Android-based premium scams outside the US dominate the mobile malware scene

About 40% of users in Russia have malware on their mobile devices, compared to just 1% in the US
About 40% of users in Russia have malware on their mobile devices, compared to just 1% in the US

Premium scams, particularly toll fraud, have emerged as the go-to (and lucrative) way to take advantage of mobile users. Toll fraud, in fact, accounts for 69% of all malware detected by mobile security firm Lookout. That’s up from just 29% last year.

The moral of the story? Never install a mobile app unless it’s provided through the approved app store for the device. That’s because toll fraud lures unwitting mobile users to opt-in to paying – preferably on a monthly subscription basis – for a fraudulent service. For instance, a bogus email may land in an Android user’s mailbox, offering a new daily horoscope app, let’s say, or an app that lets people vote on favorite TV shows in return for rewards points. And, it’s only 99 cents!

Users download and install the app, and while users think it will be billed on their phone statement, the purchase money actually is pocketed by the crooks. By the time the user figures out that the app doesn’t work, it’s too late. The same is true for subscription toll fraud – it’s often several days before the victim realizes that the app doesn’t work, giving criminals plenty of time to make off with the billings. Meanwhile, in many cases, the app is never downloaded at all – users pay up front, and a fake installer (identified as FakeInst) squirrels away the cash before giving users an error message.

"Malware developers are following the money and the money is in toll fraud," said Derek Halliday, the lead security product manager at Lookout. "It's really because it is the simplest way for the malware writer to steal funds from someone."

Users in China, Russia and Eastern Europe are particularly vulnerable, Lookout found. Premium graft in the East has already likely extracted millions of dollars from victims. About 40% of users in Russia have malware on their devices, compared to just 1% in the US, where user education is higher and jailbreaking or rooting one’s device is a less common practice.

And speaking of it, think twice before jailbreaking that iPhone. Jailbreaking liberates the code from Apple’s stringent controls on how the iOS can be used, opening the door for users to develop their own interface using Apple’s code, build their own apps, or install apps from third parties that are not housed in the App Store.

It’s not a very common practice, and Apple’s closed ecosystem has benefitted users by making would-be malware attackers work harder to compromise it.

Not so for Android, unfortunately. The jailbreaking equivalent in the Android world is the process of rooting, and it’s almost encouraged by Android creator Google, which supports open-source models. For instance, Barnes & Noble nook e-reader owners can root their device in order to apply their own wallpaper, add a Netflix app, or change around the way that the tiles are displayed.

That, combined with the fragmentation in the Google OS – there are several “flavors” of the operating system that vary by device – has made it a richer target. Google has responded by adding more management to the Google Play marketplace, but Android continues to be the top target for attackers.

While toll fraud is less likely to strike in the US, Lookout said that malicious web links and advertising are fairly common, with nearly four out of every 10 users shown to click on an unsafe link via a mobile device this year. More than 20% of unsafe links lead to phishing attempts, and 16% lead to compromised sites.

What’s hot on Infosecurity Magazine?