Botnets, Ransomware on NQ Mobile List of Top Mobile Malware Trends

DALLAS and BEIJING, September 4, 2014 /PRNewswire/ -- With mobile malware doubling year after year, NQ Mobile, Inc. (NYSE: NQ), a leading global provider of mobile Internet services, today released new data and background information outlining the current threat landscape and projecting trends for the immediate future. Revealing details on infection rates and strains found around the world, the information demonstrates how such threats put sensitive data and bank accounts at risk.

Key Statistics for 1H 2014 include:

• 85,970 new pieces of malware were discovered, a 68 percent increase over 1H 2013
• Infections were detected in 37.5 million Android devices in NQ Mobile's database of 136 million active user accounts worldwide, an increase of 78.6 percent over 1H 2013
• 62 percent of malware falls into categories that can drive financial gain for malware engineers^[1]
• 11 percent of threats leaked users' private data, which is often sold via the dark web

Top Findings Include:

• Ransomware Hits Mobile Users: NQ Mobile discovered the first new mobile malware strain to use file encryption ransomware for its attack. Dubbed "Simpelocker," this Trojan was packaged with genuine Android apps and would infect the devices of unsuspecting users who unknowingly downloaded the APK file from apps in third-party markets. Once installed, the app would request permissions to perform a variety of actions like writing to external storage devices. The Trojan could also scan the SD card for specific file types (.jpeg; .bmp; .gif; .doc; .docx, etc.) and attempt to encrypt them.
• Profit Leads Malware Motives: 62 percent of malware in 1H represented categories likely to financially benefit cybercriminals at the expense of smartphone users, often through premium rate services and data overcharges.
  
  Two examples are "Trick Connector" (a.payment.hdcSms.a), which led unsuspecting users to send premium SMS and automatically connect to the Internet, and "Stealth Subscribe" (a.payment.FakeInst.eaz), which would sign users up for recurring-charge services without their knowledge by sending messages in the background.
• Scandals Put Spotlight on Privacy Threats from Data Theft: While news headlines throughout the past year have brought to light the ease which one can unwittingly be a victim of data theft or other invasion of privacy, this is nothing new to cybercriminals. In 1H 2014, 11 percent of mobile threats came in the form of a genuine or malicious app with the ability to gather and leak personal information without the device user's knowledge or consent. This information is often shared or sold on the dark web via P2P, TOR and/or I2P networks to cybercriminals who then use social engineering tactics to gain access to the consumer's finances.
  
  In 1H 2014, the NQ Security Center captured and quarantined the "Fake Play" (a.privacy.FakeGooglePlay.a) virus, which masqueraded as the Google Play App Store. Once installed, the app could surreptitiously run in the background, intercepting and uploading users' messages as well as contacts and app data.
• Server-side Botnets Rapid as Potential Privacy Killers: Server-side botnets remain one of today's most pressing mobile security concerns. Known for their ability to remotely control the infected device, these threats interact with a remote server or client to upload or retrieve malicious codes or scripts and take device information such as IMEI, IMSI, mobile number, system version, to name a few, without user consent.
  
  For example, the "Text Thief" (1.a.remote.Newnovel.a) virus was captured and eradicated by the NQ Security Center in Q1. This virus would automatically load and unpack an encrypted .jar file that could block text messages from designated numbers while sending unauthorized messages to paid subscriber services. It would also try to obtain system root privileges in order to download and silently install .apk files.
• Emerging Markets with Unregulated App Markets keep Android on Top: Fuelled by rapid market penetration in the absence of consumer education and tightly-controlled app stores, the Android OS has broadened its lead as primary platform for mobile malware, representing 96 percent of all device infections. While this predominance will likely persist until other operating systems rise in popularity, there are signs that user education and secure app marketplaces are stemming the growth of infection rates in mature markets. For example, infection rates of new malware detected in markets with more mature Android penetration such as Russian and China have declined, those where Android is newer in the market such as Indonesia, Nigeria and Vietnam are increasing in new malware significantly.

Research Methodology

NQ Mobile's 1H 2014 Security Report is based on insights from NQ Mobile's Security Labs, as well as data collected from NQ Mobile's global malware database, scanning engines and its network of hundreds of millions of registered users.

A related infographic can be found at http://blog.nq.com/botnets-ransomware-on-nq-mobile-list-of-top-mobile-malware-trends .

About NQ Mobile

NQ Mobile Inc. (NYSE: NQ) is a leading global provider of mobile Internet services. NQ Mobile is a mobile security pioneer with proven competency to acquire, engage, and monetize customers globally. NQ Mobile's portfolio includes mobile security and mobile games & advertising for the consumer market and consulting, mobile platforms and mobility services for the enterprise market. As of December 31, 2013, NQ Mobile maintains a large, global user base of 481 million registered user accounts and 136 million monthly active user accounts through its consumer mobile security business, 107 million registered user accounts and 20 million monthly active user accounts through its mobile games & advertising business and over 1,250 enterprise customers. NQ Mobile maintains dual headquarters in Dallas, Texas, USA and Beijing, China.

Investor Relations:
NQ Mobile Inc.
Email: investors@nq.com
Phone: +852 3975 2853
+1 469 310 5281