2014 Half Year Security Report

Blog > ContentJul 18, 2014

QQ截图20140724134312.jpg

Major trends over the past 6 months:

1. The number of Android viruses continues to rise steadily; roughly one in ten apps are now fully or partially malware.
2. Payment-based viruses are becoming more prevalent, endangering the finances of users.
3. Vulnerabilities, such as Heartbleed, presented serious threats to mobile and cloud security.
4. Attacks targeting Wi-Fi networks have proliferated around the world. 


Analysis of malware data on the Android platform

The number of Android viruses continues to rise steadily. Cheetah Mobile collected 24.4 million sample files during the first six months of 2014. Of those samples, 2.2 million turned out to be viruses, or roughly 9% of the total. 

QQ截图20140724134346.jpg

Chart 1. 9% of Android samples are viruses (Jan-June 2014)

In the first half of 2014, the number of samples that contained viruses grew rapidly. Cheetah Mobile’s collection of 2.2 million virus samples constitutes an increase of 20.5 times over 2012’s numbers and an increase of 2.5 times over the total from 2013.

QQ截图20140724134537.jpg

Chart 2.Android virus trend; number of infected users (2012-Present)


Increase in mobile payment viruses

2014 is destined to be the year in which mobile payment viruses become the primary threat to Android devices, both in terms of absolute number and proportion of infections. Payment viruses accounted for more than two thirds of the above mentioned viruses, while consumption viruses occupy a distance second place at 16%. These two types of viruses mainly result in financial losses for the user.   

QQ截图20140724134618.jpg

Chart 3. Worldwide virus sample classification

Asia ranks highest for infection rates, entertainment viruses spread in France and Russia

Asia and select parts of Western Europe have undoubtedly had the highest rates of infection during the past six months. This is due in part to the prevalence of third party app stores in these regions, which have very lax checks to ensure that applications do not contain viruses. Malware, the primary vector for the spread of viruses, is often rife on these sites. 

In contrast, infection rates in the United States, Australia and most other parts of Europe are low. As shown below in Chart 5, the probability of a device in Asia being infected is two to three times greater than one in Europe or the Americas.

QQ截图20140724134640.jpg

Chart 4. Global mobile virus infection rates (January – June 2014)

QQ截图20140724134741.jpg

Chart 5. Infection statistics for top regions (January – June 2014)

Asia hosts some of the highest ratings for infection, including Vietnam at 3.65% and India at 3%. In Chart 6 below, we can see the major malware apps that are spreading in these regions.

QQ截图20140724134813.jpg

Chart 6. Mobile virus infection rates in Asia (January – June 2014)

1.jpg

Table 1. Top 3 viruses in Asia by infection rate (January – June 2014)

Similar to Asia, Europe also has top infection hotspots, including France and Russia at 2.97% and 1.88% respectively. The infection rates of the remaining areas are comparatively low.

QQ截图20140724134847.jpg

Chart 7. Mobile virus infection rates in Europe (January – June 2014)

The most popular malware apps are entertainment applications.

2.jpg

Table 2. Top 3 viruses in Europe by infection rate (January – June 2014)

Infection rates in the Americas are low; the highest rate being in Mexico at 1.07% and all other countries below 0.6%. The app markets here are more vigilant, which hampers the ability of malware to spread at the same pace as it does in Asia. Similar to Europe, entertainment applications are the most commonly infected apps in North and South America.

QQ截图20140724134924.jpg

Chart 8. Mobile virus infection rates in the Americas (Jan–Jun 2014)

3.jpg

Table 3. Top 3 viruses in the Americas by infection rate (January – June 2014)

3rd party markets are the biggest virus sources

Various 3rd party markets are the main source vector for virus transmission. According to our analysis, viruses coming from 3rd party markets account for 99.86% of infections - 713 times more compared to Google play at 0.14%. 

QQ截图20140724134951.jpg

Chart 9. Channels for Android malware

The main Android markets are, by country: Korea (Samsung, T-store); U.S. (Amazon); Russia (Yandex store). In China, there are countless markets. These 3rd party markets generally do not check for or remove malware, which provides ample opportunities for viruses to spread.

Go check your Android system version!

According to our analysis, infection rates differ among the various Android systems. Android systems 4.1 and 4.2 have experienced the largest proportion of infections, but this is likely due to these versions having a large number of users compared to other versions. In total, 65.4% of infections are on these two versions. Android system versions 4.3 and 4.4 are more secure, but they still contain major vulnerabilities.

