The Growth in Mobile Malware

Mobile malware will continue to expand, so what can we do?

Mobile malware has been around for some years, but it's only in the last couple of years or so that we've seen it emerge from the 'proof-of-concept' stage to being a tool in the hands of cybercriminals, i.e. to make money illegally.

The huge growth in mobile malware is a result of a number of different factors. First, the huge numbers of smartphones being used; second, the variety of ‘interesting’ data now stored on these devices, such as: contacts, photographs, SMS messages, banking credentials and social networking logins; and finally, the growing use of mobile devices in business and the lack of awareness from organisations around mobile threats. In a survey we commissioned last year, only 55% of businesses considered mobile devices in the workplace a serious threat.

The varieties of mobile malware

The types of malware we're now seeing and how these work include:

  • SMS Trojans send SMS messages to premium-rate numbers. Potential victims may be persuaded to download the Trojan application because it masquerades as adult content. On top of this, cybercriminals use search engine optimisation techniques to try and have their 'product' appear at the top of web searches.
  • Some Trojans are designed to steal confidential data from the device and use the internet to send it to the cybercriminals. Some go even further, exercising remote control over compromised devices and co-ordinating cybercriminal activities e.g. downloading new functionality, or new configuration information, to the malware that's already installed.
  • Banking Trojans target private banking data in particular. For example, there's a mobile variant of the notorious ZeuS banking Trojan that intercepts SMS messages used in the authentication of some bank transactions - allowing cybercriminals to assume the victim's online identity.
  • Some are focused on theft of social networking login credentials. By stealing personal information from social networking sites, cybercriminals have the potential to be able to piece information together and commit identity theft.

Securing mobile data

While mobile malware is growing in volume and sophistication, this is only part of the picture. Increasing amounts of data are being stored on mobile devices - including confidential business data.  However, devices are often unprotected with a PIN and the data stored on them is seldom encrypted. At the same time, these devices are easy to lose and easier to steal, so there's an increasing risk of data leakage.

The task of securing data has become harder for businesses as employees increasingly conduct business outside the traditional work place - i.e. at home, at the airport, in a hotel, etc. There's a heterogeneous mix of endpoint devices, they are harder to manage because they're geographically distributed.  So businesses not only face the growing threat from mobile malware, but also the risk of data leakage.

The future of Mobile Malware

The growth of mobile malware is only going to continue as people increasingly conduct business and sensitive transactions via mobile devices. Cybercriminals follow the money and as mobile banking and shopping continue to increase in popularity, so will the threats targeting these devices. However, it’s not just financial data that’s a key target, but also lots of personal data that can be harvested and used to frame targeted attacks.

At a societal level, there are a number of factors that can help combat the increase in mobile malware. This includes the development of a legislative framework to deal with cybercriminals (in the UK we have well-developed legislation, but that’s not true of all regions of the world), cross-border co-operation of law enforcement agencies, and market regulation (e.g. it’s harder to set up an affiliate network that will allow successful monetisation of SMS-Trojans in the UK compared to Russia, China and other areas). 

In regards to businesses, organisations need to ensure they include mobile devices in their security strategy and deploy appropriate technology. This includes anti-malware, whitelisting, encryption, centralised policy management and enclosing of personal and business data (a result of the BYOD trend). It’s also not just the threat of malware on the device, but the network itself, as shown by the discovery of ‘Red October’ – a targeted attack that specifically harvested data from devices connected to the network of victim organisations.


David Emm is Senior Security Researcher at Kaspersky Lab