It turns out we had no idea how popular and prevalent mobile malware is, and how much it is in use for surveillance and espionage campaigns. In reality, there are many active actors and advanced persistent threats we never knew existed.
Blackberry’s new report, called Mobile Malware and APT Espionage: Prolific, Pervasive, and Cross-Platform, says the company’s researchers identified three new advanced persistent threat campaigns, originating mostly in China, Iran, North Korea and Vietnam, which leveraged mobile malware, in combination with desktop malware.
The end goal is cyber-espionage and intelligence gathering, mostly for economic and political objectives.
First up is a new threat actor which Blackberry calls BBCY-TA2. It uses a previously unknown Android malware family – PWNDROID3, which it distributes through a fake bitcoin cashing application.
The next in line is (how creatively!) BBCY-TA3, mobile malware targeting Western and South Asian commercial enterprises in the telecommunications industry. It also targets “nearly every” chemical manufacturing company in the world, save for China. BlackBerry says it is sharing its attack infrastructure with BBCY-TA2.
There is also the APT group called OCEANLOTUS, which deploys a new Android malware family PWNDROID1, through three fake mobile apps.
All of this brings BlackBerry Cylance CTO Eric Cornelius to the conclusion that mobile attacks are more pervasive of a threat than what everyone thought.
“It should come as a surprise to many to learn how coordinated and long-standing the campaigns targeting mobile users have been, as they have been easy targets for APT groups because of a historical deficit in effective security solutions for detecting and preventing mobile malware.”