Trend Micro April Mobile Client virus report

April 2014 Mobile Client Security threat Overview

As of April 30, 2014, China Mobile client virus code 1.669.60, size 9,792,484 bytes, can detect a virus about 2.21 million. The mobile client virus is about 120,000.

The top ten virus families in Trend Micro Mobile client virus code:

Trend Micro Mobile Client April new virus code in the top ten virus families:

The top ten adware families in Trend Micro Mobile client virus code:

Trend Micro Mobile Client April new virus code in the top ten ad software family:

Mobile apps and Android 4.1.1 are also affected by the OpenSSL Heartbleed vulnerability

Mobile apps are also affected by the OpenSSL Heartbleed vulnerability, which may be connected to a server with the vulnerability, however, they may be vulnerable to client applications that integrate the vulnerable OpenSSL libraries themselves.

OpenSSL inventory is Android 4.1.1 system and some applications

Although the Android system integrates the vulnerable OpenSSL library, only Android 4.1.1 is affected by the Heartbleed vulnerability. Devices with this version of the system installed, any application that uses the OpenSSL library can be attacked and cause hackers to get information from the device on the memory.

However, even if you do not use this version of the Android system, the application itself can be a threat. We found 273 apps with the OpenSSL library on Google Play, which means that the device that installed the programs had the possibility of being attacked by the vulnerability. Among these programs are the most popular games of the last year, VPN clients, security software, video players, instant Messenger software, and VOIP programs and so on. Many programs are developed by well-known manufacturers. Some of Google's apps are also affected by this vulnerability.

Figure 1: The affected program has a huge amount of installed capacity

These programs use the OpenSSL library through static linking.

Figure 2. A vulnerable OpenSSL library

If the remote server is controlled, it is possible for a hacker to initiate an attack on the client that is connected to the server and cause the information in memory to be compromised. The memory may contain sensitive information in these programs. If you use a VPN client or a VoIP program to connect to a hacked server, the private key and some other authentication information is likely to be compromised, hackers can take your identity to do more bad things.

Trend Micro recommends that developers of these applications upgrade the OpenSSL library as soon as possible and push updates to the user. For general users, it is necessary to understand how secure the server side is, and how well-known the vendors of the application are, which have the security risk of causing information disclosure. And should update the program patches in time. Google is publishing patches on affected Android systems, and users should be aware of the information and update patches in a timely manner.

Trend Micro will also release a tool that detects whether the program is affected by the vulnerability.

Updates for apps affected by Heartbleed vulnerability

We have detected that nearly 7,000 applications are connected to servers affected by Heartbleed vulnerabilities, and the last confirmed result is that there are still 6,000 or so apps affected. Is the kind of distribution of these applications:

Figure 3. Distribution of applications affected by Heartbleed vulnerability

We only chose to show the types of programs that could potentially store user privacy information on the server, as these could lead to disclosure of confidential information. We note that a significant part of these procedures is in everyday life applications. These include shopping, reading, coupons, clothing, decorations and many other applications. This means that if a user orders a product through these affected apps, their order information, identity information, home address and even credit card information are at risk of being compromised.

To learn about Trend Micro Mobile security software, please click on the link: http://www.trendmicro.com.cn/pccillin/mobile-security-for-android.html