature kicks in? This malicious app delivered a “USB AutoRun Attack.”
Here’s what it can do
This sinister variety of malware can be designed to target the Autorun.inf file in your Windows-based computer system, sending worms or Trojans across that try to load a rootkit. The worm tries to copy itself to all the PC’s drives, including removable ones such as flash drives, as well as mapped network drives. Some of these treacherous worms will also try to disable your Windows anti-virus software.
Even worse…
This type of malware is able to deliver multiple instances of something used by Windows called “svhosts.exe” files to your computer during the mobile syncing process. Through an engineered “back door” to the files, cyber criminals can gain access to a PC, and download files that steal data and capture keystrokes–-such as bank account numbers. The data is typically encrypted and sent to locations such as the Ukraine, Russia or Brazil. The virus can store its ill-gotten treasure on your phone’s SD card, or any other non-system Android folder in your mobile device’s memory.
Not surprising
If you make your living developing mobile malware, and you spend hours looking for ways to quickly and efficiently multiply your demons, it would make logical sense to design them so they are able to transmit themselves between a PC and a mobile device. It was only a matter of time. Experts call this kind of exchange a “cross-platform attack.” Makes sense.
What to do
Mobile security apps provide ongoing protection beginning before the download of apps and software. NQ Mobile Security™ detects and quarantines this malware prior to installation of the malicious files on an SD card.
Given the malware threat posed by the Autorun.inf file, here’s some info that may help:
Windows XP/Vista users:
Have you downloaded this February, 2011 Windows patch? “AutoRun disabled by default”?
Lucky you! Microsoft fixed this issue with Windows 7 and 8, disabling the AutoRun feature by default.
A further option is detailed in our White Paper, which you can read here.
As the world’s largest mobile security provider, NQ Mobile believes families should possess the most comprehensive knowledge base on all aspects of mobile security and privacy when using Android, BlackBerry, Symbian, Windows Phone and Apple iOS devices. NQ Mobile aims to inform and educate families on the current and future threats and suggest simple methods on how to stay safe and free from unwanted charges when using a mobile device.
Join the discussion on Facebook or comment on our blog. We’d love to hear from you.
NQ Mobile’s Security Research Center has unearthed a nasty piece of malware called “Bill Shocker.” Using our proprietary RiskRanker™ cloud scanning engine, our engineers have confirmed this disturbing discovery.
What makes it shocking? First, it’s potentially one of the most costly viruses yet discovered. In addition, it’s already impacted over 600,000 users in China, and presents a potential threat to Android devices worldwide.
How this particular infection spreads
Bill Shocker is an SDK-type virus (Software Development Kit). Our experts, using NQ’s RiskRanker system, found the virus attached to several of the most popular mobile apps in China, including Tencent QQ Messenger and Sohu News. Third-party online app stores and retail installation channels are distributing the infected versions of these apps, which is allowing them to spread like wildfire.
What Can Bill Shocker Do?
Bill Shocker malware silently downloads itself in the background of your mobile device without your knowledge. It takes remote control of the device, including your contact list, Internet connections, dialing and texting functions. Once it’s turned your phone into a “zombie,” it sends text messages that create financial gains for advertisers. In many cases, the threat will overrun a user’s bundling quota, which subjects you to even more unwanted charges.
NQ Mobile’s RiskRanker system identifies potentially dangerous apps before they have the opportunity to impact users’ phone bills. RiskRanker determined that the Bill Shocker malware is capable of upgrading itself and automatically expanding to other apps, multiplying its potentially disastrous effects.
What we’re doing about it
Because Bill Shocker can be used to send costly messages remotely, NQ Mobile believes it poses a serious threat to Android users.
We’ve already inoculated our cloud-based NQ Mobile Security product to keep our customers safe.
As a public service, NQ Mobile has posted an anti-malware app to help protect all Android users. It can be found here.
Our researchers have alerted Chinese mobile carriers of the threat to prevent the spread of these kinds of threats. We’ve also provided our RiskRanker cloud-scanning engine to China’s top mobile carriers including, China Mobile and China Unicom as well as Baidu Mobile Services, to help them prevent any further spread of malicious mobile viruses.
