JEDDAH – Web threats attacking the mobile platform are here to stay. With mobile payments predicted to reach $1.3 trillion annually by 2017, cybercriminals were expected to continue generating even more profit by selling stolen user data. Cybercriminals favor web threats since they only require the Internet to facilitate their schemes. This makes Web browsing risky since web threats can infect your computer or network, sometimes even without your intervention. For several years, Web threats have plagued Internet users, posing several risks such as identity theft, data loss, and financial damage. “In 2013, IT managers here will have to deal with the highest level of targeted attacks the region has ever witnessed. Today's attacks are financially motivated, and we are here to help our customers better protect themselves,” said Ihab Moawad, Vice President Trend Micro Middle East, Africa and Mediterranean. Cybercriminals have broadened their means of infection by targeting mobile users. The popularity of web browsing via mobile devices creates an opportunity for cybercriminals to expand their target base. Today's Web threats are no longer limited to clicking malicious links on PCs. Smartphones now face the same kinds of threat previously seen on their PC cousins—all in roughly three years. Through the use of malicious URLs, cybercriminals are able to infiltrate mobile devices. Trend Micro points out two motivations cybercriminals have for using them. First, malicious URLs make launching online attacks easier, and second, they allow cybercriminals to cover a wide target area comprising Internet-ready mobile devices. Attack scenarios often involve social engineering techniques designed to trick mobile device users into clicking malicious URLs and downloading malicious Android application package (APK) files. Once these files are in place, the mobile device's security is compromised. Malicious URLs, are disease vectors. This means they are used by cybercriminals as a way to spread mobile malware. But this is not the sole purpose of malicious URLs. They can also be used to infiltrate your device and foster outbound communication. Not only do mobile malware like malicious downloaders and backdoors rely on malicious URLs to infiltrate mobile devices, they also need them to send or request additional information required to perform specific functions. Almost 17% of the mobile malware Trend Micro as found so far have malicious URLs embedded in them. Malicious downloaders use malicious URLs to download and install additional malicious files and components in your device. They request information and receive malicious packages in return. Backdoors also take advantage of malicious URLs in the same way. Once installed in a mobile device, they communicate with remote sites to acquire new scripts, which they can then parse and use. In January this year, a backdoor used a malicious URL to download a script it needed to update the one currently running on the infected device. When the said script is integrated into the malware, the malware is able to avoid anti-malware detection. This new ability allows the backdoor to download a new variant of itself from a malicious URL. The same script also contains customized commands a remote attacker can execute. In this particular case, executing these commands causes a notification asking you to download other files to appear. The example revealed that two-way communication between mobile malware installed in a device and malicious URLs is possible. Since attackers can now remotely ask you to download more malicious files onto your device, it's also likely that they can perform more intrusive or damaging tasks. Another backdoor Trend Micro detected earlier this year allows cybercriminals to execute commands like sending and deleting messages and making phone calls. These can result in unnecessary charges on mobile phone bills. The backdoor also allows cybercriminals to send user's contact list and GPS location to malicious domains. The relationship between mobile malware and malicious URLs is often overlooked. When they work together, they pose a serious threat to mobile devices as well as information and privacy. Any data users store in their mobile device will be ripe for the picking. Personal details, messages, and the like can be stolen and sold underground by cybercriminals. Though it's advisable to double-check granted app permissions, users can't always be too sure of this safety practice. Cybercriminals are getting better in using social engineering. The limitations of mobile devices like having a small screen make it more difficult to determine malicious apps and URLs from safe ones. The risk of mobile malware infection is greatly decreased though with the use of a security app. Even if traditional mobile security apps help alleviate threats by blocking the download and installation of malicious files, they don't completely eliminate the risks malicious URLs pose. Since malicious downloaders and backdoors use malicious URLs to function on the device, an app that relies on web reputation technology is recommendable. If the mobile device is already infected by mobile malware before one has the chance to install the appropriate security solution, it still isn't too late. Security apps that use web reputation technology can still stop communication between the mobile malware and the malicious URLs it tries to access. — SG
