Don’t Let These Top 10 Android Threats Infect Your Mobile WorldAhead of Mobile World Congress, F-Secure releases its list of Top 10 Android Threats from the past year – plus, a new threat to watch out for in 2016.
The top Android threats last year antagonized people by locking their devices for ransom and pilfering their money in SMS-sending fraud, according to F-Secure Labs. The Labs’s Top 10 Android Threats of 2015 list is out today, offering a new look at how attackers have been taking aim at users of the open source OS. As the tech world prepares to converge on Mobile World Congress, the list is a stark reminder of the need for security for all things connected.
The ransomware family Slocker rose to prevalence in 2015, taking the number two position with 2.46% of detections. Slocker encrypts a device’s image, document and video files, and then displays a message accusing the user of breaking the law by having visited pornographic sites. It demands the user pay a penalty of $500 (via a service like PayPal) to unlock the device. To further intimidate the victim, it claims it has photos of their face and knows their location. Slocker infects via porn-related apps, and also via spam emails claiming to be an Adobe Flash Player update.
Making up 15% of detections, the older SmsSend family was the number one Android threat detected by F-Secure Labs in 2015. But it’s not the only SMS sending family on the list – further down are also Fakeinst, SmsPay, and SmsKey. Attackers profit by setting up their own premium rate number. An infected device sends text messages to the number, racking up charges on the user’s phone bill and fattening the attacker’s wallet. These trojans infect either via apps posing as games in third party app stores, or via porn-related apps.
Rounding out the Top 10 list are the information-stealing GinMaster, two exploits that obtain device root access, and a backdoor that gives the attacker access to a device to do as they please.
Rising in 2016: malicious payment apps
As far as threats that could be gaining ground in 2016, Zimry Ong, Senior Analyst in F-Secure Labs predicts malicious online payment apps will become more prevalent. These apps are pushed at the user while making a purchase on a perfectly legitimate website – one that’s been hacked.
“When you go to the checkout, instead of the usual checkout process, the website would push an app at you, asking you to use the app to complete your transaction,” Ong says. “If you do so, the attacker of course obtains the credit card and personal information you enter. Bottom line: if you’re shopping on a familiar website and there is suddenly a change from the usual checkout process, it’s a red flag that something is amiss.”
F-Secure will exhibit at Mobile World Congress 2016, showcasing products to enable “The Trusted Internet” on all your connected things and mobile devices. On display will be the IoT and mobile security and privacy products SENSE, Freedome and SAFE. Visitors to MWC who would like to speak with an F-Secure spokesperson can contact us to schedule a meeting. F-Secure can be found at Hall 6, Stand B60.
F-Secure – Switch on freedom
F-Secure has been defending tens of millions of people around the globe from digital threats for over 25 years. Our award-winning products protect people and companies against everything from crimeware to corporate cyberattacks, and are available from over 6000 resellers and 200 operators in more than 40 countries. We’re on a mission to help people connect safely with the world around them, so join the movement and switch on freedom!
Founded in 1988, F-Secure is listed on NASDAQ OMX Helsinki Ltd.
F-Secure media relations
+358 40 752 0688
Latest Press Releases
New service quantifies breach impact in real numbers before it happens, empowering decision makers to invest in the right security controls.
F-Secure’s flagship products now enable parents to set boundaries online the way they do in the real world
Social engineering is simple these days, and spam has re-surged as an attack vector.
Insecure IP cameras are yet another example of IoT devices that are not built to withstand the threat landscape of the internet.