Android banking and payment malware on the rise

Following up on a previous blog entry regarding the targeting of cryptolocker ransomware on mobile devices, a new report by Cheetah Mobile shows that the number of infected mobile devices worldwide is on the rise, particularly in the month of June.

This type of malware basically targets mobile banking and payment software on mobile devices with the aim to extort money from users by hijacking personal information and spoofing bank sites or apps to trick victims into practically giving up personal data.

  • The number of daily Android users infected has increased from approximately 11,000 to nearly 17,000 between May 16th and June 15th.
  • Throughout June, more then a 100 different countries have been infected, namely 61,366 in Vietnam, 20,476 in Russia and 19,667 in Taiwan.

The four major culprits for these infections were:

  • Simplelocker - This evolved version of Cryptolocker was the first malware to successfully encrypt data.  There are currently 40 known variants of Simplelockers, with 6330 infected users in Russia, 2520 in the USA, and 2280 in Ukraine.
  • Android.Trojan.fubus and Android.Trojan.Fakeinst - These both appeared for the first time in June. These Trojans have the capabilities to make stealth mobile payments, access the Android device manager, commit SMS fraud, steal mobile data, contact premium rate numbers, and download further malware apps on the victim's devices.
  • The "Express Delivery" malware - Targeted mainly Taiwan users, infecting around 20,000 users. Throughout June, this malware has split into 35 variants.
  • The "Korean BankKiller" malware - Is estimated to be infecting around 4,000 Korean Android users a day.