Algeria Records 2,130 New Cases of Coronavirus    Stellar speaker line-up at Leap conference in Riyadh    Joint Saudi-US exercise concluded in the Eastern Province    Tata Group takes over India's loss-making national carrier    Ukraine crisis: West threatens to ax Russia gas pipeline    Saudi Stock Exchange Main Index Ends Trading Lower at 12,179 Points    KSrelief Distributes More than 24 Tons of Food and Shelter Aid in Kabul, Afghanistan    KSrelief Supervisor General Meets with Ethiopian Finance Minister    Royal Order: February 22 of every year shall be designated to mark commemoration of Saudi State founding under "Founding Day" name, and shall be an official holiday    Saudi Arabia reiterates its warning to violators of isolation and quarantine instructions    Federation of Saudi Chambers Calls for Preparing Roadmap for Arab-Russian Economic Relations    Booster dose: Saudi Arabia updates Covid immunization status starting Tuesday    Prince Andrew denies close friendship with Ghislaine Maxwell    Australian scientists find 'spooky' spinning object in Milky Way    Biden expected to nominate first black woman to US Supreme Court    Salah helps Egypt beat Ivory Coast in shootout at African Cup    'Orange is the New Black' actress Kathryn Kates dead at 73    IsDB Organizes Seminar on Business Opportunities in IsDB-financed Projects    Jordan's Army Kills 27 Drug Smugglers on Border with Syria    Egypt Records 1910 New Cases of COVID-19    All remaining slums in Makkah to be developed soon    Indian community marks Republic Day with patriotic fervor    GACA, KACST sign MoU to establish a center for research & development    British driver Sam Bird sets sight on more triumphs in Saudi Arabia 2022 Diriyah E-Prix    PIF unveils leading gaming and e-sports group    RCU launches direct flights from Paris to AlUla    Saudi Stock Market Index Ends High At 12,182 Points    Royal Commission in Yanbu Achieves Arab Award for Operation and Maintenance    Sir Elton John postpones US shows after positive Covid-19 test    Bollywood's Shilpa Shetty cleared of obscenity over Richard Gere kiss    At least six killed in Cameroon stadium stampede    General Court of Audit President Inaugurates 8th Conference for Internal Audit with Int'l Participation    Taylor Swift slams Damon Albarn over songwriting comments    Omani National Football Team Arrives in Jeddah to Meet Saudi National Team    Saudi Handball Team Loses to Qatar in Main Round of 2022 Asian Men's Handball Championship    Eighth Season of ABB FIA Formula E World Championship to kick off in Diriyah    20th Asian Handball Championship Main Round to Kick off Tomorrow    Riyadh's Qualitative Events Enrich its Winter, Attract World Attention    SFDA: Fat is a Source of Energy and Its Abundance is Linked to Chronic Diseases    Reflections on celebration of Christmas    Royal Commission for AlUla to Hold Custodian of the Two Holy Mosques Endurance Cup 2022, Richard Mille AlUla Desert Polo    Saudi Arabia's Pavilion at Expo 2020 Dubai Organizes a Dance Theatrical Show for Children    Saudi Arabia rebuffs UN resolution on 'sexual orientation'    Kabir Khan eyes on joint Indian – Saudi film projects    Pilgrims Perform Dhuhr and Asr Prayers at Arafat Holy Site    Council of Senior Scholars: Muslim Brothers' Group Don't Represent Method of Islam, rather only Follows its Partisan Objectives, Violating our Graceful Religion    Eid Al-Adha Prayer Performed at the Grand Holy Mosque    Pilgrims Perform Dhuhr and Asr Prayers in Arafat Holy Site    

Thank you for reporting!
This image will be automatically disabled when it gets reported by several people.