4.jpg



Mobile payments: Malware’s new target

Since 2013, payment viruses have swept the globe and the growth rate in 2014 has reached new heights. In all current virus samples, payment viruses account for 68% of the total. It is theorized that their growth is concomitant with the growth of mobile payment systems worldwide. Hacking SMS or app payment methods is easier for hackers compared to hacking online banking systems.

QQ截图20140724135015.jpg

Chart11. Payment virus classification 

5.jpg

Table 4. Descriptions of payment malware

An analysis of the spread of payment viruses over the past year shows us that in June 2013 there were on average 1,500 new virus variations popping up each month. However, in May 2014, this number increased to 6,500, increasing fourfold.

QQ截图20140724135037.jpg

Chart12. Recent increase in payment malware variants

QQ截图20140724135057.jpg

Chart 13. Infected users of payment malware (March - June 2014) 

Payment viruses are prominent worldwide. In the first half of 2014, Russia and southern Asia were the most widely infected areas, as shown below.

QQ截图20140724135121.jpg

Chart 14. Users infected by payment malware by country (January - June 2014)

QQ截图20140724135147.jpg

Chart 15. Payment Malware Infections by Country (January - June 2014)


Major mobile security events

April: “Heartbleed” vulnerability 

The OpenSSL Heartbleed vulnerability can result in leaked account names, passwords, credit card numbers and other private info. The name Heartbleed comes from a function called a heartbeat that was designed to ensure that the user and the server were constantly able to communicate with each other.

The Heartbleed vulnerability is cross-platform. Initially researchers found that it was possible to use this vulnerability to steal data from servers, but later it was also discovered that hackers could use a vulnerable server to steal information from a user’s machine.More details can be found here.

May: eBay leak

The eBay leak was one of the hottest pieces of security news in the last 6 months. eBay workers’ computers were hacked and the hackers covertly stole massive amounts of user account info, including account names, email addresses, phone numbers, and DOBs.  Official data showed that 145+ million users were affected. More details can be found here.

Similarly, China citizens suffered a leak on ctrip.com, a popular travel booking site. These attacks increased the risk of credit card info being stolen.

May: “Express” SMS frauds

Express SMS frauds attacked Android users in Taiwan. Large numbers of Taiwanese got messages similar to: “Sir, you have an Express Delivery. Tap the link to verify the electronic signature certification: http: //goo.gl/xxxx”. 

After tapping it, an Android malware would be downloaded. Once installed, the malware sends out hundreds of SMS messages to premium rate numbers, and steals copies of messages and the users’ contact list. It then uses the contact list to send the same bait message to more people. More details can be found here.

Wi-Fi under significant attack

According to an analysis by CM Security Lab, 1% of router Domain Name Systems have been tampered with and 22% of users choose overly simple passwords. Indeed, more than 68% of router owners simply use default passwords offered from vendors, which increases the vulnerability of the router to hacking attacks.

Hackers often force users to access specified websites by hacking the DNS. Furthermore, they hack Wi-Fi-hotspots to steal users’ private information.

In addition, there are significant safety concerns when using Wi-Fi at airports or other public places. Data sent over these public Wi-Fi systems can easily be intercepted by hackers and government agencies alike. More information can be found here:

Snowden: Canadian spooks used free airport WiFi to track travellers
Free wi-fi hotspots pose data risk, Europol warns



Security tips

Considering the mobile security landscape during the first half of the year, CM Security Research Lab recommends the following tips to keep your mobile device secure and virus-free:

1.Buy your mobile device from formal channels, use official ROM.
2.Use official Android App stores (e.g. Google Play). Avoid downloading apps via BBS or chat tools.
3.Install an anti-virus application and keep it up-to-date (e.g. Clean Master and CM Security, which received the highest possible scores from AV-Test.org for the 4th consecutive time).
4.Access Internet via 3G or secure Wi-Fi.
5.Use Clean Master to protect your personal information.
6.Set a PIN or pattern code to protect your information if the device is stolen.
7.Install an anti-theft application that will wipe private data from your mobile device and track its location if stolen.


Clean MasterOn GooglePlayCM SecurityOn GooglePlayCM BrowserOn GooglePlay