Share

Top 5 Stories

News

No more nickel-and-dime malware for cybercriminals targeting Android users

11 October 2011

While cybercriminals are currently nickel-and-diming Android users, they could start raking in major bucks as they learn to better monetize their malware, according to a new white paper by Symantec.

Cybercriminals are expected to up the Android ante in the near future by using malware to steal financial information, selling stolen International Mobile Equipment Identity (IMEI) numbers, and peddling fake mobile security products, according to 'Motivations of Recent Android Malware'.

“Stealing information such as login credentials and financial data is the primary motivation for malware in the PC space. Mobile devices provide an additional vector when devices are used as payment devices via protocols such as near-field communications (NFC) that allow someone to pay for goods using their mobile device”, the white paper said.

In addition, stolen IMEI numbers, which are unique numbers that identify particular devices, can be reused on previously blocked phones or counterfeit phones. Many of the recent Android threats export the IMEI number, the white paper noted. Selling fake security products, a winner for cybercriminals in the PC market, is also likely to increase for mobile device users, the white paper added.

“We are in a testing period as cybercriminals figure out their business model. What we are seeing is proof that these things can be done”, Kevin Haley, director with Symantec Security Response, told Infosecurity.

The research identifies a number of factors needed for mobile malware to reach the levels of sophistication and breadth seen in the PC realm: an open and ubiquitous platform and sufficient attacker motivation.

The Android platform fulfills the open and ubiquitous platform conditions, and there are signs that attacks are getting motivated, enticed by new revenue streams. The Symantec research suggests that attackers will continue to invest in the creation of Android malware as monetization schemes evolve.

Currently, cybercriminals are using mobile malware for unimaginative criminal schemes that have a low revenue-per-infection ratio, thus limiting their return on investment. These schemes include premium rate number billing scams, spyware, search engine poisoning, pay-per-click scams, pay-per-install schemes, adware, and mobile transaction authentication number (mTAN) theft.

“The bad guys have come up with a number of ways to make money off of smartphones but none of them are particularly profitable, at least in comparison to malware on PCs”, Haley observed.

In a blog post, Symantec researcher Eric Chien said that the trigger for the move to more lucrative smartphone malware is likely to be advances in mobile payment-type technology and the widespread adoption of mobile devices for both payment and accepting payment.

“The key is that these applications rely on devices to transmit financial information – such as mobile banking credentials – backed by real monetary funds. We’ve learned in the PC world just how lucrative the exploitation and sale of this kind of information can be for enterprising cyber criminals”, Chien explained.
 

This article is featured in:
Application Security  •  Data Loss  •  Malware and Hardware Security  •  Wireless and Mobile Security

 

Comment on this article

You must be registered and logged in to leave a comment about this article.

We use cookies to operate this website and to improve its usability. Full details of what cookies are, why we use them and how you can manage them can be found by reading our Privacy & Cookies page. Please note that by using this site you are consenting to the use of cookies. ×