The Lookout Blog

Mobile Malware: From Fame to Fortune?

Earlier this week the first SMS Trojan that infects Android smartphones was discovered in the wild. We see this as a significant event for several reasons. First, this is first instance of a Trojan on the Android platform which, to date, has mainly been affected by spyware and phishing attacks. Second, the motive behind this attack is profit, carried out through charges from premium-rate SMS messages, (see graphic below) and it may portent a broader shift towards profitable cybercrime on phones, as it has on PCs.

We’ve seen the progression of threats from novelty to profit before. To see where we’re heading, we need only to look to the desktop. Looking back over the last twenty years, the evolution of malware on the PC has hit three relatively distinct milestones that we could classify as Ego, Profit, and Political. This cycle looks like it will repeat itself for mobile phones, only significantly accelerated.

In the 1990s and early 2000s, PC malware was typically written more for the ego boost of fame and notoriety than for other motives. Melissa, ILOVEYOU, and MSBlast grabbed headlines, but not sensitive data. In recent years that has changed. In 2008, the Torpig Trojan was released into the wild and has stolen at least half a million online banking account credentials, credit card numbers, and debit card numbers. We’re also at the early stages of PC malware used for political purposes, such as recent denial of service attacks against Estonia and the Georgian president.

A similar evolution is happening within mobile malware. We are already well into the Ego phase and now perhaps poised to move into the profit phase. Consider the 2005 Symbian-based Cabir worm that did little more than spread to other devices via Bluetooth or the ikee worm that changed the wallpaper of jailbroken iPhones with default passwords to a photo of Rick Astley because its author, an Australian hacker, was just curious as to how far it would spread. Both were more of a nuisance than an actual threat; however, shortly after the ikee worm was released, the Duh worm in the Netherlands used the same mechanism to propagate and attempted to steal banking credentials from ING banking customers. Furthermore, with the recent Android SMS Trojan, we think we’re seeing early steps toward the profit phase which means both more sophisticated malware and more organized perpetrators.

As always, there are some steps that consumers can take to keep themselves safe.

• Only download applications from trusted sources. Remember to look at reviews and star ratings.
• Always check the permissions an app is requesting when downloading apps. Use common sense to ensure that the permissions match the type of app you are downloading.
• Download a mobile security app for your phone that scans every app you download. We’re partial to Lookout.

We’ll be routinely sharing data as to how the world of mobile malware and spyware is evolving—whether it be for fame or fortune.