Cybercriminals prowl as mobile payments to hit $1.3trn annually
Published in The Saudi Gazette on 03 - 06 - 2013

JEDDAH – Web threats attacking the mobile platform are here to stay. With mobile payments predicted to reach $1.3 trillion annually by 2017, cybercriminals were expected to continue generating even more profit by selling stolen user data.
Cybercriminals favor web threats since they only require the Internet to facilitate their schemes. This makes Web browsing risky since web threats can infect your computer or network, sometimes even without your intervention. For several years, Web threats have plagued Internet users, posing several risks such as identity theft, data loss, and financial damage.
“In 2013, IT managers here will have to deal with the highest level of targeted attacks the region has ever witnessed. Today's attacks are financially motivated, and we are here to help our customers better protect themselves,” said Ihab Moawad, Vice President Trend Micro Middle East, Africa and Mediterranean.
Cybercriminals have broadened their means of infection by targeting mobile users. The popularity of web browsing via mobile devices creates an opportunity for cybercriminals to expand their target base. Today's Web threats are no longer limited to clicking malicious links on PCs. Smartphones now face the same kinds of threat previously seen on their PC cousins—all in roughly three years.
Through the use of malicious URLs, cybercriminals are able to infiltrate mobile devices. Trend Micro points out two motivations cybercriminals have for using them. First, malicious URLs make launching online attacks easier, and second, they allow cybercriminals to cover a wide target area comprising Internet-ready mobile devices.
Attack scenarios often involve social engineering techniques designed to trick mobile device users into clicking malicious URLs and downloading malicious Android application package (APK) files. Once these files are in place, the mobile device's security is compromised.
Malicious URLs, are disease vectors. This means they are used by cybercriminals as a way to spread mobile malware. But this is not the sole purpose of malicious URLs. They can also be used to infiltrate your device and foster outbound communication.
Not only do mobile malware like malicious downloaders and backdoors rely on malicious URLs to infiltrate mobile devices, they also need them to send or request additional information required to perform specific functions. Almost 17% of the mobile malware Trend Micro as found so far have malicious URLs embedded in them.
Malicious downloaders use malicious URLs to download and install additional malicious files and components in your device. They request information and receive malicious packages in return.
Backdoors also take advantage of malicious URLs in the same way. Once installed in a mobile device, they communicate with remote sites to acquire new scripts, which they can then parse and use.
In January this year, a backdoor used a malicious URL to download a script it needed to update the one currently running on the infected device. When the said script is integrated into the malware, the malware is able to avoid anti-malware detection. This new ability allows the backdoor to download a new variant of itself from a malicious URL. The same script also contains customized commands a remote attacker can execute. In this particular case, executing these commands causes a notification asking you to download other files to appear.
The example revealed that two-way communication between mobile malware installed in a device and malicious URLs is possible. Since attackers can now remotely ask you to download more malicious files onto your device, it's also likely that they can perform more intrusive or damaging tasks.
Another backdoor Trend Micro detected earlier this year allows cybercriminals to execute commands like sending and deleting messages and making phone calls.
These can result in unnecessary charges on mobile phone bills. The backdoor also allows cybercriminals to send user's contact list and GPS location to malicious domains.
The relationship between mobile malware and malicious URLs is often overlooked. When they work together, they pose a serious threat to mobile devices as well as information and privacy. Any data users store in their mobile device will be ripe for the picking. Personal details, messages, and the like can be stolen and sold underground by cybercriminals.
Though it's advisable to double-check granted app permissions, users can't always be too sure of this safety practice. Cybercriminals are getting better in using social engineering. The limitations of mobile devices like having a small screen make it more difficult to determine malicious apps and URLs from safe ones.
The risk of mobile malware infection is greatly decreased though with the use of a security app. Even if traditional mobile security apps help alleviate threats by blocking the download and installation of malicious files, they don't completely eliminate the risks malicious URLs pose. Since malicious downloaders and backdoors use malicious URLs to function on the device, an app that relies on web reputation technology is recommendable.
If the mobile device is already infected by mobile malware before one has the chance to install the appropriate security solution, it still isn't too late.
Security apps that use web reputation technology can still stop communication between the mobile malware and the malicious URLs it tries to access. — SG

Clic here to read the story from its source.