Tuesday, October 11, 2011

New Symantec Research: The Motivations of Recent Android Malware

Via Symantec Connect Blog -

For years now, we in the cyber security industry have been saying an explosion of mobile malware is just around the corner. Beginning in earnest this year, we have indeed observed a marked increase in threats targeting mobile devices – particularly the Android platform. However, it’s probably not accurate to say the expected explosion has in fact occurred. The reality is that cybercriminals are still very much in the exploratory phase of figuring out how to monetize the exploitation of mobile devices. This is the topic of Symantec’s latest research. You can read the whitepaper in its entirety here (PDF).

Above all else, our analysis highlights how most current efforts to monetize mobile malware have only a low revenue-per-infection ratio. This has severely limited the return on investment achievable by attackers. It also offers detailed insight into the top current mobile malware monetization schemes observed by Symantec, including how each works and examples of the malware presently being used to carry them out. These schemes are:
  • Premium-rate number billing scams
  • Spyware
  • Search engine poisoning
  • Pay-per-click scams
  • Pay-per-install schemes
  • Adware
  • Stealing mobile transaction authentica¬tion numbers (mTAN)
However, the research also points out that the currently struggling revenue-per-infection ratio is primed to improve. The trigger will likely be advances in mobile payment-type technology and the widespread adoption of using mobile devices for both payment and accepting payment. The key is that these applications rely on devices to transmit financial information —such as mobile banking credentials—backed by real monetary funds. We’ve learned in the PC world just how lucrative the exploitation and sale of this kind of information can be for enterprising cyber criminals.


Additional potential revenue-generating schemes likely to be seen in the near future are discussed as well. These include:
  • Selling stolen International Mobile Equipment Identity (IMEI) numbers for use on previously blocked or counterfeit phones.
  • Peddling fake mobile security products—another tactic that has been highly successful in the PC realm.
The paper surmises that only if the current monetization schemes, and those likely to be seen in the near future, succeed will attackers continue to invest in the creation of Android malware.

No comments:

Post a Comment