The first of two-part series discussing malware on smartphones.
With the still growing importance of smartphones to both our personal and professional lives, it is crucial that we, as device owners and users, manage the ways in which they can malfunction and disrupt our lives. One of the ways we frequently overlook is the fact that smartphones are susceptible to malware and other threats, similar to a PC. This post is the first of a two-part series on malware on smartphones. Here, we give an overview of the subject, and in a later post, we will discuss the ways in which users can protect their devices.
What is malware?
Malware is short for “malicious software”, and according to Wikipedia, it is software
… used or created by attackers to disrupt computer operation, gather sensitive information, or gain access to private computer systems…
Thanks to more affordable and accessible mobile broadband services, along with the growing take up and use of smartphones, malware on smartphones have increased considerably over the last few years. As a result, most IT security vendors have reported marked growth in the types of malware and frequency of attacks on smartphones, which has prompted the creation of a variety smartphone-specific security products.
According to the 2011 Mobile Threats Report published by Juniper Networks Mobile Threat Center, there was 155% increase in malware attacks across all platforms. Additionally, the firm was of the view that this growth is indicative of a maturing ecosystem evidenced by:
- the unprecedented number of malware attacks experienced in 2011
- the fact that smartphone malware has become more sophisticated, and is not just exploiting technical vulnerabilities, but also social engineering and human behaviour
- the ‘low barrier to entry’ to accessing smartphone applications, which is being fostered by users’ desire for those products, as well as an ever-growing apps market, which is not only fuelling the apps industry, but also the development of malicious programmes.
Which platform is the most vulnerable?
Most recent threat reports published by a several well-regarded security experts unanimously confirm that malware attacks against smartphones using the Android Operating System (OS) have increased considerably over the past few years. The Juniper 2011 report highlighted that in a sample of over 790,000 applications, the number of Android Malware grew from ‘roughly 400 samples in June to over 13,000 samples by the end of 2011’. Similarly, the Sophos Security Threat Report 2013, noted the following:
Over 100 million Android phones shipped in the second quarter of 2012 alone. In the U.S., a September 2012 survey of smartphone users gave Android a whopping 52 .2% market share. Targets this large are difficult for malware authors to resist. And they aren’t resisting— attacks against Android are increasing rapidly…
Today, the most common business model for Android malware attacks is to install fake apps that secretly send expensive messages to premium rate SMS services. Recent examples have included phony versions of Angry Birds Space, Instagram, and fake Android antivirus products…
Although threats against the Android OS and smartphones have been growing, this does not mean that all other platforms are immune malware. In addition to the sheer number of Android smartphones on the market, which makes them a more attractive target for attacks, users can secure apps from vendors who do not vet the apps they supply, which makes that market susceptible to rogue products. On the other hand, unless the device is unlocked (or “jailbroken”), apps for the iPhone can only be downloaded from the Apple Apps Store, in which there are comprehensive controls and ultimately, a more secure environment.
What are some of the top smartphone malware?
Outlined below are just a few of the most reported threats to smartphones, and specifically Android devices. These examples should highlight how seemingly innocuous some of the malware might initially appear, or the ways in which they attempt to capitalise on our opportunistic nature.
- Gemini. Gemini is a Trojan that opens a back door and transmits information from an Android device to a remote location (Source: Symantec). It is also one of the first Android malware that displays botnet-like capabilities, i.e. once the malware is installed on a user’s phone, it has the potential to receive commands from a remote server that allow the owner of that server to control the phone (Source: Lookout Mobile Security).
- GGTracker. A Trojan that targets the US market, and is automatically downloaded to a user’s phone after visiting a malicious webpage that imitates the Android Market (now Google Play). GGTracker is able to sign-up users to a number of premium SMS subscription services without their consent, which can lead to unauthorized charges on their phone bills (Source: Lookout Mobile Security).
- Loozfon: This low-risk malware is a Trojan horse for Android smartphones that steals information from compromised devices (Source: Symantec). Typically, it uses a bogus claims, e.g. work-at-home opportunity promising a profitable payments just for sending emails. If users click on the link in one of these advertisements, they are directed to websites that are designed to push Loozfon onto their devices, and may attempt to steal your address book contacts (Source: Forbes).
- FinFisher: This spyware downloaded onto your smartphone when users visit a specific web link or open a text message disguised as a system update, When FinFisher is installed , it can remotely control and monitor users’ communications (Source: Forbes).