NQ Mobile technology helps to curb the spread of malware such as Bill Shocker and variants across borders and oceans. However, this is an important reminder that these threats are very real and can have devastating effects. With its proprietary threat detection system that includes the collective intelligence provided by users in more than 150 countries, NQ Mobile finds most threats before anyone else.
Our tips to avoid mobile infection
To avoid becoming a victim of mobile malware, our experts ask you to follow some common-sense guidelines for smartphone security:
1) Only download applications from trusted sources, reputable application stores, and markets, and be sure to check reviews, ratings and developer information before downloading.
2) Never accept application requests from unknown sources. Closely monitor permissions requested by any application; an application should not request permission to do more than what it offers in its official list of features.
3) Be alert for unusual behavior on the part of mobile phones and be sure to download a trusted security application that can scan the applications being downloaded onto your mobile device. NQ Mobile Security users are already fully protected from the “Bill Shocker” threat.
NQ Mobile Security™ for Android is available for download from our website, and on Google Play.
Today Ars Technica reported that as many as 185 million smartphone users could expose their online banking and personal data through apps that have inadequate encryption protection — disturbing news for Android users.
Computer science researchers at two German universities identified 41 applications in Google’s Play Market that “leaked sensitive data as it traveled between handsets on the Ice Cream Sandwich version of Android and webservers for banks and other online services.”
Researchers were able to obtain bank account information and payment credentials for services such as PayPal and American Express, as well as info from Facebook, email messages, IP cameras and remote servers.
The results of the study were presented at this week’s Computer and Communications Security conference in North Carolina. Considering the number of apps being developed and released on the market every day, it’s not surprising there are glitches and loopholes, but it’s a bit unnerving to glimpse the depth of the potential for security breaches in apps we use every day.
We have tips. Lots of them. But, here are a few of the most important ways to protect your safety and security on your smartphone:
1) Always have a powerful mobile security app downloaded into your smartphone. We can’t stress this strongly enough. A simple-to-use app like NQ Mobile Security will prevent others from violating your privacy, and will catch problems before they ever reach your handset.
2) Use unique passwords for your financial transactions, and change them frequently. Let your phone lock after even short periods of idleness.
3) Don’t overshare on Facebook. Ever.
4) Look for reviews on apps you want to download, and purchase them from reliable sources. Not all app developers are as conscientious about security as they might be. Let’s do our homework.
5) Never ignore updates. Keep your equipment up to date and your system clear of unnecessary data.
It’s important to become educated about mobile security and safety. October is National Cyber Safety Awareness Month, and there are hundreds of resources available for families, educators and businesses for learning the best smartphone practices. Check out NCSA’s website for tips and learning materials, and see NQ Mobile’s Family website for even more information on how to keep your family mobile-safe.
NQ Mobile researchers discovered yet another malware threat for Android this week. Much like last week’s discovery of DyPusher, this one, called VDLoader, has an added feature – it pushes infected apps and URLS, but also pushes its own upgrades.
What is it?
To refresh your memory, an app-pusher is disguised malware that “pushes” unwanted apps and URLs into your smartphone’s system, obeying commands from a remote server. This one masks itself on your phone as an SMS text message. Once you click on the details of the fake message, it goes to work downloading infected apps.
Our scientists say VDLoader not only causes unnecessary consumption of data leading to potential financial loss, but introduces some serious security threats to your Android phone, as well.
How can you tell if VDLoader’s in your smartphone?
Unfortunately, you can’t. You won’t see an icon or any other evidence of VDLoader on your phone. You’ll only see fake text messages from unknown senders. This malware kicks into action once you click on a link within the SMS message where it’s hiding.
What to do?
NQ Mobile Security users are already fully protected from VDLoader and all other malware threats. If you don’t have a powerful mobile security application on your phone, we recommend that you take the following precautions to prevent any damage from VDLoader (and other threats):
Avoid and delete uninvited or unfamiliar text messages. If you do open one, don’t click any links contained in the message.
Only download applications from trusted sources, reputable application stores, and markets.
Be sure to check reviews, ratings, and developer information before you download anything.
Never accept application requests from unknown sources, and closely monitor permissions requested by any application. An application shouldn’t request permission to do more than what it says it will do in its privacy policy.
Look out for unusual behavior on your smartphone, such as your device shutting down unexpectedly or displaying constant pop-up messages.
Download NQ Mobile Security for Android today to make sure you’re protected against mobile malware and other privacy threats.
