Threat landscape is changing rapidly due to the growth of data services and smart phone market in Kenya. Users are streaming in mobile stores and customer care centers to redeem Bonga points and acquire smart phones . Its a craze sweeping around, walking the streets of Nairobi, I see people flashing trendy and sleek smart phones of all sorts (even kam-china smarphone). As an economist it portrays the growth of Kenya economy; the Government increased taxes. The marketers are hitting there end month targets and the mobile operators announcing huge growth of profits surpassing another billion mark (even though I believe most of subscribers fore-go a meal to top up with a kabambe kumi at-least) translating to fat cheques to the “Shareholders” smiling all the way to the bank.
At the end of the day everybody is happy! Mmmmhh, really, the happiest is not even known to the consumer (you and I). If you review back I have been writing on android malware (the leading smart phone OS in Kenya, I guess so). The monster is growing day in day out and soon it will get out of hand if you and I don’t take precautions.
The latest case by G Data SecurityLab, hackers are using “original app which has already been downloaded millions of times from the Google Play Store. Attackers are aiming to exploit this popularity to distribute their own app as much as possible. They have begun circulating a trojanised copy of TuneIn Radio Pro and are misusing infected mobile phones as cash collectors for the cryptocurrency Dogecoin. One of the effects of this is that they physically damage the devices” ( G Data SecurityLab,2014).
Thats a drop in the ocean, how many more popular apps having a zero day exploit awaiting for a malicious user to exploit and you or I being victims; that’s the scary part is the advent of virtual money. What the hell am I talking about? Well am talking of mobile money (Mpesa, Airtel money etc.. I came to think of a scenario that made me start penning down my mind and having read the G Data Mobile Malware Report,2014. I pictured a big loophole which if care is not taken, hackers will clear our mobile money accounts. Am I being paranoid? You can say so but it sounds crazy when I say that the smart phones can be used to steal virtual/mobile money.
How? We all download android apps which make our devices look fancy and cool. But do we know the threats brought in to our devices by the apps we download? It has already started, the next phase, according to G Data Security Labs has predicted that digital currencies would start to be targeted by criminals in the 2013 H2 Mobile. You can argue that money transfer services / mobile virtual money is not digital currency….mmh food for thought.
Anyway,My hypothesis is based on the research on android malware and lack of clear mitigation strategies brought about by the complexity of authenticating android apps. Common apps popular in smartphones sold in Kenya (The twitter / face book; Kenyans are known to be leading in social media) market can be exploited using zero day exploits and within matter of hours cleared millions of mobile accounts by a hacker operating a bot-net and located somewhere remote (north pole or south pole maybe).
The user will not be able to differentiate between a genuine app or the manipulated copy in terms of look and functionality. The app will become activated when the user starts using the mobile transfer services. The app will start capturing the pin which “is packed into a manipulated APK file as an add-on function. (“Mining” is the English word for the process.) A digital miner can be thought of as with actual mining: it uses the mobile device’s CPU power” ( G Data SecurityLab,2014), to access the mobile money transfer as a hidden service, “in the same way as a mining machine uses the power of its engine to drive the shovel. A look at the software code for the malicious app shows that the methods the attackers are using are ingenious. On the one hand, they encrypt the malware code, which makes it hard for malware analysts to find” ( G Data SecurityLab,2014).
The malicious functionality is put on hold when the user of the smartphone or tablet is using it. When the malicious app is first launched, a service called “Google Service” is initialized. The service connects to command and control centre / Remote Access Trojan (RAT). “After five seconds, and thereafter every twenty minutes, this checks whether the user is actively using the device. If the device is free – not in use – the malicious app starts to “mine””( G Data SecurityLab,2014) / transfer money to the attacker. The attacker could deploy transfers with minimal detection rate in term of small amount of money over a period of time at the end infected user is left with nothing
Whats the damage the app can do to the user
“The damage that the app can do is diverse. In particular, the high load on the CPU or indeed on multiple CPUs, which varies from device to device, can cause excessive wear and potentially cause the mobile device to malfunction sooner. This damage is irreparable and will very probably be a mystery to the user, not to mention more than annoying.
Furthermore the malicious app generates data traffic. Even though this turns out to be small according to the current analysis, it can give rise to additional costs for users on mobile tariffs that do not have unlimited data volumes. Yet even this expenditure will probably go unnoticed by the user.
The only clues that might quickly raise a user’s suspicions are the increased battery usage and the heat from the mobile phone, due to the constant high load at times when the user is not actively using the device. You can even see the battery consumption in the Android system logs. However, the “Google Service” disguise will very probably come into play again here. Barely a single user will question such battery consumption, assuming it is a system process.” ( G Data SecurityLab,2014).
Precaution; It starts with you, ensure that you have installed authenticated apps from reputable sources,if you discover your device has got symptoms of slow processing speed take remedy to uninstall the apps or flash the device to install new OS (not come around with research on how to clean android based malware)
Lastly, “If you think technology can solve your security problems, then you don’t understand the problems and you don’t understand the technology” ~ Bruce Schneier.
Android Malware goes “To The Moon!”, 2014, Accessed on 11th March 2014 at 1540hrs. From: https://blog.gdatasoftware.com/blog/article/android-malware-goes-to-the-moon.html
G Data Mobile Malware Report,2014, Accessed on 11th March 2014 at 1500hrs. From: https://public.gdatasoftware.com/Presse/Publikationen/Malware_Reports/GData_MobileMWR_H2_2013_EN.pdf