14 DAY TRIAL // Hosting malicious applications in third-party Android market places is already leveraged by cybercriminals, but an evolutionary step could mean targeting app servers and base transceiver stations (BTS), a security researcher says.
A base transceiver station is designed to carry out communication between the user device and the mobile operator's network.
Third-party app hosting locations are riddled with malicious software targeting Android users because they are not properly curated. This is an undeniable fact, given that most infections targeting Google’s mobile operating system do not originate from properly verified stores such as Google Play or Amazon Appstore for Android.
Filip Chytry, mobile malware analyst at Avast, predicts that cyber crooks will up the ante in the future and target the systems that establish communication between the mobile networks and the devices
“Man-in-the-middle attacks via app servers mean that mobile hackers may redirect communication between mobile app users and the app’s server or infect app users’ by pushing malware onto user devices via the apps on their devices,” he says in a blog post.
Basically, all the communication between the client and the server will be routed through the infrastructure set up by the cybercriminals, allowing them to intercept data and spread malware.
For now, there have not been recorded any attacks of this type, but mobile operators should take into consideration the necessary security precautions in order to thwart the possibility before any damage is done.
“Mobile malware is in its infancy; at the moment comparable to a toddler. Mobile users, security providers, app markets, and mobile operators should brace themselves for the teenage version of mobile attacks,” he concludes.