Pretty much from the get-go, frequent pop up messages on the PC screen were considered annoying. For a hacker, a pop up message is just one more way to steal money– by sending fake alerts and serious warnings that scare a user into making a payment. Cyber thieves have already made millions through such methods, and now such threats are going mobile, specifically to Android.
Symantec announced this morning that Android.Fakedefender has hit the operating system and although it’s a hybrid of the malware methods used on the PC (FakeAV and Ransomware), the basic premise is still extortion – an infected smartphone will be locked until a payment is made.
Why would a user make a payment? Wouldn’t such a message appear suspicious? In an interview with Mobile Enterprise, Liam O’Murchu, Manager of Operations, Symantec Security Response, said that end users may initially think it’s a legitimate app. Some may be worried that yes, they do have explicit material on their phones. Others may just want the phone’s functionality back and give in out of inconvenience.
However, making that one-time payment is like rolling the dice. The pop-up simply goes away, or nothing happens at all.
And once that malicious app is installed, Symantec notes on its website, “user experience varies as the app has compatibility issues with various devices.” Because Android has different versions, the app may be incompatible and simply crash. In that case, the user can go ahead with an uninstall. Unfortunately, if launched, the app could interfere with other apps, and users may not be able to uninstall at all. The operating system can also be affected and for some, a factory reset won’t even be possible, meaning a hard reset will be necessary.
In its 2013 Mobile Threat Predictions, Lookout estimated that 18 million Android users were at risk for mobile malware (from 2012 through the end of 2013.) To be proactive, simply be aware of downloading apps – what they are and where they come from. Various vendors are also offering security solutions for endusers, and as mobile threats increase, more options will be likely.
What About the Enterprise?
While Android.Fakedefender, if successful, will have a direct impact on the smartphone user, either through the wallet or inconvenience, O’Murchu noted that this particular malicious app does not pose a threat to accessing corporate data.
However, that does not mean problems are not on the horizon. Hackers are busy hacking away, trying anything and everything to see what sticks. “Toll Fraud,” for example, is apparently a big hit in Eastern Europe, where users wind up paying exorbitant fees for phone calls and “premium text messages.”
“If they discover how to do it, they will,” O’Murchu said.
It’s a good thing that companies are taking mobile threats seriously then. According to ABI Research, the Mobile Security Services market will reach $1.88 billion by the end of this year. “Isolated and standalone security solutions will work for the individual consumer, but for organizational applications and carriers, mobile security services will take the lead,” says Michela Menting, Senior Analyst, Cyber Security. ABI Research.
Subscribe to our newsletter.