Fraudsters have all the tools they need to effectively turn mobile malware threats into one of the biggest security problems we’ve ever seen. As security measures lag and infection rates rise, cybercriminals use an increasingly wide array of schemes to monetize mobile malware.

The Malware Is Out There

Mobile malware remains a significant cybersecurity threat, with 1.12 percent of mobile devices monitored by IBM Trusteer in the first half of 2015 exhibiting an active malware infection. This is equal to PC infection rates, signifying that cybercriminals are shifting their resources and attention to the mobile channel.

Unsurprisingly, financial Trojans were the most prevalent form of mobile malware, with approximately 30 percent of the distinct variants targeted at stealing financial information. The remainder are capable of performing malicious actions such as stealing personal information, sending SMS to premium numbers, keylogging and deploying cryptographic ransomeware on the device, effectively hijacking images and files stored on it.

Mobile malware threats form a rich ecosystem, and some of the most prolific mobile Trojans also act as distribution mechanisms for more targeted infections. For example, the DroidDream malware, which was the fifth-most prolific mobile malware, establishes a unique identification for the device and awaits further instruction from its operator, running in the background without the user’s knowledge. The operator can then instruct the malware to download additional malicious programs as well as open the phone up to remote control to allow for more targeted attacks, all without the user ever being aware.

In another example, the third-most prolific mobile malware, Android Exploit Masterkey, modifies Android application packages (APKs), the file format used to distribute and install applications onto Android OS. This effectively allows a hacker to turn any legitimate application into a malicious Trojan.

Learn more: Watch the on-demand webinar on the rise of mobile malware

User Complacency and System Vulnerabilities

Consumer awareness of mobile security threats still lags behind the reality of the situation. Users who would never install software from an unverified source on their PC readily click on links in SMS messages and unwittingly download files from unknown sources on their mobile devices.

As a result, SMiShing (SMS phishing) campaigns designed to distribute mobile malware are exponentially more effective then email phishing, especially when customized to target the client base of a specific financial institution or service provider.

Users are also notoriously slow to update their mobile devices’ OS. It is therefore no surprise that mobile malware commonly observed in attacks on consumers, such as the Basebridge Trojan, exploit vulnerabilities in outdated mobile systems.

Worst yet, a significant segment of mobile users actually take steps to jailbreak or root their devices in order to access unofficial app markets or get free programs. In doing so, they not only annihilate their phone’s built-in security, but also drastically increase the risk of downloading a malicious app. In fact, according to recent reports, up to 32 percent of apps on unofficial markets contain malicious content.

Are the Official App Markets Safe?

While unofficial markets are a major risk, malicious apps are also finding their way to official stores. How easy is it for malware-infected apps to make it to the official stores? That question is best answered by the following quirky story.

In late 2014, an official Android market app playing morning and evening prayers in Arabic was flagged by antivirus vendors as infected by the banking Trojan Ramnit. Since the Ramnit malware only affects Windows environments, mobile users who downloaded the app were not really at risk. The app has since been removed from the official store.

Unbeknownst to the developer, Ramnit PC Trojan infected multiple files on his workstation, including the source code for the mobile app that was later repackaged and uploaded to the Android market. In other words, an infected app was able to make its way to the official app store without the malware developer even intending to do so.

Mobile Security Is Lagging

The majority of organizations that allow mobile access to internal resources, as well as financial institutions that service consumers through the mobile channel, have yet to adopt a comprehensive mobile security strategy. A recent IBM-sponsored Ponemon Institute study revealed the alarming state of mobile security for apps with over half of the companies examined devoting zero budget to mobile security.

With lagging security for rapidly increasing and highly popular mobility, financial institutions in particular will face challenges when offering mobile payment technology to consumers and attempting to secure transactions from fraud.

A Mobile Cybercrime Underground Market Is Flourishing

Mobile malware has become one of the most popular commodities sold in underground venues. Because of the ease of obtaining mobile bots and monetizing them, demand is high, and prices for mobile malware regularly sell for upwards of $5,000. This is also the average historical price for PC-based Trojan kits.

The offerings available on the mobile cybercrime underground cover the full range of the cybercrime ecosystem. Take the MazelTov malware-spreading kit recently discovered by IBM researchers. This kit offers an effective way to turn a piece of mobile malware into an active infection campaign that is readily available to any would-be fraudster. All an attacker would need to do is get the malware, load it and start amassing new mobile zombies.

Mitigating the Risk of Mobile Malware Threats

A successful strategy for mitigating mobile cybercrime risks must not only address current malware threats, but also take into account the dynamic nature of cybercrime and the connection between mobile and cross-channel fraud.

Mobile defenses must protect organizations from today’s threats. And considering the rapid pace of innovation set by cybercriminals, security teams must also demonstrate the ability to track threats and turn around new protections in a very timely manner. For the full IBM Trusteer Mobile Threat report and further insights on the subject of mobile security, please watch our on-demand webinar titled “2015 Mobile Threat Report — The Rise of Mobile Malware.”

More from Endpoint

The Evolution of Antivirus Software to Face Modern Threats

Over the years, endpoint security has evolved from primitive antivirus software to more sophisticated next-generation platforms employing advanced technology and better endpoint detection and response.  Because of the increased threat that modern cyberattacks pose, experts are exploring more elegant ways of keeping data safe from threats.Signature-Based Antivirus SoftwareSignature-based detection is the use of footprints to identify malware. All programs, applications, software and files have a digital footprint. Buried within their code, these digital footprints or signatures are unique to the respective…

Contain Breaches and Gain Visibility With Microsegmentation

Organizations must grapple with challenges from various market forces. Digital transformation, cloud adoption, hybrid work environments and geopolitical and economic challenges all have a part to play. These forces have especially manifested in more significant security threats to expanding IT attack surfaces. Breach containment is essential, and zero trust security principles can be applied to curtail attacks across IT environments, minimizing business disruption proactively. Microsegmentation has emerged as a viable solution through its continuous visualization of workload and device communications…

Self-Checkout This Discord C2

This post was made possible through the contributions of James Kainth, Joseph Lozowski, and Philip Pedersen. In November 2022, during an incident investigation involving a self-checkout point-of-sale (POS) system in Europe, IBM Security X-Force identified a novel technique employed by an attacker to introduce a command and control (C2) channel built upon Discord channel messages. Discord is a chat, voice, and video service enabling users to join and create communities associated with their interests. While Discord and its related software…

3 Reasons to Make EDR Part of Your Incident Response Plan

As threat actors grow in number, the frequency of attacks witnessed globally will continue to rise exponentially. The numerous cases headlining the news today demonstrate that no organization is immune from the risks of a breach. What is an Incident Response Plan? Incident response (IR) refers to an organization’s approach, processes and technologies to detect and respond to cyber breaches. An IR plan specifies how cyberattacks should be identified, contained and remediated. It enables organizations to act quickly and effectively…