Evolving Malware
On March 20, the Korea Internet & Security Agency (KISA) announced the results of its study on mobile malicious apps reported over the past two months. It was found that methods of online criminals have evolved from a micro-payment scam via SMS into the leakage of an authentication certificate or the bypassing of the user authentication process through automated response systems. Therefore, smartphone users were advised to be extra careful.
Currently, the number of smartphone subscribers in the nation is estimated to be 37.82 million, accounting for 67 percent of the entire population. Smartphones have been widely used in everyday life from Internet searches to financial transactions, and damage resulting from malicious apps has greatly increased as well.
The number of reported mobile malware apps stood at 17 cases in 2012, but 2353 cases in 2013, a 138-fold increase. A total of 596 cases were reported from Jan. to Feb. of this year.
In particular, there is growing concern about information leakage through malignant apps, owing to the recent massive leak of credit card users’ personal information.
Recently, new tactics to exploit smartphone users have been discovered. Instead of smishing for micro-payment scams, scammers now use software that turns a smartphone into a “zombie” that can be controlled remotely. In addition, they steal authentication certificates and control the receipt function. It means that hackers target not only SMS micropayments, but also more lucrative mobile financial transactions.