2017 The year of the MobileMalvertising

Irfan Asrar , Sr Manager Mobile Threat Research & Operations, McAfee

Mobile Malvertising / Trojan Clickers – seeding malicious code into apps preying on users to either intentionally or unintentionally click on advertisements or downloading pay per install packages; although not a new area and one that tends to get neglected in the field of mobile threat research; has seen an significant foot print increase globally but particularly at an alarming rate in Asia in 2017 as the mobile advertising networks are growing and spending billions in markets such as China,Japan,Korea etc.  
Over the course of the year, several threat families have emerged that have shown incredible sophistication; including the use of adversarial tactics to evade detection including the use of machine learning; including targeting IoT devices (Which we will review in our presentation) for fraudulent purposes.
These families did not only manage to evade screening mechanism on Google Play but also on other third party sites throughout Asia managing to impact millions of users in developing countries in Asia. In fact, a clear majority of threat discoveries McAfee made on Google Play were Trojan Clickers focusing on monetization by defrauding advertising networks.
It should not come as a surprise that so much focus and attention in being channeled into Malvertising on mobile, as the advertising is a billion-dollar market and compared to other forms fraudulent malware such as premiums SMS scams or ransomware, revenue generated from fraudulent Malvertising/Trojan clickers is more lucrative as well as harder to detect.
In this presentation, we review the some of the more aggressive families, tactics that have presented themselves over the year including the threat families primarily targeting Asia (particularly China, Korea, Vietnam, Japan) where malware authors have adopted advertising in alarming trend over other threat vectors. This presentation will also include a new discovery made by McAfee Mobile Threat Research, as an example of why AV companies globally.

Irfan Asrar

Irfan Asrar has been in Malware Research/Threat Intelligence for over ten years working for with several anti virus vendors across Asia and North America. Having discovered the first botnet targeting mobile devices in 2009; he developed a deep interest for threats targeting emerging technologies such as IoT and Mobile Handsets as well as threats with a political theme or targeting the middle east. He has been credited with the discovery of over 25 threat families/campaigns targeting various regions from South Korea to the US. Having spent time leading teams at various organizations in discovering malware/targeted campaigns, forensics and malvertising campaigns; Irfan currently leads the Global Mobile and IoT Research group at McAfee. He has previously presented at AVAR in 2014.