Efforts to subvert digital signature validation on Android, says McAfee
By Digital News Asia December 5, 2013
- Growing threat calls into question validity of digital certificates as a trust mechanism
- Cybercriminals developing Bitcoin malware to infect systems and mine processing power
THERE are new efforts to circumvent digital signature app validation on Android-based devices, according to security solutions vendor McAfee.
The McAfee Labs team identified a new family of mobile malware that allows an attacker to bypass the digital signature validation of apps on Android devices, which contributed to a 30% increase in Android-based malware.
At the same time, traditional malware signed with digital signatures grew by 50% to more than 1.5 million samples. Less surprising but no less daunting was a 125% increase in spam, the company said in a statement after releasing its McAfee Labs Threats Report: Third Quarter 2013.
“The efforts to bypass code validation on mobile devices, and commandeer it altogether on PCs, represent attempts to circumvent trust mechanisms upon which our digital ecosystems rely,” said Vincent Weafer, senior vice president of McAfee Labs.
“The industry must work harder to ensure the integrity of these technologies, given they are becoming even more pervasive in every aspect of our daily lives,” he added.
The third quarter also saw notable events in the use of Bitcoin for illicit activities such as the purchase of drugs, weapons, and other illegal goods on websites such as Silk Road. The growing presence of Bitcoin-mining malware reinforced the increasing popularity of the currency.
“As these currencies become further integrated into our global financial system, their stability and safety will require both the financial monetary controls and oversight, and the security measures our industry provides,” said Weafer.
Leveraging data from the McAfee Global Threat Intelligence (GTI) network, the McAfee Labs team identified the following trends in Q3 2013:
- Digitally signed malware samples increased 50% to more than 1.5 million new samples. McAfee Labs also revealed the top 50 certificates used to sign malicious payloads. This growing threat calls into question the validity of digital certificates as a trust mechanism.
- New mobile malware families: McAfee Labs researchers identified one entirely new family of Android malware, Exploit/MasterKey.A, which allows an attacker to bypass the digital signature validation of apps, a key component of the Android security process. McAfee Labs researchers also found a new class of Android malware that once installed downloads a second-stage payload without the user’s knowledge.
- Virtual currencies: Use of new digital currencies by cybercriminals to both execute illegal transactions and launder profits is enabling new and previously unseen levels of criminal activity. These transactions can be executed anonymously, drawing the interest of the cybercriminal community and allowing them to offer illicit goods and services for sale in transactions that would normally be transparent to law enforcement. McAfee Labs also saw cybercriminals develop Bitcoin-mining malware to infect systems, mine their processing power, and produce Bitcoins for commercial transactions. For more information, please read the McAfee Labs report Virtual Laundry: The Use of Digital Currencies in Cybercrime.
- Android malware: Nearly 700,000 new Android malware samples appeared during the third quarter, as attacks on the mobile operating system increased by more than 30%. Despite responsible new security measures by Google, McAfee Labs believes the largest mobile platform will continue to draw the most attention from hackers given it possesses the largest base of potential victims.
- Spike in spam: Global spam volume increased 125% in the third quarter of 2013. McAfee Labs researchers believe much of this spike was driven by legitimate ‘affiliate’ marketing firms purchasing and using mailing lists sourced from less than reputable sources.