Embed Size (px)
Citation preview
A DIGITAL LIFE E-GUIDE
Avoiding Bad URLs in the Mobile Web
Mobile malware isn’t the only thing you have to worry about every time you use your mobile device to go online. Cybercriminals are stepping up the production and sophistication of their mobile threats. They’re not stopping at just creating malicious apps and putting them where you can easily mistake them for legitimate ones. By using bad URLs that execute malicious routines, cybercriminals also make browsing the web on your mobile device more dangerous.
It Doesn’t Stop at Malicious Apps
Malicious URLs come in different forms:
• Malicious domains use keywords related to anything mobile (e.g. Android, mobile, etc.). These domains host mobile malware in the form of .APK files, which are recognized by Android as mobile app installation files. Sometimes these files are advertised as free versions of paid apps, or are automatically downloaded onto your mobile device without your knowledge.
• Malware-tied websites are linked to a mobile malware’s malicious routines. 16.88% of all the malicious and high-risk apps we’ve detected so far connect to bad URLs. These URLs can vary in function. They can serve as a repository of stolen information, host configuration files or malware components, or host malicious ads or adware.
• Mobile phishing websites spoof legitimate login pages. Cybercriminals trick you into giving your login details by relying on the inability of some smartphones to display their phony web pages completely. Mobile phishing is not a new phenomenon by any means, but there is a rise in its incidences. For more information, read our e-guide, Protecting Yourself Against Mobile Phishing.
Bad URL Types
Even the most careful mobile user may encounter bad URLs. Here are some example scenarios:
• App installation: Installing apps can make you susceptible to malicious URLs. A Trojanized version of the Bad Piggies app discovered in late 2012 makes a home screen shortcut to the malicious app’s source website upon installation. Opening it leads you to download even more malware onto your device. Candy Crush, a popular puzzle game app, was also recently targeted. Packaged as a ‘cheating’ app for the game itself, it actually pushes ad notifications that could be used as points of entry for malicious URLs.
• App usage: Using fake or Trojanized apps can expose you to malicious URLs. A malicious in-app advertisement or the app itself can link you to a malicious URL. The malicious app we detect as ANDROIDOS_KSAPP.A automatically connects to certain URLs in order to send and receive information.
• Online activities: Making mistakes while typing your target website’s URL on the mobile browser’s address bar could lead you to a spoofed web page. The 2012 holiday season saw banks and other organizations becoming mobile phishing targets, with pages spoofing websites such as Paypal and Amazon. Cybercriminals can also tailor their pages with keywords so their malicious websites will show up in your search results.
• SMS: Receiving and reading SMS messages on your mobile device can make you susceptible to malicious URLs. 419 scams (Nigerian scams) have long been a desktop threat, and its mobile equivalent, SMiShing, made its debut in 2006. Cybercriminals spam you with SMS messages that offer free items such as coupons or gifts. The spam then points you to a URL where you can supposedly find out how to redeem the offered items. The URL may appear to be of a legitimate website’s, but clicking it actually leads to a malicious web page.
How You Encounter Them
Becoming a victim of bad URLs can turn your mobile browsing experience awry. Here are some of the things cybercriminals can do:
• Information theft: Cybercriminals can violate your privacy by posting or selling your personal details, SMS or call information, and location.
• Account security compromise: Any online account you access with your mobile device can be compromised. Cybercriminals can use them for malicious purposes, such as draining your bank accounts or leaving you with unexpected bills for products or services you didn’t even purchase.
• Mobile malware infection: Your mobile device could end up being infected with mobile malware hosted by malicious websites.
• Mobile device security compromise: Some mobile malware variants can actually take complete control of your mobile device without your knowledge. Cybercriminals can make calls or send SMS messages without your authorization, as well as subscribe you to premium services. These could result in more unforeseen charges.
What Can Happen
Mobile web threats prove that mobile malware protection isn’t enough to be completely safe. Here are some safety practices you should look into:
• Use only official apps. Only download from trusted sources, such as the developer’s website or from Google Play. This reduces the chances of you downloading a malicious app by mistake.
• Always check the permissions of each mobile app you download and install. If the app is asking for your permission to perform certain functions outside of its intended use, uninstall it immediately. An example is a game app asking to make calls or SMS messages in your behalf.
• Bookmark the websites you frequent. If you must use your smartphone’s mobile browser, bookmark the sites you frequent. This decreases the chances of you landing on a phishing site.
• Get a mobile security solution. Powered by the Trend Micro™ Smart Protection Network™, Trend Micro Mobile Security identifies and stops mobile threats before they reach you. It provides a holistic approach to mobile security through its Web Reputation Service engine, which comprehensively classifies URLs and blocks those that are malicious.
What You Can Do To Protect Yourself
Copyright ©2013 by Trend Micro, Incorporated. All rights reserved. Trend Micro and the Trend Micro t-ball logo are trademarks or registered trademarks of Trend Micro, Incorporated. All other product or company names may be trademarks or registered trademarks of their owners.
TRENDLABS
TrendLabs is a multinational research, development, and support center with an extensive regional presence committed to 24 x 7 threat surveillance, attack prevention, and timely and seamless solutions delivery. With more than 1,000 threat experts and support engineers deployed round-the-clock in labs located around the globe, TrendLabs enables Trend Micro to continuously monitor the threat landscape across the globe; deliver real-time data to detect, to preempt, and to eliminate threats; research on and analyze technologies to combat new threats; respond in real time to targeted threats; and help customers worldwide minimize damage, reduce costs, and ensure business continuity.
TREND MICRO
Trend Micro Incorporated (TYO: 4704; TSE: 4704), a global cloud security leader, creates a world safe for exchanging digital information with its Internet content security and threat management solutions for businesses and consumers. A pioneer in server security with over 20 years’ experience, we deliver top-ranked client, server and cloud-based security that fits our customers’ and partners’ needs, stops new threats faster, and protects data in physical, virtualized and cloud environments. Powered by the industry-leading Trend Micro™ Smart Protection Network™ cloud computing security infrastructure, our products and services stop threats where they emerge—from the Internet. They are supported by 1,000+ threat intelligence experts around the globe.
LEGAL DISCLAIMER
The information provided herein is for general information and educational purposes only. It is not intended and should not be construed to constitute legal advice. The information contained herein may not be applicable in all situations and may not reflect the most current situation. Nothing contained herein should be relied or acted upon without the benefit of legal advice based upon the particular facts and circumstances presented and nothing herein should be construed otherwise. Trend Micro reserves the right to modify the contents of this document at any time without notice.Translations of any materials into other languages are intended solely as a convenience. Translation accuracy is not guaranteed nor implied. If any questions arise related to the accuracy of a translation, please refer to the original language official version of the document. Any discrepancies or differences created in the translation are not binding and have no legal effect for compliance or enforcement purposes.Although Trend Micro uses reasonable efforts to include accurate and up-to-date information herein, Trend Micro makes no warranties or representations of any kind as to its accuracy, currency or completeness. You agree that access to and use of and reliance upon this document and the content thereof is at your own risk. Trend Micro disclaims all warranties of any kind, express or implied. Neither Trend Micro nor any party involved in creating, producing or delivering this document shall be liable for any consequences, losses, or damages, including direct, indirect, special, consequential, loss of business profits or special damages, whatsoever arising out of access to, use of or inability to use, or in connection with the use of this document, or any errors or omissions in the content thereof. Use of this information constitutes acceptance for use in an “as is” condition.
