What mobile malware looks like

  • Article

Last month at the Virus Bulletin Conference in Barcelona, I took in one of the sessions on mobile malware.  This type of malware is foreign to me because I mostly stay in the email space at work (and even then, I am focusing more on day-to-day issues of running a large mail provider than I am on spam and abuse).  What’s mobile malware like?  What are the threats?  How do users get infected?

The fastest growing segment of mobile malware is on the Google Android platform.  While it is still less than J2ME, eventually at the current rates it will overtake it by next year.  Why is Android so vulnerable?

  1. Android is now the most popular smartphone.  Apple’s iPhone jumped out to a big lead (which it was working to wrench away from RIM’s Blackberry) but since then has ceded it to Android.  Since Android is free and is licensed to multiple handset makers, it is easier for consumers to acquire.  Contrast this to Apple, and only Apple makes the iPhone.

    Since Android is the fastest growing and most popular smartphone, it makes sense that malware writers would concentrate on crafting malware for it.

  2. Unlike the iPhone where apps are purchased through the App Store, Android’s marketplace has multiple places where you can buy stuff.  There isn’t a central clearinghouse where developers get Google’s blessing.  As a result, users think that Google has approved all the applications when in reality they have not.  Therefore, users download apps from sketchy places that are not legitimate unaware of what they are really acquiring.  Users can reduce this threat vector by only downloading from reputable sources.

    Malicious websites are the most common source of malicious apps, followed by Black SEO, the Android Market itself (!) and alternative Chinese marketplaces.

What sorts of malware is there for mobiles?  There are two common ones:

  1. SMS trojans – These sit in the background and send background messages on your phone once infected.  Imagine signing up for a pre-paid texting plan, only to discover that you have no minutes left on your phone.  You then get your phone bill and check it only to say “Hey, I didn’t texts to all of these people!”

  2. Data theft trojans – This is the more traditional malware.  They steal your information and then send it to a remote server.  This more closely resembles malware on PCs.

How much money do these guys make? Well, I’m never one to claim I know how much money criminals are making but at the VB conference, one affiliate made $2200 in five days (about $110,000 per year based upon a 40-hour work week).  Another made $5800 in five days (about $290,000 per year). 

That’s all I was able to get from the short presentation, but it was interesting.  I learned stuff that I didn’t know before.