Mobile malware targeting Android, iPhones, says Kaspersky Lab expertDate: Feb 16, 2011
Mobile malware has been increasing in scope and intensity explains Denis Maslennikov, senior malware analyst on Kaspersky Lab's global research and analysis team. In this video at RSA Conference 2011, Maslennikov explains some of the current malware targeting smartphones and predicts that cybercriminals will find smartphone attacks a major cash cow in the near future.
Read the full text transcript from this video below. Please note the full transcript is for reference only and may include limited inaccuracies. To suggest a transcript correction, contact firstname.lastname@example.org.
Mobile malware targeting Android, iPhones, says Kaspersky Lab expert
Interviewer: So Denis thanks very much for taking time out to talk.
Denis Maslennikov: Hi, thanks.
Interviewer: The last few years we've been hearing more and
more about mobile
malware, and I'm wondering if you can briefly describe some of the growth
that we're seeing with the Trojans right now, as it relates to Mobile.
Denis Maslennikov: The whole situation briefly first of all we
should mention the fact that today
almost all pieces of mobile malware are commercialized, the same as PC malware. So
it means that cyber criminals create mobile malware for making illegal
profits. Today, the majority of all malware we discover are SMS Trojans, so these
are malicious applications which are trying to send SMS messages to premium
rate numbers. So the user loses money and the cyber criminals earn money.
Another example is dialing trojans. These are malicious applications which
dial international premium rate numbers, so the user loses money and the
cyber criminals earn money.
Interviewer: For example a Trojan will end up on somebody's
phone and will
make them dial a 1-900 number.
Denis Maslennikov: Yes, in August they tried to hide this security and
sometimes they dial not very often. Because for example at the end of the
month you'll receive a huge phone bill with a lot of like positions, with a
lot of numbers you have dialed, with a lot of numbers you have SMS'd and
probably they are counting on your not noticing some accidental
international premium rate numbers dialing, which will cost you $10 a
month. For example, Trojan will dial an international premium rate number
once a month and the call will cost you $10. Probably at the end of the
month you won't notice it's Symbian.
Interviewer: You mentioned Symbian. Has it primarily been Symbian that has
been attacked at this point because Symbian even though it's kind of
losing ground to a lot of the Smart phone platforms, it still has a pretty
dominant market share, right?
Denis Maslennikov: Yes, Symbian still has at least about 40% of the market, of all
operating systems market share on mobile platforms. But the majority of all
SMS trojans are Java to Micro Edition, J to ME. The reason is really
obvious. We have seen them. We have Windows mobile, we have android, we
have Blackberry, we have, let's say IOS. So we've got a lot of operating
systems, and there is no main targeting platform like Windows on desktops.
But J to ME, Java to Micro Edition, is supported by simple cell phones,
simple mobile phones, by simple Smart phones, by Windows mobile Smart
phones. It can be supported by Android Smart phones, if the user installs
Java to Micro Edition interpreter. And the main goal of cyber criminals is
to target as many devices as possible. So that's why they choose this
technology which is let's say so called "cross platform." They create these
primitive malicious applications which are really restricted, but still
users unload them, users install them and users continue to lose money.
Interviewer: Apple has its own App store. Android now has its own App store,
and we'll talk about that in a minute because I know you've done some
research, or had some findings with the Android store. But are these
applications vetted very well, when they go through these stores and is
that a possible attack vector for malware?
Denis Maslennikov: Well we can't say for example that the Apple store or Android
market place or Windows market place are 100% secure. It's impossible to
say. There is always a probability that malware somehow will appear in the
Apple store or in the Android market place. There was some research made by
other companies, which told of the fact that a lot of applications. For
example in the Android market are using a lot of really let's say critical
functions or critical system calls. For example, if you install something
from Android you will see the specifications or which system functions the
applications require. And for example, I'm pretty sure the user will
understand the fact that if the GPS application requires GPS success it's
okay. But if for example, a video player requires SMS sending functions or
I don't know, phone book access, it's really suspicious so by reading the
specifications and maybe thinking a bit about them it's a good idea to
prevent the installation of suspicious applications because for example
there was one case in the beginning of 2010, when about 30 of online
banking applications appeared on the Android market. All of them were
created for different banks. All of them were created by one developer.
Interviewer: But listen, technically, they weren't supposed to be malicious
in nature. Right?
Denis Maslennikov: No one knows whether they were malicious or not because no one
from the anti-virus companies had a chance to download them because Google
deleted them. We don't know. But still it's very suspicious when 30 online
banking applications are sold for $1 each and all were developed by one guy
and there's no information about him. There's only his nickname, Zero Nine
Droid and that's all.
Interviewer: I saw some research that you did or something that you wrote
about the Google Android market allowing to people to do remote
installs of some of these applications.
Denis Maslennikov: As far as I understood, it's an official feature of the Android
Interviewer: It's still in place.
Denis Maslennikov: Yes and the point is that it's easy to find on the underground
forums for example, I'm selling 10,000 GMail accounts and for example,
imagine even if 10 or 100 from this 10,000 selling GMail accounts are used
also on Android Smart phones. It means that anyone can install any
application from the market from the device and the user probably will not
notice anything because there will be an identification only on the top of
the Android device. The user's smart phone is located somewhere in the bag
or on the table and the user at this time is somewhere on the street. He
won't notice it and it means that any application from the market can be
installed and imagine what is going to happen if a malicious application
would be on the market place.
Interviewer: You know, out of all the different attacks that we talked about,
all of the different kinds of mobile malware we talked about, a lot of them
involve user interaction in some way. I'm curious about your thoughts on
the fragmented mobile market. We have Windows phones now making their way
into the market. Apple has a large market share, Android has got a huge
market share. Is it really worth it for cyber criminals to get into this
business, when they have to worry about multiple platforms and multiple
kinds of handsets?
Denis Maslennikov: Well in cyber criminals opinion as far as I see it is worth it.
Interviewer: It is. So you think there is money to be made here?
Denis Maslennikov: There are millions of dollars that were made by the mobile malware.
Just off topic have you visited my today's presentation?
Denis Maslennikov: I can send you a copy if you have questions about all the data and
all the things which are posted there. You can write me an e-mail and I
will explain everything. But it has been proven, For example, in Russia,
only in Russia, one mobile cyber criminal group caused financial damage for
users about $1.2 million per month. So it is worth it.