Defending Against Mobile Malware

Kaspersky Researcher Warns of Android Attacks

By , May 8, 2013.
Defending Against Mobile Malware

A recent spear-phishing attack involving a Trojan designed to target Android devices offers an important reminder of the emerging threat of mobile malware, says Kaspersky Lab researcher Kurt Baumgartner.

See Also: Rethinking Endpoint Security

"This is the first Android Trojan that we've seen in the wild being used in this manner," says Baumgartner, a researcher who monitors malware.

The spear-phishing attack and Trojan, discovered by Kaspersky Lab, involved an APK - a program for Android that allows users to download Gmail attachments to their devices.

When Kaspersky Lab reviewed the Trojan, researchers found that it had the ability to report back information about the user.

"When we reversed the Trojan, we saw functionality to pull out contacts - contact lists both on the phone and the SIM card of the device," Baumgartner says in an interview with Information Security Media Group [transcript below].

"We saw it maintaining functionality to pull out call logs and SMS messages," he explains. "They wanted to also know the geo-location of the phone and then, finally, the phone data."

That information, Baumgartner says, is "golden" for attackers. "When lists of contacts and details are pulled off a device, those contacts are the next in line [for attack]," he says.

While mobile malware is in the beginning stages, Baumgartner says organizations need to be concerned. Mobile device users can begin to protect themselves by adding additional security packages to their devices to protect from malicious downloads.

During this interview, Baumgartner discusses:

  • Spear-phishing schemes that cross the mobile and online channels;
  • Mobile malware trends for 2013 and 2014;
  • Why personally identifiable information is becoming easier for fraudsters to compromise.

Baumgartner joined Kaspersky Lab in 2010 and is responsible for monitoring the malware landscape across the Americas and enhancing Kaspersky's technologies. Earlier, Baumgartner was vice president of behavioral threat research at Symantec - PC Tools, ThreatFire, chief threat officer at Novatix and a threat analyst at SonicWALL.

Android Trojan

TRACY KITTEN: Kaspersky Lab recently discovered an Android Trojan that's being used to target high-profile Tibetan activists. What can you tell us about this attack, as well as how and when it was identified?

KURT BAUMGARTNER: The incident involved an Android Trojan that was being sent out from a compromised e-mail account from a high-profile Tibetan activist. The novel thing about this attack is that the attachment itself was an Android Trojan that could be installed on an Android device and used to collect and perform surveillance activity on a target.

Spear-Phishing Trends

KITTEN: From what I know, these attacks started with spear-phishing, which is an increasing concern for organizations across the board. If we look at spear-phishing generally, what trends would you say have fueled spear-phishing's growth?

BAUMGARTNER: Spear-phishing itself is generally a pretty effective way of delivering malware in targeted attacks. Some of the trends that have pushed attackers to using spear-phishing techniques have been that some of the other technologies actually protecting against other known techniques, like watering-hole attacks or network infiltration, those venues of attack have been more effectively shut down in my opinion. It becomes increasingly effective to use spear-phishing as a form of getting in.

Use of Social Media

KITTEN: How would you say that social media or other online channels are being used to exploit or help to fine-tune some of these targeted e-mail attacks?

Follow Jeffrey Roman on Twitter: @gen_sec

  • Print
  • Tweet Like LinkedIn share
Get permission to license our content for reuse in a myriad of ways.
ARTICLE Compromise on Info-Sharing Measure Grows

A willingness to compromise expressed at a House hearing on President Obama's cyberthreat...

Latest Tweets and Mentions

ARTICLE Compromise on Info-Sharing Measure Grows

A willingness to compromise expressed at a House hearing on President Obama's cyberthreat...

The ISMG Network