Security Report Summary:
Apps are accessing users call history without informing them via an end-user license agreement (EULA) or their user interface (UI) constitute malicious behavior from a security perspective and are detected.
Even worse, the report states evidence of mobile apps being developed as targeted attack tools has come to light.
- Record of more than 900,000 ZeroAccess malware detections to date, which have the ability to patch system files
Dangerous zero-day exploits targeting Java and Internet Explorer (IE) were found. The IE vulnerability was used in an advanced persistent threat (APT) campaign.
ZeroAccess malware, sometimes found on peer-to-peer (P2P) sharing sites, was the most prevalent this quarter. The old DOWNAD/ Conficker worm came a close second.
PayPal attracted the most phishermen while LinkedIn topped the list of chosen Blackhole Exploit Kit targets.
Saudi Arabia is new entrant and top of the list of countries from where the spam arrives. However the spammers might not be residing in the very location from where it comes from.
While Apple has been able to validate the authenticity of apps via its rigorous processes minimizing security threats, Google's Android platform seems to be struggling to restrict the growth of malicious android apps. Below diagram provides a view into android based malicious app volume growth across the year.
The report emphasizes more responsibility on app developers to verify extent of data gathering that goes on via the in-app libraries provided by ad networks. Below diagram shows the number of product vulnerabilities declared by various vendors in the market. While Apple stands upfront with maximum declared vulnerabilities as opposed to Microsoft which has least reported in numbers. The data though does not include how severe the vulnerabilities reported were.
Rik Ferguson, Director of Security Research and Communications at Trend Micro added: "This level of criminal interest does not bode well for the future and for the Internet of Things, where Android is still the most likely Operating System to power the multitude of connected devices appearing over the horizon. Active and sustained criminal interest in the Android platform is a reality and looks set to continue for the foreseeable future until some fundamental and necessary changes are made to the infrastructure and some important security lessons are relearned at Operating System level.”
[Report Source: TrendMicro]