Don't Let These Top 10 Android Threats Infect Your Mobile World

The top Android threats last year antagonized people by locking their devices for ransom and pilfering their money in SMS-sending fraud, according to F-Secure Labs. The Labs's Top 10 Android Threats of 2015 list is out today, offering a new look at how attackers have been taking aim at users of the open source OS. As the tech world prepares to converge on Mobile World Congress, the list is a stark reminder of the need for security for all things connected.

The ransomware family Slocker rose to prevalence in 2015, taking the number two position with 2.46% of detections. Slocker encrypts a device's image, document and video files, and then displays a message accusing the user of breaking the law by having visited pornographic sites. It demands the user pay a penalty of $500 (via a service like PayPal) to unlock the device. To further intimidate the victim, it claims it has photos of their face and knows their location. Slocker infects via porn-related apps, and also via spam emails claiming to be an Adobe Flash Player update.

Making up 15% of detections, the older SmsSend family was the number one Android threat detected by F-Secure Labs in 2015. But it's not the only SMS sending family on the list – further down are also Fakeinst, SmsPay, and SmsKey. Attackers profit by setting up their own premium rate number. An infected device sends text messages to the number, racking up charges on the user's phone bill and fattening the attacker's wallet. These trojans infect either via apps posing as games in third party app stores, or via porn-related apps.

Rounding out the Top 10 list are the information-stealing GinMaster, two exploits that obtain device root access, and a backdoor that gives the attacker access to a device to do as they please.

Rising in 2016: malicious payment apps

As far as threats that could be gaining ground in 2016, Zimry Ong, Senior Analyst in F-Secure Labs predicts malicious online payment apps will become more prevalent. These apps are pushed at the user while making a purchase on a perfectly legitimate website – one that's been hacked.

"When you go to the checkout, instead of the usual checkout process, the website would push an app at you, asking you to use the app to complete your transaction," Ong says. "If you do so, the attacker of course obtains the credit card and personal information you enter. Bottom line: if you're shopping on a familiar website and there is suddenly a change from the usual checkout process, it's a red flag that something is amiss."

F-Secure will exhibit at Mobile World Congress 2016, showcasing products to enable "The Trusted Internet" on all your connected things and mobile devices. On display will be the IoT and mobile security and privacy products SENSE, Freedome and SAFE. Visitors to MWC who would like to speak with an F-Secure spokesperson can contact us to schedule a meeting. F-Secure can be found at Hall 6, Stand B60.

More information:

F-Secure SAFE Safe and Savvy – These were the Top 10 Android Threats in 2015

About F-Secure

F-Secure makes every digital moment more secure, for everyone. We deliver brilliantly simple, frictionless security experiences that make life easier for the tens of millions of people we protect and our 170 service provider partners. For more than 30 years, we’ve led the cyber security industry, inspired by a pioneering spirit born out of a shared commitment to do better by working together. | |

F-Secure media relations

Adam Pilkey

PR Content Manager

+358 40 637 8859

Press list

Sign up for media information from F-Secure.

We process the personal data you share with us in accordance with our Corporate Business Privacy Policy.

Press archive

By year

Browse through our news by year.

By category

Browse through our news by category.