11:04 AM

6 Findings That Prove Mobile Malware's Mettle

Trojans, botnets, adware, and more are no longer merely theoretical. Consider these examples from the research lab to the real world of mobile.

Mobile malware hasn't yet grown to the problematic levels that once plagued Windows PCs back in the days before Trustworthy Computing. That doesn't mean mobile vulnerabilities aren't exploitable, though: Today's security researchers are not only creating and discovering proof-of-concept examples with real-world applicability, but they're finding in-the-wild samples, too.

Here's some of the most compelling evidence over the past year that shows mobile malware has bridged the gap from theoretical to practical.

1. Zitmo
One of the most successful banking Trojans of all time, Zeus, made the jump from PCs to mobile devices through the Zeus-in-the-mobile (Zitmo) spyware application. Prevalent on Android, Zitmo masquerades as a banking activation application and eavesdrops on SMS messages in search of the mobile transaction authentication numbers (mTANs) banks send via text to their users as a second form of authentication. Initially discovered in 2010, researchers last summer saw Zitmo gaining steam in the wild.

2. Mobile Botnets
Since 2009, Perimeter E-Security Research Analyst Grace Zeng has been exploring the possibilities of botnets consisting entirely of mobile devices. Naysayers told her it wasn't feasible, but last month she showed how realistic the possibility is with a presentation at WiSec 2012. Zeng presented her proof-of-concept design, which showed how devices could be infected through code hidden in games or system applications, and how command-and-control (C&C) communications could be passed through SMS made to look like spam. The hackers may well be ahead of her--researchers with NQ Mobile said last month that they discovered an Android bootkit that leverages root privileges and poses one of the first threats of mobile botnets in the wild.

3. CrowdStrike RAT Attack
Industry heavy-hitters George Kurtz and Dmitri Alperovitch made waves for their stealth startup CrowdStrike when they wowed the crowd at the RSA Conference in February by demonstrating how the company's research team reverse-engineered a Chinese remote access tool (RAT) to spy on a user's calls, physical location, apps, and data. The "end-to-end" mobile attack is delivered through a phony SMS message with a URL ostensibly leading to information about the user's need to renew service. The attack goes to show how thoroughly attackers can spy on users through commandeered mobile devices.

Read the rest of this article on Dark Reading.

At a time when cybercrime has never been more prolific and sophisticated, budgets are being cut. In response, IT is taking a hard look using third-party services--outsourcing--to meet security challenges. Our Making The Security Outsourcing Decision report outlines the various security outsourcing options available. (Free registration required.)

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
User Rank: Apprentice
5/6/2012 | 6:52:55 AM
re: 6 Findings That Prove Mobile Malware's Mettle
@ readers: do you use antivirus on your mobile phone?
Brian Prince, InformationWeek/Dark Reading Comment Moderator
InformationWeek Elite 100
InformationWeek Elite 100
Our data shows these innovators using digital technology in two key areas: providing better products and cutting costs. Almost half of them expect to introduce a new IT-led product this year, and 46% are using technology to make business processes more efficient.
Register for InformationWeek Newsletters
White Papers
Current Issue
Top IT Trends to Watch in Financial Services
IT pros at banks, investment houses, insurance companies, and other financial services organizations are focused on a range of issues, from peer-to-peer lending to cybersecurity to performance, agility, and compliance. It all matters.
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
Join us for a roundup of the top stories on for the week of August 21, 2016. We'll be talking with the editors and correspondents who brought you the top stories of the week to get the "story behind the story."
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.