Friday, May 18, 2007

Commercializing Mobile Malware

Visionary enough, I predicted this over an year ago, and despite that for the time being there are only two publicly known pieces of mobile malware sending sms messages from the infected devices to premium numbers, it's an emerging trend for customers and mobile operators to keep an eye on :

"After installation, the Viver trojans immediately start sending SMS messages to premium-rate numbers. The messages are sent with proper international area codes, so they are able to reach the correct destination even when activated outside Russia. We've already seen for-profit malware in mobile devices: Wesber.A and Redbrowser are Java Midlet trojans that try to send messages to Russian premium-rate numbers. But these trojans require user acceptance per each message and are able to send messages correctly only inside Russia."

Some comments I made back then :

"The number and penetration of mobile devices greatly outpaces that of the PCs. Malware authors are actively experimenting and of course, progressing with their research on mobile malware. The growing monetization of mobile devices, that is generating revenues out of users and their veto power on certain occasions, would result in more development in this area by malicious authors. SPIM would also emerge with authors adapting their malware for gathering numbers. Mobile malware is also starting to carry malicious payload. Building awareness on the the issue, given the research already done by several vendors, would be a wise idea."

Something else to think about is related to Europe’s most recent mega-music event Eurovision and the sms voting power that, given enough infected mobile devices are in place the results could change pretty fast if you’re following my thoughts. Thankfully, compared to zombie networks making it possible to do intelligence and espionage tweaks given the large infected population, we still cannot talk about mobile botnets. The most juicy target for the time being however, remains the rise mobile banking.

Another comment I made a while ago :

"Malware authors indeed have financial incentives to futher continue recompling publicly available PoC mobile malware source code, and it's the purchasing/identification features phones, opening a car with an SMS, opening a door with an SMS, purchasing over an SMS or direct barcode scanning, mobile impersonation scams, harvesting phone numbers of infected victims, as well as unknowingly interacting with premium numbers are the things about to get directly abused -- efficiently and automatically."

Related posts:
Proof of Concept Symbian Malware Courtesy of the Academic World
Mobile Devices Hacking Through a Suitcase

No comments:

Post a Comment