Mobile security firm Lookout Inc. is warning about the growing prevalence of malicious mobile applications designed to bill an unsuspecting victim through premium SMS services.
Fraudsters are tampering with legitimate mobile tools and advertising systems to achieve broader distribution and make more money.
The San Francisco-based security firm said millions of people have been impacted by mobile malware, a mixture of freely available apps containing spyware and those containing aggressive advertisements designed to collect as much user data as possible. In its "State of Mobile Security 2012," Lookout painted a bleak picture of the threat landscape raising security and privacy concerns in its analysis of threat detection rates for users of its mobile security application over the last 12 months.
"The mobile malware industry has matured and become a viable business model for attackers," Lookout said in its report. "Fraudsters are tampering with legitimate mobile tools and advertising systems to achieve broader distribution and make more money."
Lookout estimates that as many as six million people have encountered malware during the last 12 months. Fraudulent premium-rate SMS Trojans are the most prevalent type of malware, accounting for 91% of the malware, the company said. In addition the firm noted an increase in the frequency of adware – apps that push ads out of apps, change browser settings and access personally identifiable information "without suitable notification or transparency."
Enterprise mobile device security survey 2012
SearchSecurity.com's editors surveyed nearly 500 enterprise security professionals on mobile device security in the enterprise.
Security vendors have been documenting a steady increase in mobile malware as people turn to their mobile devices to make purchases and conduct banking and other financial transactions. Finland-based antivirus company F-Secure Corp., issued a report last month finding that third-party Android markets host the bulk of mobile malware. The company also highlighted the prevalence of SMS Trojans. A report issued this week by McAfee Inc. warned of a sharp increase in mobile malware in 2012.
In its report issued Thursday, Lookout said toll Fraud malware has emerged as the most significant threat category. The fastest spreading malware is identified as FakeInst or RuSMSMarket. The mobile app affects Android devices. It pretends to act as a legitimate installer for popular apps, but instead bills victims through premium SMS messages. The malware is "almost exclusively" directed at Eastern Europe and Russian users, the company said.
The firm said that 42% of new Lookout users in Russia have malware on their Android device, a trend fueled by the lack of regulation over SMS toll services and the lack of monitored mobile application distribution sites.
Some of the malicious activities associated with mobile applications are being driven by app promoters, which attempt to drive up notability and popularity of a specific app at the top of app market lists. Apps can gain the system by gaining root permissions on a device to install malicious code such as a Trojan that registers "active app" events even when the device screen is turned off. The issue is especially problematic in third party app stores based in China, Lookout said.
Also detected by Lookout is malware that uses man-in-the-Browser fraud techniques to intercept Transaction Authentication Numbers (mTAN) to gain full control of a victim's bank account.
Lookout is also warning of Web-based attacks. One in 10 users in the United States will click on a malicious link on a mobile device, according to Lookout. Some phishing attacks and other threats do not discriminate based on mobile platform, affecting Android, iOS and PCs in the same way, Lookout said. Phishing campaigns mimic trusted sites, such as financial institutions, attempting to get users to give up account credentials.
"The small form factor of mobile devices, coupled with trends such as the use of URL shorteners or QR codes, often makes it more difficult for users to evaluate the reputability of a given website," Lookout said.
Lookout predicts that cybercriminals will get better at embedding malicious payloads within applications. If weaponized applications remain undetected they can do far greater damage than SMS Trojans, giving attackers the ability to maintain full control over an infected device, the company warned. "As the mobile ecosystem continues to evolve, it is expected that malware writers will continue to experiment with new ways to trick existing marketing tools and processes," Lookout said.