The volume of malware targeting users of mobile devices grew more than three times in 2015, compared to 2014, according to the annual Mobile Virusology report prepared by the Kaspersky Lab Antimalware Research group.
The most dangerous threats in 2015 were ransomware, malware capable of obtaining unlimited rights on an infected device and data stealers, including financial malware.
In 2015, 884,774 new malicious programmes were detected by Kaspersky Lab, a three-fold increase in 2014 (295,539). The number of new mobile banking Trojans decreased to 7,030 from 16, 586 in 2014. The study also revealed that 94,344 unique users were attacked by mobile ransomware, a five-fold increase in 2014 (18,478).
Ransomware is on the rise
2015 was the year of ransomware. Once a device is infected with this type of malware, the malicious app blocks the device with a pop-up window carrying a message that the user has committed illegal actions. In order to unlock the device, the user has to pay a ransom ranging between $12 and $100.
The number of users of Kaspersky Lab mobile products attacked by ransomware increased from 1.1% to 3.8% between 2014 and 2015. Attacks were registered in 156 counties, with Russia, Germany and Kazakhstan the most hit. The Trojan-Ransom.AndroidOS.Small malware and its modification, Trojan-Ransom.AndroidOS.Small.o were the most active in Russia and Kazakhstan. The Small.o was the most widespread of all mobile ransomware detected by Kaspersky Lab last year.
The number of ransomware app modifications has increased by 3.5 times, proof that fraudsters are seeing ever more advantage in earning money from users via blackmail. 2016 is likely to see an increase in the complexity of the malware and its modifications, with more geographies targeted.
Malware with super-user access rights
Nearly half of the top 20 Trojans in 2015 were malicious programmes displaying intrusive advertising on mobile devices. The most widespread last year were the Fadeb, Leech, Rootnik, Gorpro and Ztorg Trojans. Fraudsters used every available method to propagate these Trojans, through malicious web-banners, fake games and other legitimate apps published in official applications stores. In some cases, they were positioned as legitimate software preinstalled by the device vendor.
Some of these apps have the ability to gain super-user access rights or root access. Such rights give attackers an almost unlimited ability to modify information stored on an attacked device. If the installation is successful, the malware becomes almost impossible to delete, even after a reboot to factory settings. Mobile malware with the ability to gain root access has been known about since 2011 and last year it was extremely popular among cyber-criminals. This is likely to continue in 2016.