News

Security Firm: Top 3 Mobile Malwares Target Android

• By David Ramel
• December 12, 2017

The latest report from security firm Check Point Software Technologies Ltd. identifies the top three mobile malware threats -- which all run on Android.

Android has long been characterized as more vulnerable to exploits than Apple's rival iOS because of its ubiquity, fragmentation, proliferation of underground app marketplaces and other reasons (see this recent article for a discussion) on that).

That popular notion holds true in the latest report from Check Point, which identifies the "most wanted" malware for last month.

In the report's mobile section, the top three most wanted malwares were identified as:

1. Triada -- Modular Backdoor for Android that grants super-user privileges to downloaded malware and helps it to get embedded into system processes. Triada has also been seen spoofing URLs loaded in the browser.
2. Lokibot -- Android banking Trojan and info-stealer, which can also turn into a ransomware that locks the phone in case its admin privileges are removed.
3. LeakerLocker -- Android ransomware that reads personal user data, and then presents it to the user and threatens to leak it online if ransom payments aren’t met.

In the non-mobile category, the top three malwares were listed as:

1. RoughTed -- a purveyor of ad-blocker aware malvertising responsible for a range of scams, exploits, and malware. It can be used to attack any type of platform and operating system, and utilizes ad-blocker bypassing and fingerprinting in order to make sure it delivers the most relevant attack.
2. Rig ek -- Exploit Kit first introduced in 2014. Rig delivers Exploits for Flash, Java, Silverlight and Internet Explorer. The infection chain starts with a redirection to a landing page that contains JavaScript that checks for vulnerable plug-ins and delivers the exploit.
3. Conficker -- Worm that allows remote operations and malware download. The infected machine is controlled by a botnet, which contacts its Command & Control server to receive instructions.

Check Point also listed seven other threats in the non-mobile section, noting the return of Necurs, described as the largest spam botnet in the world.

The firm said its reports are powered by its ThreatCloud intelligence offering, described as a collaborative initiative to fight cybercrime, delivering threat data and attack trends from a network of threat sensors around the world. To help Java programmers (and those using other languages such as Kotlin) more securely develop for Android and other OSes, the company publishes threat prevention resources.