There may be more Android malware, but criminals still haven't figured out yet how to earn big profits from the mobile platform, according to Symantec.
the recent increase in mobile malware, the good news is that cyber-criminals
are not yet seeing a lot of financial returns from compromised phones, Symantec
goal for criminals is to make money, but at the moment, they are eking out low
revenue for their efforts, Symantec researchers wrote in its "Motivations
of Recent Malware" report released Oct. 11. Criminals will begin making
more money, and mobile malware will likely surge in the future as smartphones
get more deeply embedded in global commerce, the researchers said.
things need to happen in the mobile space before mobile malware really takes
off, according to Eric Chien, technical director of Symantec Security
Technology and Response and primary author of the whitepaper. Cyber-criminals
need an open platform, a ubiquitous platform and motivation to invest the time
and effort into attacks. The first two have been more or less achieved with the
Android mobile platform, considering Gartner estimated that Android accounted
for 43 percent of all smartphone sales from April to June, according to Chien.
marked increase in mobile malware-particularly that targeting the Android
platform-is likely only the beginning in terms of both the quantity of threats
and their sophistication," said Chien.
criminals, financial gain is the primary motivator, and at the moment, the
ability to monetize Android via malware is still "uncertain,"
according to Chien. Symantec identified seven different monetization schemes
currently employed by mobile malware, including premium rate number billing
scams, spyware, search engine poisoning, pay-per-click scams, pay-per-install
schemes, adware and stealing mobile transaction authentication numbers (mTANs)
used by banks to authentication transactions.
if these monetization schemes succeed do we expect attackers to continue to
invest in the creation of Android malware," Chien wrote.
rate number billing scams are increasingly becoming popular, where users are
tricked into calling or sending an SMS message to prime-rate numbers. The
rates, which show up on the user's bill, can be as high as $10 per message,
while some carriers may allow charges over $50 per message. The attacker, the
carrier and the SMS aggregator split the proceeds, with the attacker receiving
anywhere from 30 percent to 70 percent of the charge, depending on the carrier,
amount charged and the number of messages received, according to the report.
attacks are more common overseas, where is it pretty cheap to set up prime-rate
codes. In the United States, a dedicated code may cost $1,500 to set up and
then $1,000 per month, but a shared code can be available for as low as $50 per
month, according to Symantec.
from the PC world are showing up in mobile malware, such as malicious apps that
serve as spam relays or allow remote attackers to commandeer devices to launch
distributed denial-of-service attacks, according to the report. Other
techniques include installing spyware and Zeus variants that intercept people's
banking credentials as part of a man-in-the-middle attack. Other apps use
exploited Android devices to launch pay-per-click attacks to artificially
inflate Website hit rates, which generates increased advertising revenue for
the Website owner.
model of selling fake antivirus software to unsuspecting users "could
equally work on a mobile device," Chien wrote, noting that apps could
mislead users into thinking there is malware on the device and then trick them
into paying to remove the infection.
are other potential possibilities for criminals to make money, Chien wrote.
Selling data harvested from mobile devices, such as login credentials and
financial data, will likely become a bigger problem as these devices become
increasingly used as payment devices using near-field communications (NFC)
attackers don't appear to be seeing revenue close to what is available by
targeting Windows systems, according to Chien. "For each attack we have
seen on Android, none were repeated. It is possible that the attackers did not
generate enough revenue, and thus did not repeat the effort," said Chien.
malicious Android applications will continue to increase, it will likely be awhile
before the attacks on mobile devices "reach parity" with Windows, he