Mobile malware explodes, hits corporate networks

Illustration photo show SMS text messages displayed on a a smartphone
Illustration photo shows SMS text messages displayed on a a smartphone. Smartphone users have seen an explosion of malware in the past year, dominated by schemes targeting Google's Android operating system, a survey showed Wednesday.

Smartphone users have seen an explosion of malware in the past year, dominated by schemes targeting Google's Android operating system, a survey showed Wednesday.

The attacks are also starting to hit , possibly as part of broader espionage efforts, according to the Mobile survey.

The report showed a 614 percent jump in mobile malware in the 12 months to March 2013, with attacks accounting for 92 percent.

The prevalence of Android malware is not surprising in light of its dominance of the global smartphone market—around 75 percent—Juniper said the with less regulation makes it more prone to attacks.

"Android does not have as rigorous a vetting system" as rival platforms such as Apple's iOS and BlackBerry, said Karim Toubba, a Juniper vice president.

"But the reality is that all the operating systems have vulnerabilities."

Toubba said the dominant scheme to "monetize" the attacks involves SMS text messages which infect a smartphone and surreptitiously deliver new messages to a "premium" SMS service, for a fee.

These services, which mimic legitimate ones such as those for voting on , can charge small fees such as 10 cents or 50 cents. The hackers can quickly cash in by infecting large numbers of devices, and can easily shut down and set up new numbers to avoid detection.

Hugo Barra, Google VP of product management for Android, pictured at the Google I/O conference on May 15, 2013
Hugo Barra, Google VP of product management for Android, pictured at the Google I/O conference on May 15, 2013. Some malicious software gets into official channels such as Google Play, but third-party vendors have much more malware, a survey showed Wednesday.
"They can spin it down and leave no trace," said Toubba.

The typical SMS Trojan takes in a quick $10 for the , with profits multiplying as the schemes are repeated.

Many users are tricked into installing malware by messages or emails disguised as software updates.

Toubba said some gets into official channels such as Play and the Apple App Store, but that third-party vendors have much more malware.

"These marketplaces are popular targets which provide little to no review process," Toubba said.

Not surprisingly, the survey found many of these malicious apps stemming from sites in Russia and China.

Apple users who "jailbreak" their iPhones to use on unauthorized carrier networks often use these third-party networks because they may get locked out of the App Store.

Many users fail to even notice when their device is infected, because it may result in a charge of just a few cents on their phone bill.

Juniper found that more sophisticated attacks are starting to emerge, including those that create "botnets" to expand the infections, and other schemes which can be part of a broader corporate or government espionage effort.

"They can use the mobile device to do reconnaissance and go deeper into the corporate network," Toubba said.

This is particularly worrisome for companies which allow employees to use their own devices for corporate networks.

Juniper's report said it "saw several attacks that could potentially be used to steal sensitive corporate information or stage larger network intrusions."

"It is clear that the threat of mobile malware to corporate devices is no longer a theoretical one. We expect the presence of mobile in the enterprise to grow exponentially in the coming years," the report said.


Explore further

Staggering surge in Android gadget viruses: Juniper

© 2013 AFP

Citation: Mobile malware explodes, hits corporate networks (2013, June 26) retrieved 24 April 2019 from https://phys.org/news/2013-06-mobile-malware-corporate-networks.html
This document is subject to copyright. Apart from any fair dealing for the purpose of private study or research, no part may be reproduced without the written permission. The content is provided for information purposes only.
0 shares

Feedback to editors

User comments

Jun 26, 2013
These services, which mimic legitimate ones such as those for voting on TV programs, can charge small fees such as 10 cents or 50 cents. The hackers can quickly cash in by infecting large numbers of devices, and can easily shut down and set up new numbers to avoid detection.


Something I find hard to understand is that a scheme such as the above requires that the carrier (Sprint, Verizon, AT&T, etc.) charge your account for the SMS messages and then send the money to the thief. Since such messages are sent to a number which is not a phone number (e.g.: 9907), the carriers have to set up the numbers for the thieves and then send them the money. Why can't the carriers simply not set up the numbers, collect the money or send it to the thieves? When the money is sent to an account, someone owns that account. Why can't the owner be traced?

Jun 26, 2013
Dogbert, have you seen any stories, ever, about the Russians or Chinese cracking down on cybercrooks, unless it's hurting their countries, of course? I have a feeling that they look the other way if the victims are in the US, Europe, Japan, South Korea, et al. I wouldn't even doubt that some of it originates from their governments.

Jun 26, 2013
geokstr,
No, I haven't seen any country try to stop this. But why are our mobile telephone companies working with thieves?

Jun 26, 2013
There is no reason the carrier would do anything since no one is complaining. Unless people start complaining about things like this, they will do nothing. The way you fix the problem is to patch the holes. There is a reason why Apple is so strict with applications. Being an open platform has its disadvantages. The same can be said for malware sites, why are they allowed to exist in DNS servers when they know its spreading infections? Its a big business, end users are at the wrong end of the deal.

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more