Scammers Seeking New Ways to Grow Android Mobile Malware Profits: Symantec

There may be more Android malware, but criminals still haven't figured out yet how to earn big profits from the mobile platform, according to Symantec.

Despite the recent increase in mobile malware, the good news is that cyber-criminals are not yet seeing a lot of financial returns from compromised phones, Symantec researchers found.

The goal for criminals is to make money, but at the moment, they are eking out low revenue for their efforts, Symantec researchers wrote in its "Motivations of Recent Malware" report released Oct. 11. Criminals will begin making more money, and mobile malware will likely surge in the future as smartphones get more deeply embedded in global commerce, the researchers said.

Three things need to happen in the mobile space before mobile malware really takes off, according to Eric Chien, technical director of Symantec Security Technology and Response and primary author of the whitepaper. Cyber-criminals need an open platform, a ubiquitous platform and motivation to invest the time and effort into attacks. The first two have been more or less achieved with the Android mobile platform, considering Gartner estimated that Android accounted for 43 percent of all smartphone sales from April to June, according to Chien.

"The marked increase in mobile malware-particularly that targeting the Android platform-is likely only the beginning in terms of both the quantity of threats and their sophistication," said Chien.

For criminals, financial gain is the primary motivator, and at the moment, the ability to monetize Android via malware is still "uncertain," according to Chien. Symantec identified seven different monetization schemes currently employed by mobile malware, including premium rate number billing scams, spyware, search engine poisoning, pay-per-click scams, pay-per-install schemes, adware and stealing mobile transaction authentication numbers (mTANs) used by banks to authentication transactions.

"Only if these monetization schemes succeed do we expect attackers to continue to invest in the creation of Android malware," Chien wrote.

Premium rate number billing scams are increasingly becoming popular, where users are tricked into calling or sending an SMS message to prime-rate numbers. The rates, which show up on the user's bill, can be as high as $10 per message, while some carriers may allow charges over $50 per message. The attacker, the carrier and the SMS aggregator split the proceeds, with the attacker receiving anywhere from 30 percent to 70 percent of the charge, depending on the carrier, amount charged and the number of messages received, according to the report.

These attacks are more common overseas, where is it pretty cheap to set up prime-rate codes. In the United States, a dedicated code may cost $1,500 to set up and then $1,000 per month, but a shared code can be available for as low as $50 per month, according to Symantec.

Tricks from the PC world are showing up in mobile malware, such as malicious apps that serve as spam relays or allow remote attackers to commandeer devices to launch distributed denial-of-service attacks, according to the report. Other techniques include installing spyware and Zeus variants that intercept people's banking credentials as part of a man-in-the-middle attack. Other apps use exploited Android devices to launch pay-per-click attacks to artificially inflate Website hit rates, which generates increased advertising revenue for the Website owner.

The model of selling fake antivirus software to unsuspecting users "could equally work on a mobile device," Chien wrote, noting that apps could mislead users into thinking there is malware on the device and then trick them into paying to remove the infection.

There are other potential possibilities for criminals to make money, Chien wrote. Selling data harvested from mobile devices, such as login credentials and financial data, will likely become a bigger problem as these devices become increasingly used as payment devices using near-field communications (NFC) protocols.

However, attackers don't appear to be seeing revenue close to what is available by targeting Windows systems, according to Chien. "For each attack we have seen on Android, none were repeated. It is possible that the attackers did not generate enough revenue, and thus did not repeat the effort," said Chien.

While malicious Android applications will continue to increase, it will likely be awhile before the attacks on mobile devices "reach parity" with Windows, he added.