hp-security-research-cyber-risk-report-pdf-2-w-1408

HP Security Research | Cyber Risk Report 2015Top Android malware families in 2014As expected, the majority of Android malware discovered in 2014 was found outside of theGoogle Play market, although there are instances in which malware was placed on Google Playby maliciously created developer accounts. The biggest family, similar to the situation withWindows platform, is Agent, which is a standard name reserved by anti-malware companiesfor malware that cannot be classified with high certainty into any well-known family. Agent isfollowed by some of the usual suspects—for example, Opfake and Boxer, two related familiesoriginating and mostly targeting users in the Russian Federation and neighboring countries.However, it is the families that are not seen in most top 10 Android malware family lists thathave caught our attention, because they follow successful patterns previously seen andfrequently used in Windows malware.Figure 14. Top Android malware families in 2014, as detected by ReversingLabs64%10%6%5%5%2%2%2%2%1%1%AgentStealerFakeinstSmsagentMsegOpfakeSmsregBoxerSmssendGinmasterOtherNotable Android malware in 2014Although some of the methods featured here will not appear sophisticated compared to themethods used by Windows-based malware, most of them are new to Android, especiallyconsidering the fact that the first Android malware was only discovered a few years ago.RansomwareThis year we have seen our first purposefully made ransomware samples, with functionalitythat prevented the users of infected devices from working. This was usually achieved by acombination of social engineering techniques used to convince the user to allow a malicious appto obtain device admin privilege (which is different from the user privileges granted to apps bythe underlying Linux kernel) and interception of various system events that prevented the userfrom launching any other app or terminating the malware.The first ransomware, which belongs to the Android.Trojan.Tlock family, was discovered in Apriland contained basic functionality for locking the screen and preventing the user from navigatingaway from it. The app purported to be a free anti-malware app by Norton, but after presenting afake anti-malware user interface, it displayed a warning that appeared to come from the FBI.This technique is consistent with techniques used by some of the desktop-based malwarefamilies, such as Reveton or BrowserLock. The Tlock family evolved over time and reached fullransomware functionality that included allowing the user to unlock the device by entering avalid MoneyPak voucher number into the application UI.36