24 Nov COVID-19 led to global mobile malware outbreak – report | Light Reading
As if it hadn’t wreaked enough havoc in other ways during 2020,
a study has found that the coronavirus also sparked a global outbreak of mobile malware.
Mobile malware has seen a consistent and significant increase in the third quarter. And Asia, in the middle of an Internet boom, is right at the epicenter of this digital virus outbreak.
Ninety-seven percent of mobile transactions in Asia in the third quarter were flagged and blocked as fraudulent, says anti-fraud platform Secure-D, which studied its own data covering 30 operators in 20 countries.
In Thailand, the number of infected users increased by 700% from 2019’s third quarter to 2020’s.
And Indonesia alone represented 64% of transactions the platform blocked globally in July, August and September.
All this shows “bad actors are using the pandemic to take advantage of a relatively captive mobile user base,” says Secure-D, which is owned by mobile technology firm Upstream.
The malware outbreak comes as COVID-19 has driven international traffic 47% higher, and as countries like Malaysia and Thailand especially saw smartphone adoption rocket.
Both countries saw smartphone penetration increase by 13% last year, with Singapore following with 11%, even as sales in other regions abated, according to market research firm GfK.
In Indonesia, the platform found 310,000 users were carrying malware-infected devices, making up one-third of infected devices in Asia and a fifth of the global total.
Mobile transactions means not only direct attempts to extort payments fraudulently, with hidden sign-up to premium subscriptions, for example, but more complex hidden activity, like ad platforms that claim clicks that haven’t happened, potentially costing millions in lost ad revenue.
Computers get viruses too
“An increasing number of people are opting to stay at home due to the pandemic, and many have become dependent on their mobile phones for entertainment, news and socializing,” says Geoffrey Cleaves, Secure-D’s Barcelona-based managing director.
Russia also saw a spike in fraudulent transactions, with the percentage of transactions blocked rising to 94% in the third quarter from 66% in the second.
South Africa saw the number of infected users in the third quarter, 460,000, increase 70% year-on-year.
97% of all transactions processed in Asia by Secure-D during Q3 2020 have been flagged as fraudulent. Indonesia has been the top infected market.
Read more on the latest findings by Upstream’s security platform: https://t.co/aKlOaKHibx#cybersecurity #mobilesecurity #malware pic.twitter.com/nsx1EDqEq5
— Upstream (@UpstreamGlobal) November 24, 2020
In Brazil, the number of blocked transactions rose 77% from the previous quarter, to 76 million.
And Cte d’Ivoire also saw a spike, with fraudulent transactions more than doubling to 156,885 from 72,361 in the quarter before.
Malware appears particularly strongly focused on Android apps, with nine of the ten worst offending apps in the third quarter, and 37 of the top 50, at some point available on Google Play.
Other security researchers are reporting similar figures, with McAfee seeing new malware samples growing by 11.5% in the second quarter.
Bot needs cache
“What began as a trickle of phishing campaigns and the occasional malicious app quickly turned into a deluge of malicious URLs,” he says.
A series of three Emotet botnets (short for robot networks), controlled from Russia, saw a 1,200% increase in detections from July to September, compared to the previous three months when Emotet-linked malware seemed to be in decline.
A botnet is a network of computers infected by malware under the control of a single attacker, known as the bot-herder.
The oldest and largest focus on size, with the relatively simple Cutwail botnet sending 74 billion messages a day.
Slightly more sophisticated networks, like the Windows-based ZeuS botnets controlled out of eastern Europe, target large companies and credit card holders for their financial data.
Other, more specialist, botnets target their incursions at companies’ high-value intellectual property and research and development activities.
Emotet often gains a foothold into networks by phishing emails, and thread hijacking, to make emails look more legitimate, since people are more likely to download an attachment that appears to come from someone they know.