14 DAY TRIAL // With mobile devices gaining more and more users, malware authors saw the potential of tapping into the information they store and developed mobile threats as a means to obtain access to sensitive information that can be monetized one way or another.
This is a different path than in the case of desktop malware, which was initially developed by hobbyists and pranksters and has evolved into a serious business in the last ten years or so.
The amount of mobile malware also grew at a faster rate than the desktop nasties, Avast recording in 2014 an increase to more than one million samples, from 100,000 registered in 2011.
Mobile malware is in the money-making business straight from the start
Despite having a simple architecture, the threats developed for mobile devices had thieving as their main purpose from the get-go.
“Smartphones and tablets are capable of gathering and storing more personalized data than PCs ever did – there is an abundance of valuable data to collect, including personal data and financial information,” says Ondrej Vlcek, Chief Operations Officer at security firm Avast.
Given all the data present on mobile devices, the threats created for them posed a real risk, financial in particular, to the victims.
The main entry point is represented by third-party marketplaces that are not properly curated and include listings for malicious apps, most of the times masquerading as legitimate software.
Ransomware and spyware threats are on the rise
Android devices are the most targeted, and with a user base of more than one billion, it is understandable why.
According to information from Avast, ransomware with encryption functionality and spyware threats are prevalent for this platform because they offer a quick way to the cash.
In the case of crypto-malware, after locking the content on the user’s device, cybercriminals demand a ransom fee for the decryption key. Spyware provides access to sensitive information, such as the user location, and other personal data that could lead to identity theft and compromising banking accounts.
Vlcek predicts that the availability of new technologies will give malware authors the possibility to explore new methods for making money. The researcher refers to near field communication (NFC) technology, which is increasingly adopted for making purchases.
In the fight against malware, the security industry and the mobile carriers worked together, and the results are visible in some countries such as the US, Brazil and the UK, where customers are no longer billed for most forms of commercial premium SMS services.
Cybercriminals would set up premium number services and deliver their victims malware that would surreptitiously call the high-rate service, resulting in them earning a commission and the victims' phone bills growing larger. This type of fraud was carried out by at least 60% of the malware recorded in 2013.