Do SMS (text) messages ever show up on your phone from unfamiliar senders? What do you usually do with them? Have you ever been stung by SMS malware? Tell us your stories about unwanted text messages here on our blog, or on our Facebook page.
NQ Mobile announced its discovery of a unique new app-pusher form of malware called DyPusher. We’ve seen other “pusher” types of malware before, so what makes this one different? A couple things. Stay with us here – it’s not as complicated as it seems.
You won’t see an icon for it because DyPusher’s disguised in your phone as a harmless system file, and it goes into action when your system’s booted. After uploading all the info about your phone to a remote server, DyPusher downloads “JAR” files to your mobile device’s system without your consent or knowledge. (A JAR file holds a number of files and resources in one place so that app software can be distributed on the Java platform.)
The job of DyPusher’s remote server is to compare your data with a list of installations, and to respond by sending back an encrypted string, which is actually a downloaded URL. DyPusher hides the string in a shared object file, decrypts it and — presto — a new app magically downloads itself from the Internet into your mobile device.
There’s a lot more technological trickery involved, but what does it all mean for us? It means that this malicious thug, DyPusher, will download unwanted apps from the Internet into your mobile phone’
NQ Mobile Security users are already fully protected from DyPusher and other malware threats. If you don’t have a powerful mobile security application on your phone, we recommend that you take the following precautions to prevent any damage from DyPusher (and other threats):s system without your knowledge or consent, causing excessive battery use and data flow consumption which, in some areas, can be expensive. Even worse, the malware steals your personal information, making it a privacy threat.
Only download applications from trusted sources, reputable application stores, and markets. Be sure to check reviews, ratings, and developer information before you download anything.
Never accept application requests from unknown sources, and closely monitor permissions requested by any application. An application shouldn’t request permission to do more than what it says it will do in its privacy policy.
Look out for unusual behavior on your smartphone, such as your device shutting down unexpectedly or displaying constant pop-up messages.
Download NQ Mobile Security for Android today to make sure you’re protected against mobile malware and other privacy threats.
Have unwanted apps appeared in your Android phone? What were they? What did you do about them? Share your stories with us on our blog, or post your comments on our Facebook page.
As predicted earlier this year, SMS malware incidents are growing in number, and especially for Android. NQ Mobile researchers found a couple of SMS scams this week that you should know about. SMS malware authors compete to make their malware not only profitable, but as sophisticated and undetectable as possible. Targeted at Android, these two are particularly nasty, so pay attention.
DSMSbot
DSMSbot’s a serious menace because it disguises itself as a system upgrade – and we all know it’s important to stay current with upgrades. As of today, clients report 77 infections. Here’s how it works.
A notice that alerts you to upgrade will appear on your phone. Once you give it the okay, the malware goes to work in your smartphone under the direction of its remote server.
DSMSbot’s remote server receives all the information about your phone including its IMEI number, model, operating system version, your contacts list and other information about you.
The remote server responds back with instructions and a premium number, which triggers a stream of secret dialing from you phone’s SMS system, costing you heaps of money.
In addition, this clever bot intercepts any notice that the SMS service might send to you that would tip you off as to its existence in your phone.
In the past, the premium numbers were typically embedded in the malware itself, however, DSMSbot receives the number and instruction only after its server has collected your information.
DDSpy
This malicious varmint, with only six known infections so far, disguises itself as G-mail and is reaching users through alternative app markets. You won’t see an icon for it because it hides within your app list, waiting quietly for instructions from its command center – a remote server somewhere at an unknown location. What commands does it receive from its remote source?
It configures an uploaded email address and decides what content to steal from it.
It can be ordered to upload your text messages, your call log and even records of your voice conversations.
It creates its own database of your stolen data, which it routinely sends in an orderly email to its remote server.
Our researchers found that DDSpy’s got an interface for GPS uploading – as yet unused, which is apparently part of its plans for the future.
Avoid SMS Malware
Our researchers predict that these discoveries foreshadow an emerging rash of SMS malware threats. Don’t forget these simple safety rules for mobile protection:
1. Only download applications from trusted sources, reputable application stores, and markets. Be sure to check reviews, ratings, and developer information before you download anything.
2. Never accept application requests from unknown sources, and closely monitor permissions requested by any application. An application shouldn’t request permission to do more than what it says it will do in its privacy policy.
