Pierluigi Paganini January 05, 2012

Wanting to try out hypotheses about the future of the spread of malware, we cannot help but examine the mobile scenarios. For those who develop viruses and similar mobile platforms are a favorite target. The main causes are:

• The ubiquity of mobile phones such as smartphones of the latest generation. The technology evolution and the consequent reduction in costs have made that these systems could have a rapid spread in cost-effective access to a growing portion of the world population (around 85% of individuals worldwide).
• The increasing computational power of devices. Virtually similar to our desktop systems with which they share operating systems and various utility applications.
• The total lack of awareness of the threats and the risk involved. The average user ignores the risks associated with not careful navigation through a smart phone and is probably more inclined to spend on funny cover or other frills, rather than purchasing defense mechanisms.
• The growing use of jailbreak procedures for the activation/introduction of features not available in the version distributed officially. These systems replace the original operating system intercepting all calls to the underlying hardware, a special path for those who wish to install spyware, rootkits or other malware.
• Each mobile device is an expression of the owning user. A vantage point to access the tracks of our movement, our conversations, our sms to our web browsing, email included. A single gateway to our digital world.
• Availability of open platforms for the development and especially the distribution of user made applications across major market or stores of Google and Apple. These channels in recent months have been “contaminated” with games and other applications that have infected permitted a rapid spread of malwares.

According to the data on the world wide distribution of the OSs, it is Android for mobile devices that has made it to the master.

But around Android are gathering light and shadow. Recently the Pentagon has approved a version of Android running on Dell hardware to be used by DoD officials. The approval has been motivated with the assertion that Android is an Open OS and give easly the possibility to develope DoD custom security applications.

Official Android Market host many Malware Games, that is the news we have regulary read during the last months.

F-Secure researchers have several time found malware deployed in the Android Market disguised as free versions of popular games such as Cut the Rope and Assassin’s Creed. Criminals are using to scam users of Google’s Android Market app store overnight so more malware appeared in Google’s official app repository.

It isn’t difficult to predict a rosy future for the proliferation of malware in the mobile sector, but what are the main motivations behind the development of malware, especially in the scenario we are examining?
There are two main categories:

1. agents developed by government agencies or law enforcement agencies that need to intercept and monior a specific user.
2. organized criminals who want to capitalize on the widespread distribution of malware.

To the first category belong all those viruses / trojans developed for investigative purposes or as a cyber weapons (eg Stuxnet, Duqu).
Easy knows to expect an innovative point of view they can be more dangerous variants being developed by teams of experts hired by governments. The “Tilded platform” is a good example of innovation.

Not to be outdone, however, diffusion capacity and infection of malware of the second category developed by crime for profit. The crime has infact realized there are enormous profits and risk all in all content in the malware development.

Several methods are known to the monetization with malware development, here you are a list of the principals:

1. Mobile pickpocketing (SMS/call fraud), or the the ability to charge a phone bill via SMS billing and phone calls. Malware uses these mechanisms to steal directly from user accounts. A Fomous malware of this type has been GGTracker. It has been extimated that these malware have stolen around one million dollars from users in 2011. Similar agent, RuFraud, has been been observed in Asia and Europe causes premium SMS charges for folks, downloading helpers for popular games and utilities, or wallpaper from Market.
2. Botnets Creation. Many past instances of malware like DroidDream have integrated thousands of mobile devices into extensive botnet, exactly in the same way that happen for commond Desktop devices.
3. Vulnerabilities exploit. The opportunity to exploit vulnerabiltie of the OS to perform unauthorized operations, for example steal you bank account credentials. The problems is accentuated for all those devices that have been modified with jailbreaks. At that poit user have no control on its software distribution contrary to what might believe.

When using the mobile device there are a number of simple rules of behavior that should be shared as:

• Use applications to increase the safety of the device. The prinicipali antivirus companies are producing applications that allow even inexperienced users to avoid nasty surprises.
• Be careful visiting third party app stores. This places are the preferit for malware writers because usualy every control on the quality of the apps is absent.The likelihood of you encountering malware on an alternative app store is really high.
• Avoid to downloading utility and porn applications from unverified sources because these types of apps are most likely to have malware hidden inside.
• Be careful clicking on a shortened URL in an SMS message or on a social networking site. Social network platform are preferential place for malware spreading.
• Pay attention to all interactions required by our mobile applications, make sure to authorize only necessary transactions.
• Be careful clicking on in-app advertisements.When clicking on ads, you need to confident that the ad directs to where you expect to be directed.