Home / Blogs

What Mobile Malware Looks Like

Last month at the Virus Bulletin Conference in Barcelona, I took in one of the sessions on mobile malware. This type of malware is foreign to me because I mostly stay in the email space at work (and even then, I am focusing more on day-to-day issues of running a large mail provider than I am on spam and abuse). What’s mobile malware like? What are the threats? How do users get infected?

The fastest growing segment of mobile malware is on the Google Android platform. While it is still less than J2ME, eventually at the current rates it will overtake it by next year. Why is Android so vulnerable?

  1. Android is now the most popular smartphone. Apple’s iPhone jumped out to a big lead (which it was working to wrench away from RIM’s Blackberry) but since then has ceded it to Android. Since Android is free and is licensed to multiple handset makers, it is easier for consumers to acquire. Contrast this to Apple, and only Apple makes the iPhone. Since Android is the fastest growing and most popular smartphone, it makes sense that malware writers would concentrate on crafting malware for it.
  2. Unlike the iPhone where apps are purchased through the App Store, Android’s marketplace has multiple places where you can buy stuff. There isn’t a central clearinghouse where developers get Google’s blessing. As a result, users think that Google has approved all the applications when in reality they have not. Therefore, users download apps from sketchy places that are not legitimate unaware of what they are really acquiring. Users can reduce this threat vector by only downloading from reputable sources.

Malicious websites are the most common source of malicious apps, followed by Black SEO, the Android Market itself (!) and alternative Chinese marketplaces.

What sorts of malware is there for mobiles? There are two common ones:

  1. SMS trojans – These sit in the background and send background messages on your phone once infected. Imagine signing up for a pre-paid texting plan, only to discover that you have no minutes left on your phone. You then get your phone bill and check it only to say “Hey, I didn’t texts to all of these people!”
  2. Data theft trojans – This is the more traditional malware. They steal your information and then send it to a remote server. This more closely resembles malware on PCs.

How much money do these guys make? Well, I’m never one to claim I know how much money criminals are making but at the VB conference, one affiliate made $2200 in five days (about $110,000 per year based upon a 40-hour work week). Another made $5800 in five days (about $290,000 per year).

That’s all I was able to get from the short presentation, but it was interesting. I learned stuff that I didn’t know before.

By Terry Zink, Program Manager

Filed Under

Comments

Comment Title:

  Notify me of follow-up comments

We encourage you to post comments and engage in discussions that advance this post through relevant opinion, anecdotes, links and data. If you see a comment that you believe is irrelevant or inappropriate, you can report it using the link at the end of each comment. Views expressed in the comments do not represent those of CircleID. For more information on our comment policy, see Codes of Conduct.

CircleID Newsletter The Weekly Wrap

More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

I make a point of reading CircleID. There is no getting around the utility of knowing what thoughtful people are thinking and saying about our industry.

VINTON CERF
Co-designer of the TCP/IP Protocols & the Architecture of the Internet

Related

Topics

DNS

Sponsored byDNIB.com

New TLDs

Sponsored byRadix

Brand Protection

Sponsored byCSC

IPv4 Markets

Sponsored byIPv4.Global

Domain Names

Sponsored byVerisign

Threat Intelligence

Sponsored byWhoisXML API

Cybersecurity

Sponsored byVerisign