Almost all mobile malware targeting the Google operating system. And attack vectors also reinforce the Apple platform. On the front of mobile malware, power relations have not changed much: Android is still the most targeted platform by pirates, by far. This is the conclusion of a study just published by the company FireEye (US IT security company). It analyzed no less than 7 million mobile applications, collected between January and October 2014. In this set, they found “millions of malware.” But in 96% of cases, the malware targeted the Google operating system.
Obviously, most Android malware is slightly modified copies of other malware. By only counting single samples, FireEye Malware reaches 3,90,000 or 1,50,000 from a year earlier. One area that has the most off is the theft of banking data, which now has more than 1,300 unique samples against 260 a year earlier. An increase of 500%.
In the genre, one of the most illustrious representatives KorBanker is a Trojan horse distributed mainly in South Korea through the Google Play. It takes the appearance of a banking application, but behind the scenes it grants administrator rights to the terminal intercept bank data and sends SMS to hackers.
Hackers try to Bypass the App Store
On iOS, the picture is totally different. Stringent procedures, publishing applications on App Store make malware are rare on non jailbroken Apple devices. The few specimens rely on SSL faults / TLS or Cross-Site Scripting.
But all is not rosy either. Hackers use increasingly the mode of distribution of ad hoc Apple to get their way. Normally reserved for businesses and developers, it bypasses the App Store and install applications directly on an iPhone or an iPad. This attack vector has been used in several recent cases of malware: WireLurker and Pawn Storm.
Finally, FireEye is concerned about the poor quality of business applications distributed in ad hoc mode. The company counted 1,400, which is not very high. But in 80% of cases it has detected risky coding practices such as the use of private APIs and not documented. This can open the door to hackers.