blog
The number of malicious apps mobile security firm Lookout has identified in less than six months has doubled to 1,000, according to a report from Lookout to be released tonight.
Friday, 13 January 2012
The likelihood of an Android user encountering malware has risen from 1 percent to 4 percent, according to Lookout.
(Credit: Lookout)
The vast majority of those dubious apps are found on third-party app stores and alternatives to the official Android Market, the company said.
"2011 has seen the emergence of a credible field of Android malware with a 4 percent yearly likelihood of an Android user encountering malware, which was a significant increase compared to the beginning of the year. In the beginning of 2011 we measured a 1 percent yearly likelihood," Lookout says in its report, titled "Malwarenomics: 2012 Mobile Malware Predictions."
"The U.S. is in the middle of the pack in terms of mobile malware compared to other countries, including Russia, Israel and China," said Derek Halliday, senior security product manager at Lookout.
Meanwhile, Android users are increasingly at risk--like users on all mobile platforms are--of unwittingly clicking on links that lead to malware and phishing sites.
"The global yearly likelihood of an Android user clicking on an unsafe link is 36 percent (6 percent higher than July 2011)," the report says. "In the United States, the likelihood is higher than the global average at 40 percent."
Lookout also has detected a rise in the amount of what it calls "mobile pickpocketing," apps and malware that surreptitiously charge fees to the phone owner, including GGTracker, which signs phones up for premium text message subscription services without the owner's knowledge. There's also the RuFraud apps that pose as free versions of wallpaper or popular games but hide terms of service that allow the developers to sign the phones up for expensive SMS rates.
The Lookout report predicts that we'll see more of these threats, as well as increased use of: mobile phones in botnets to send spam and steal data; malware that exploits weaknesses in mobile operating systems; browser-based attacks; malware hiding in mobile advertisements; and tools that allow for automatic repackaging of legitimate apps to add malware.
Lookout cautions against using third-party app stores and clicking on in-app ads, and advices caution when clicking on apps that ask you to click "OK," as well as when clicking on shortened URLs. In addition, people should check reviews on gaming, utility and porn apps before downloading them because they are the types of apps most likely to contain malware.
Thanks to cnet for the information.
Scammers are posing as Facebook security in chat sessions to try to trick people into providing their credit card information, Kaspersky Lab warned today
Friday, 13 January 2012
At the time of writing there is a new Facebook phishing attack going on. It will not just try to steal your Facebook credentials; it will also try to steal credit card information and other important information such as security questions.
This Facebook phishing attack is pretty interesting because it does not just try to trick the victim into visiting a phishing website. It will reuse the stolen information and login to the compromised account and change both profile picture and name. The profile picture will be changed to the Facebook logo and the name will be translated to “Facebook Security” but containing special ascii characters replacing letters such as “a” “k” “S” and “t”.
Once an account is compromised it will also send out a message to all contacts of the compromised account. The message looks like this:
"Last Warning: Your Facebook account will be turned off Because someone has reported you. Please do re-confirm your account security by: => http://apps-xxxx-xxxxx-user.de.vu
When clicking on the link you will be redirected to a website which looks very similar to Facebook, and asks you for personal information such as: Name, Email, Password, Webmail system, Password to email etc. When submitting this form the details will be sent to the attacker, and they can automatically login to your Facebook account and compromise it.
After the victim submitted the information another webpage will appear, this page states that you need to confirm your identify with a payment and asks for your Card Number.
The last page of the phishing scam will try to confirm your Credit card information including CSC/CVV code.
These scams are just getting more popular and we really recommend not giving out personal information, especially not email, password and credit card information over social medias. It is also recommend that you contact your security vendor and the social media vendor if you encounter these sites.
Provided by securelist.com