Security & Mobility Now
Security is top-of-mind everywhere, especially right here where Juniper experts share their thoughts on the latest security breakthroughs and product advancements
tvennon

Premium Text Message Threats: Popular, Profitable and Proliferating in Third-Party App Stores

by Juniper Employee ‎06-25-2013 09:01 PM - edited ‎06-24-2013 09:49 AM

Today, Juniper Networks released its third annual Mobile Threats Report, which provides insight on the latest developments in the mobile threat landscape. This version of the report shows evidence of not only the exponential growth of threats (614 percent over 12 months), but an increased focus from mobile attackers on quickly monetizing their efforts.

 

Nowhere is this trend more apparent than in the explosion of malicious applications that leverage premium text messages to quickly convert malware to money, which we call SMS Trojans and Fake Installers. By March of this year (2013), these types of threats made up 73 percent of all known malware, a significant increase from 17 percent just two years ago.

 

The attacks themselves are quite simple, but the logic behind them and customization efforts show that the cyber criminals creating them are anything but. SMS Trojans run in the background of an application and send text messages to premium rate numbers owned by the attacker and are typically hidden inside popular applications. Fake Installers are similar but instead of running in the background, these attacks rely on social engineering to trick victims into agreeing to terms of service hidden in the fine print of pirated applications that then send profits via premium SMS messages to the scammers.

 

It’s the targeting and distribution where the savvy comes in.

 

First, by using premium SMS, a popular means to pay for services or donate to charities, attackers are easily turning a malware infection into dollars without going through a number of the steps that many traditional hacking methods require. For instance, unlike spyware or keyloggers on mobile devices or PC’s that require an attacker to sift through various data fields to find valuable data that then needs to be further exploited, an attacker just needs to dupe someone into hitting download to make off with a profit. By reverse engineering one of these threats, the MTC  found attackers could make $10 USD per download. No credit card information required.

 

Second, attackers are targeting the most popular applications to tempt users. The MTC examined the most frequently used apps to package these types of threats and found the majority are popular, brand name apps that consumers trust. It’s important to note that there are no security issues with the legitimate versions of these applications made by the official developers, just the malware laden copies. Here is the list of the top five most frequently copied apps in order of number of fakes:

 

  • Google Play: Ironically, people looking to find the best place to download malware-free Android applications might be rewarded with an infection.
  • Adobe Flash: With Google discontinuing direct support for Flash in later versions of Android, users looking to install it through third-party application stores risk downloading malware.
  • Angry Birds: A popular game could breed angry users if they see the fraudulent charges on the bill.
  • Skype: Arguably one of the most popular message and calling apps, it’s no surprise this makes the list. Note that Trillian, a popular messaging platform, fell just outside this top five list.
  • HD_Wallpapers: A popular app for people that want to customize the background of their smartphones.

Finally, attackers are distributing their malware using third-party application stores that typically have lower levels of accountability when compared with the official marketplaces. While some malware has managed to sneak onto the official iOS and Android marketplaces in the last year, both Apple and Google are fairly quick to take them down once discovered. Juniper and several other security researchers have noted this trend toward third-party markets, but with this year’s report the MTC examined exactly how many of these stores are hosting malware. What we found is bad apps creeping into third-party stores across the globe. 

 

Juniper_WorldMap600.jpg

 

Generating around $10 per download, these attacks don’t lead to complete financial ruin, but they certainly do have the promise of making attackers a tidy profit over time. This profit comes at the cost of the user or their carrier via these changes on phone bills.

 

The good news is there are simple steps people can take to protect themselves from being duped by these attacks. For one, sticking to the official app marketplaces provides a degree of, but not total, protection. Users might also consider downloading one of the many anti-malware apps available on the official markets. 

 

You can follow Juniper’s Mobile Threat Center on Twitter at @JuniperSecurity

Post a Comment
Be sure to enter a unique name. You can't reuse a name that's already in use.
Be sure to enter a unique email address. You can't reuse an email address that's already in use.
Type the characters you see in the picture above.Type the words you hear.
About Security & Mobility Now

Discussing a wide range of topics impacting enterprises and
data center security.

Subscribe RSS Icon

Our Bloggers

Kyle Adams
Senior Software Engineer

Profile | Subscribe

Ritesh Agrawal
Director
Software Engineering

Profile | Subscribe

Erin K. Banks
Senior Technical Marketing Manager

Profile | Subscribe

Ajay Bharadwaj
Product Manager

Profile | Subscribe

Paul Bristow
Senior Director
Product Management

Profile | Subscribe

Michael Callahan
Vice President
Product Marketing

Profile | Subscribe

Henrik Davidsson
Director
Security Sales

Profile | Subscribe

Scott Emo
Director
Product Marketing

Profile | Subscribe

Mora Gozani
Senior Manager
Product Marketing

Profile | Subscribe

Steve Hanna
Distinguished Engineer

Profile | Subscribe

Ashur Kanoon
Sr. Manager
Technical Marketing

Profile | Subscribe

Seema Kathuria
Manager
Product Marketing

Profile | Subscribe

Kevin Kennedy
Senior Director
Product Management

Profile | Subscribe

Dave Killion
Software Engineer

Profile | Subscribe

Rebecca Lawson
Senior Director
Product Marketing

Profile | Subscribe

Rajoo Nagar
Senior Manager
Product Marketing

Profile | Subscribe

Erin O'Malley
Manager
Product Marketing

Profile | Subscribe

Galina Pildush
Strategy & Planning
Architect

Profile | Subscribe

Edward Roberts
Director
Product Marketing

Profile | Subscribe

Bill Shelton
Director Field Sales

Profile | Subscribe

Ashutosh Thakur
Product Line Manager

Profile | Subscribe

Troy Vennon
Software Engineer

Profile | Subscribe

Brad Woodberg
Product Manager

Profile | Subscribe

Labels
Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.