3. Look out for unusual behavior on your smartphone, such as your device shutting down unexpectedly or repeatedly displaying pop-up messages.
4. Download NQ Mobile Security for Android today to make sure you’re protected against mobile malware and other privacy threats.
Have you ever gotten SMS malware in your Android smartphone? We’d love to hear about it. Please feel free to share with us on our blog, or visit us on Facebook.
Are you assuming that last year’s big wave of Android malware threats has slowed down? If so, it’s probably a good time to catch up with the data. A recent study of monthly figures over the last year is a real wake-up call for anyone concerned about mobile security.
Growth rate of Symbian v. Android
The crooks will always follow the money. Symbian malware authors have clearly been making a career switch over to Android. Android’s fast-growing market share, combined with its open platform design, is a super-enticing invitation to cyber criminals. From January, 2011 through April of this year, there’s been a fairly stunning overall growth of Android infections, and a real plunge in the number of Symbian infections. Good news for Symbian owners.
Numbers tell the story
In the month of May, 2011, only 728 new Android were found, compared to 1146 new Symbian threats. However, in the single month of April, 2012, 1463 new Android threats were found, while new Symbian threats were down to 431. Even though the total number of malware events on the Symbian platform (17,405) still surpasses Android’s total (14,484), our researchers are forecasting that the opposite will be true by the third quarter of this year.
Symbian and Android mobile platforms have essentially traded places on the charts when it comes to the growth rate of mobile malware. In January of 2011, Symbian malware growth was at an all-time high, with Android instances making barely a blip. But some time around the end of September of this year, the two platforms officially traded places on the malware growth scale. On the table below, where the “X” seems to form, we can see how Android malware growth easily surpassed the dropping rate of Symbian malware.
Thinking globally
When NQ Mobile researchers inspected malware numbers by country, some interesting figures came to light. The top five countries when it comes to cases of Android malware infections are:
23.5% China
16.4% United States
13.2% Russia
11.4% India
8.6% UK
Our research wizards figure out these numbers by doing a calculation: they divide the total number of malware incidents in each specific country by the global numbers of infections. Incidents could include people who’ve had multiple instances of malware. So, the figures don’t refer to the number of users who’ve experienced malware infections, or the number of devices that have been affected, but simply the number of incidents recorded.
Obviously, it’s not a great honor to be included in this list. The United States’ ranking of Number 2 in the list underscores the extraordinary explosion of Android sales this past year here, and the predictable response from cyber criminals.
Don’t be a statistic
Wherever you live, protect yourself from malware with strong, reliable mobile protection. Statistics can be a yawn, so make sure you don’t end up adding to the numbers. Visit our website today.
Have you been a victim of any kind of malware on your Android smartphone or tablet? We’d love to hear your story. Tell us about your malware experiences, and what you’ve done for mobile protection. Leave us a comment on our blog, or join the conversation on our Facebook page.
This week the researchers at NQ Mobile found another pesky piece of masked malware designed to infect Android phones. Named GappII, this malicious code presents itself innocently as an Android patch.
If GappII malware pays a visit to your phone, you’ll be asked to download an Android security patch. Once you comply, you won’t see an icon on your screen. After it downloads, GappII will silently ask your phone for root privileges. If your phone agrees (and why wouldn’t it?), a “bot” is released that proceeds to download uninvited apps into your system. If your phone isn’t rooted, you’ll see a System Update notification. In either case, GappII runs in the background, and gifts you with apps you didn’t want.
There seems to be a trend toward malware that arrives in the disguise of an important service notice. Last month our researchers discovered “UpdtBot,” another even more dangerous variation of the important-tool-imposter ilk. As conscientious smartphone users, we all know we should download patches and updates as soon as possible. Therefore, clever new demons like GappII could easily take you by surprise.
In addition to following our researchers’ standard recommendations for a secure mobile system, we strongly suggest downloading NQ Mobile Security. Otherwise, you may not be able to tell the difference between a fraudulent security notice and the real thing. Once again, here are the recommendations from NQ Mobile’s researchers:
1) Only download applications from trusted sources, reputable application stores, and markets, and be sure to check reviews, ratings and developer information before downloading.
2) Never accept application requests from unknown sources. Closely monitor permissions requested by any application; an application should not request permission to do more than what it offers in its official list of features.
