Malware Mobile Threats

There have been over 1,000 instances of Android Malware found in 2011 and the rate of growth has almost doubled since July 2011. Smartphone s are increasingly becoming targets for malicious hackers because they are filled with rich data, tied to payments processing services and typically have less security than a personal computer. You thought that 2011 was the Year of Mobile Malware? Wait until you see 2012.

Mobile security firm Lookout breaks Mobile Malware into two driving factors:

  • Profit from infection: how much money can the Malware industry extract from infected devices.
  • Cost of infection: how easy is it to distribute Malware.

The second factor informs the first. Malware makers, Mobile or otherwise, want to find the easiest route to your wallet. The easier it is to do, the more they will produce. The path of least resistance to rich data that can be monetized or exploited

Lookout’s predictions fall within these two camps:

Profit From Infection

Mobile Pickpocketing (SMS/call fraud) – The recent trend has been to lure users into applications that will charge money through text messaging and calling of premium services.GGTracker was one of the first to surface in June 2011. The most recent attack was called RuFraud. As SMS Malware is the easiest tie-into payments infrastructure, Lookout expects to see this trend grow in 2012.

Botnets Come to Life – The first example we saw of Malware makers trying to create Mobile Botnets was with DroidDream attack that launched the year of Mobile Malware in January and February. Lookout says that 10 families of Botnet-like systems were discovered in 2011, with that number expected to grow in 2012.

Vunerable Smart Devices – Lookout says that nearly every Android Smartphone available in the wild has some kind of security hole in it. Knowing that security holes exist everywhere is a reminder to keep yourself safe.

Cost of Infection

Automated Repackaging – Piracy is a problem for Mobile application developers, especially on Android. The recent RuFraud applications were an example of repackaged games loaded with Malware.

Malvertising – Malvertising has been one of the banes of the web for years and it starting to go Mobile. Malvertising is when there are genuine looking advertisements that link back to fraudulent sites that can load Malware to a device. It has long proven a decent attack vector for Malware makers and Lookout expects it will increase on Mobile in 2012.

Browser Attacks – Web applications or Native applications? You know what? Malware makers are asking the same questions because they are looking for where the users are. HTML5 will increase the amount of browser-based applications and activity on Mobile devices and with that there will be a corresponding in Mobile browser Malware. While Android is often thought of as the most susceptible to Malware, a browser knows no limits.