Today, Juniper Networks released its third annual Mobile Threats Report, which provides insight on the latest developments in the mobile threat landscape. This version of the report shows evidence of not only the exponential growth of threats (614 percent over 12 months), but an increased focus from mobile attackers on quickly monetizing their efforts.
Nowhere is this trend more apparent than in the explosion of malicious applications that leverage premium text messages to quickly convert malware to money, which we call SMS Trojans and Fake Installers. By March of this year (2013), these types of threats made up 73 percent of all known malware, a significant increase from 17 percent just two years ago.
The attacks themselves are quite simple, but the logic behind them and customization efforts show that the cyber criminals creating them are anything but. SMS Trojans run in the background of an application and send text messages to premium rate numbers owned by the attacker and are typically hidden inside popular applications. Fake Installers are similar but instead of running in the background, these attacks rely on social engineering to trick victims into agreeing to terms of service hidden in the fine print of pirated applications that then send profits via premium SMS messages to the scammers.
It’s the targeting and distribution where the savvy comes in.
First, by using premium SMS, a popular means to pay for services or donate to charities, attackers are easily turning a malware infection into dollars without going through a number of the steps that many traditional hacking methods require. For instance, unlike spyware or keyloggers on mobile devices or PC’s that require an attacker to sift through various data fields to find valuable data that then needs to be further exploited, an attacker just needs to dupe someone into hitting download to make off with a profit. By reverse engineering one of these threats, the MTC found attackers could make $10 USD per download. No credit card information required.
Second, attackers are targeting the most popular applications to tempt users. The MTC examined the most frequently used apps to package these types of threats and found the majority are popular, brand name apps that consumers trust. It’s important to note that there are no security issues with the legitimate versions of these applications made by the official developers, just the malware laden copies. Here is the list of the top five most frequently copied apps in order of number of fakes:
Finally, attackers are distributing their malware using third-party application stores that typically have lower levels of accountability when compared with the official marketplaces. While some malware has managed to sneak onto the official iOS and Android marketplaces in the last year, both Apple and Google are fairly quick to take them down once discovered. Juniper and several other security researchers have noted this trend toward third-party markets, but with this year’s report the MTC examined exactly how many of these stores are hosting malware. What we found is bad apps creeping into third-party stores across the globe.
Generating around $10 per download, these attacks don’t lead to complete financial ruin, but they certainly do have the promise of making attackers a tidy profit over time. This profit comes at the cost of the user or their carrier via these changes on phone bills.
The good news is there are simple steps people can take to protect themselves from being duped by these attacks. For one, sticking to the official app marketplaces provides a degree of, but not total, protection. Users might also consider downloading one of the many anti-malware apps available on the official markets.
You can follow Juniper’s Mobile Threat Center on Twitter at @JuniperSecurity.
Discussing a wide range of topics impacting enterprises and
data center security.