3) Be alert for unusual behavior on the part of mobile phones and be sure to download a trusted security application that can scan the applications being downloaded onto your mobile device.
NQ Mobile Security users are already fully protected from the “GappII ”threat. Download NQ Mobile Security for Android today.
NQ Mobile’s research team has discovered another new malware infection designed especially for Android devices. UpdtBot is transmitted via SMS messages, and shows up as an urgent alert to the smartphone user, telling them it needs to perform a system upgrade.
The malicious link for this new malware could arrive in your SMS log piggybacked onto any kind of text message, since this is how it travels and proliferates. Once it’s in your system, it registers with and connects to a remote server, which instructs it to quietly conduct various forms of mischief, including making expensive calls and downloading and installing uninvited apps.
Our researchers think UpdtBot will prove to be exceptionally dangerous because it poses as an innocent system file. Its creators will profit from it by sending commands to your phone to conduct stealthy, costly activities, such as making premium calls. Unfortunately, it appears that more than 160,000 Android users have already been affected by the UpdtBot malware.
NQ’s respected research team wants to take this opportunity to remind users of their common sense guidelines:
Only download applications from trusted sources, reputable application stores, and markets, and be sure to check reviews, ratings and developer information before downloading.
Before you install an app, carefully review the “permissions” and make sure you’re comfortable with the data they’ll be accessing.
Watch out for unusual or suspicious behavior on your mobile devices, such as unauthorized charges to your phone bill, text messages from unknown sources, and decreased battery life.
Download up-to-date mobile security software on your mobile device, such as NQ Mobile Security, which scans your apps for malware and helps you locate a lost or stolen device.
All NQ Mobile Security users are automatically protected from UpdtBot malware, as well as all other mobile threats. You can read more of the technical details about this malware on our NQ research site.
NQ Mobile Security offers a free download on its website. Don’t wait until you see UpdtBot’s confusing warning show up on your phone. It’s not worth taking a chance that this “bot” will visit your phone soon. Download NQ Mobile Security today.
product available on our mobile devices. When purchasing a new phone or tablet, make this your first priority. If you already own mobile devices, take a moment to get them protected from all the viruses, scams and malware that have the potential to invade your privacy and steal your assets.
This type of malware is able to deliver multiple instances of something used by Windows called “svhosts.exe” files to your computer during the mobile syncing process. Through an engineered “back door” to the files, cyber criminals can gain access to a PC, and download files that steal data and capture keystrokes–-such as bank account numbers. The data is typically encrypted and sent to locations such as the Ukraine, Russia or Brazil. The virus can store its ill-gotten treasure on your phone’s SD card, or any other non-system Android folder in your mobile device’s memory.
design them so they are able to transmit themselves between a PC and a mobile device. It was only a matter of time. Experts call this kind of exchange a “cross-platform attack.” Makes sense.
expose their online banking and personal data through apps that have inadequate encryption protection — disturbing news for Android users.
and loopholes, but it’s a bit unnerving to glimpse the depth of the potential for security breaches in apps we use every day.
National Cyber Safety Awareness Month, and there are hundreds of resources available for families, educators and businesses for learning the best smartphone practices. Check out 
like last week’s discovery of DyPusher, this one, called VDLoader, has an added feature – it pushes infected apps and URLS, but also pushes its own upgrades.
Our scientists say VDLoader not only causes unnecessary consumption of data leading to potential financial loss, but introduces some serious security threats to your Android phone, as well.
malware threats. If you don’t have a powerful mobile security application on your phone, we recommend that you take the following precautions to prevent any damage from VDLoader (and other threats):
especially for Android. NQ Mobile researchers found a couple of SMS scams this week that you should know about. SMS malware authors compete to make their malware not only profitable, but as sophisticated and undetectable as possible. Targeted at Android, these two are particularly nasty, so pay attention.
however, DSMSbot receives the number and instruction only after its server has collected your information.
Our researchers predict that these discoveries foreshadow an emerging rash of SMS malware threats. Don’t forget these simple safety rules for mobile protection:
designed to infect Android phones. Named 
Therefore, clever new demons like GappII could easily take you by surprise.
especially for Android devices. UpdtBot is transmitted via SMS messages, and shows up as an urgent alert to the smartphone user, telling them it needs to perform a system upgrade.