– AVG’s Q2 Threat Report warns of new sophisticated attacks aimed at unsuspecting PC and Android smartphone users –
MELBOURNE and AMSTERDAM 26 July, 2012 – AVG (AU/NZ) has released the AVG Technologies’ Q2 2012 Community Powered Threat Report. Cybercriminals have been using social engineering techniques to create malware that successfully exploits commonplace user activity such as downloading mobile phone applications and accessing online content through popular sites such as YouTube.
First Android bootkit turns your smartphone into a ‘zombie’
The Android operating system for smartphones is now leading with 59 percent market share, according to the latest figures from IDC[1]. Taking advantage of this lucrative opportunity, cybercriminals have created the first Android bootkit which turns phones with the Android operating system into ‘zombies’, meaning they come fully under the control of the cybercriminal. Cashing in on the application craze, this ‘DKFbootkit’ malware tricks users by masquerading as a legitimate application available for Android smartphones and poses a serious threat to the many Android smartphone users worldwide.
Once users download the application, the malware encourages them to click ‘OK’ to run it, which then roots the device. Since the smartphones are either connected to a mobile operator for payment or pre-paid, the malware author can siphon off small amounts of money on an on-going basis using premium SMS, usually without the user noticing as the amounts per individual user are kept small.
Malicious Trojan hides in unofficial ‘Angry Birds Space’ application
Malware creators have developed a Trojan-infected version of this highly popular application, developed by Angry Birds creator Rovio in conjunction with NASA. Available on unofficial Android stores, it looks and functions exactly like the legitimate application but the difference is that it uses what is known as the ‘GingerBreak exploit’ to root Android devices. Rooting a device allows the malware to download and install additional malware onto the victim’s smartphone, turn it into part of a botnet, modify files and launch URLs so that that phone is no longer under the user’s control.
Celebrity sex and scare-mongering scams lure PC users
Tempted to view a video of socialites and celebrities undressed? Think twice before you click on the play button as another major threat that emerged in recent months is a new version of last year’s LizaMoon SQL mass-injection attack hidden inside celebrity sex videos and false security alerts. When users click on a link to view the non-existent video or visit the fake security website, this malware downloads a Trojan. The style of the attack depends on the internet browser being used:
- Mozilla Firefox®: users are taken to a fake Flash update page which purports to show a vulgar video of socialite Paris Hilton or actress Emma Watson. In fact, they will never get to see the video as when they click on it, they are prompted to update their Flash software which then downloads the disguised Trojan.
- Microsoft Internet Explorer®: in this attack, cybercriminals play on people’s peace of mind by mimicking a legitimate antivirus product which claims to have detected all sorts of malware on their PC and can help remove it. If users follow the link and install the application, then go on to purchase the product, it will simply download a completely ineffective rogue to their PC. If the victim changes their mind and chooses not to purchase the product, ‘nag’ screens will keep popping up until the rogue is cleaned from the machine. The latest version is known as a ‘drive-by’ download as the malware will execute from the web page, without requiring the user to download anything at all.
Michael McKinnon, Security Advisor at AVG (AU/NZ), said: “These threats are a bit like the Emperor’s new clothes – they are the same style of attacks as we have seen before but socially engineered by cybercriminals to trap victims who are becoming more security savvy. The greater sophistication of these threats also means they are difficult for everyday users to spot something is wrong once the malware has been installed, making them very potent. It’s vital that consumers think before they click ‘OK’ to anything online or on their phone.”
Top five tips to keep your Android smartphone and computer safe:
- Prior to installing any application, carry out a background check on the developer and application, looking at ratings, reviews, history. Only download from application stores, sites and developers you trust – or set your device to download only from Google Play.
- Think before you click ‘OK’ to any requests your phone or PC make for your permission. Check if it seems bona fide or whether it appears odd that the application should be asking for this permission or to execute a download.
- Keep your computer programs, such as Adobe Acrobat and Adobe Reader, up-to-date so you are not tempted to follow prompts to upgrade when trying to access content from the web.
- Install antivirus security software on your computer and your smartphone and keep it updated. This will work as your eyes and ears to keep your personal information safe and ensure your peace of mind at home and on the move.
- Monitor your mobile phone bills very carefully – if you notice any small amounts you cannot account for, investigate further and if you suspect your smartphone has been exploited, run a genuine security product to find and remove any malware.
For more information on these and other threats analysed by AVG in the AVG Q2 Community Threat Report, please go to: http://mediacenter.avg.com/en/press-tools/avg-threat-reports/avg-community-powered-threat-report-q2-2012.html