Threats to Android to double in 2015

Trend Micro predicts that the 2014 cumulative Android threat volume is likely to double in 2015 with the number of vulnerabilities in mobile devices, platforms and apps posing more serious security risks.

Cybercriminals will dig deeper into the gold mine of data available for theft from mobile devices, using the data for theft or selling it underground. Vulnerabilities that have been detected by Trend Micro as yet did not only reside on devices but had wormed their way into platforms and apps.

Platform threats have created opportunities for cybercriminals to replace legitimate apps with fake or malicious versions. According to the Security Predictions report a certain Chinese third-party payment app vulnerability has allowed cybercrooks to phish information from infected devices.

Mobile attackers will rely on tools similar to the Blackhole Exploit Kit (BHEK) to leverage problems like Android OS fragmentation. BHEK and similar tools that have and are continuing to infect computers running different OSs will serve cybercrooks well in attacking Android devices because most users either don’t or can’t update their systems and software regularly,” says Gregory Anderson, country manager, Trend Micro South Africa.

Cybercriminals can point vulnerable device users to malicious websites, for instance. Successful exploitation can then give them access to any or all of the information stored in affected devices. Tailor-made Android exploit kits are known for affecting multiple platforms, should such kits target mobile devices, there is no stopping the infection of any device they have access to.

According to the report there has also been a steady rise in the number of mobile banking malware and there will be a rise in attacks that target mobile users, pushing them to install malicious banking apps. However, the report also stated that installing malicious apps and visiting malicious websites will no longer be the sole mobile infection vectors.

Vulnerability exploitation across platforms will become even bigger mobile threats and security vendors should extend vulnerability shielding and exploit-prevention technologies to include protection for mobile devices. There is an added responsibility for device manufacturers and service providers to work more closely with one another to establish scalable vulnerability-patching solutions to prevent infection and data theft.

* Follow Gadget on Twitter on @GadgetZA