Android Mobile Malware Fails To Make Money - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


Android Mobile Malware Fails To Make Money

Attackers haven't yet achieved mobile malware returns that equal the payoff from a Windows PC infection or fake antivirus campaign.

Lookout Mobile Security Protects Android Smartphones
Slideshow: Lookout Mobile Security Protects Android Smartphones
(click image for larger view and for slideshow)
Mobile malware attacks don't pay--at least not yet. While the quantity of attacks aimed at exploiting Android devices has been increasing dramatically over the past year, the criminals behind mobile malware have so far largely failed to cash in on their creations.

"For malware to be successful for the cybercriminals, they've got to be able to make money, and what we're seeing here are the early days of them trying out strategies to see what works," said John Harrison, group manager with Symantec Security Response, in an interview. "They're getting a pretty low return on the effort, and pretty low revenue, and they're still trying to see where--as you'd say in the PC world--the easy money is.

When might mobile malware really take off? In "Motivations of Recent Android Malware," a report published Tuesday, author Eric Chien, technical director of Symantec's security technology and response group, said three factors are necessary for mobile malware to surge: open platforms, ubiquity, and financial gain.

[Think your mobile security strategy is sound? Learn about One Mobile Device Security Threat You Haven't Considered.]

Use of Apple iOS is widespread, but the operating system is closed and all applications vetted before being offered for sale, which accounts for the relative absence of malware targeting iPhones or iPads. But Android is open, able to use third-party application markets, and ubiquitous. Indeed, according to Gartner, from April to June 2011, Android accounted for 43% of all smartphone sales. All of those factors make Android the most attractive mobile platform to exploit.

Furthermore, there are few technical barriers to taking legitimate Android applications and adding attack code--a process known as "Trojanizing" them. "I don't know if you've seen how easy it is to Trojanize an app , but you take a released application, bring it down to your desktop, use a Java developer kit, add Trojan code, and then upload it after renaming it as a 'free' version of the real app," said Harrison. "You've got unsuspecting users who say, oh great, here's the free version of whatever, and behind the scenes, they don't know what's going on."

Despite the ease of Trojanizing legitimate Android apps, however, such malware has yet to hit the monetization mark, despite extensive experimentation by attackers. "Only if these monetization schemes succeed do we expect attackers to continue to invest in the creation of Android malware," said Chien. Of course, that's good news for Android users, especially since according to a SANS study conducted last year, only 15% of smartphone users employ add-on security tools.

Experimentally speaking, so far criminals have been testing the many techniques that pay handsome dividends when used for PC attacks, including fake AV campaigns, which trick users into thinking that their device is infected with malware, and then sell fake software that magically removes the (nonexistent) infection.

Meanwhile, pay per install--in wide use for exploiting PCs and using them en masse to launch distributed denial-of-service attacks or serve as spam relays--is likewise being used to distribute Android malware. Other techniques include installing spyware--which can record phone calls, if the device has first been rooted--as well as search engine poisoning and pay-per-click attacks, which use exploited Android smartphones to artificially inflate website hit rates, thus generating increased advertising revenue for the website owner. Meanwhile, other Android malware has served adware or stolen people's banking transaction identification numbers.

But attackers apparently haven't yet found the magic mobile malware monetization combination. "For each attack we have seen on Android, none were repeated. It is possible that the attackers did not generate enough revenue, and thus did not repeat the effort," said Chien. "So while we will continue to see malicious Android applications, additional advances in the mobile technology space that allow greater monetization are likely [to be] required before malicious Android applications reach parity with Windows."

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
User Rank: Apprentice
10/11/2011 | 11:03:05 PM
re: Android Mobile Malware Fails To Make Money
True. Some of this will change too I think as more people use mobile phones for banking in certain countries and point-of-sale systems go mobile.
Brian Prince, InformationWeek contributor
User Rank: Apprentice
10/11/2011 | 8:05:27 PM
re: Android Mobile Malware Fails To Make Money
I think part of the issue is that, while Android malware to date provides the bad guys access to data, they don't own the device to same extent that they own a compromised PC. Once they have that kind of total control of the device then Android malware will become more pervasive.

Jim Rapoza is an InformationWeek Contributing Editor
COVID-19: Using Data to Map Infections, Hospital Beds, and More
Jessica Davis, Senior Editor, Enterprise Apps,  3/25/2020
Enterprise Guide to Robotic Process Automation
Cathleen Gagne, Managing Editor, InformationWeek,  3/23/2020
How Startup Innovation Can Help Enterprises Face COVID-19
Joao-Pierre S. Ruth, Senior Writer,  3/24/2020
White Papers
Register for InformationWeek Newsletters
State of the Cloud
State of the Cloud
Cloud has drastically changed how IT organizations consume and deploy services in the digital age. This research report will delve into public, private and hybrid cloud adoption trends, with a special focus on infrastructure as a service and its role in the enterprise. Find out the challenges organizations are experiencing, and the technologies and strategies they are using to manage and mitigate those challenges today.
Current Issue
IT Careers: Tech Drives Constant Change
Advances in information technology and management concepts mean that IT professionals must update their skill sets, even their career goals on an almost yearly basis. In this IT Trend Report, experts share advice on how IT pros can keep up with this every-changing job market. Read it today!
Flash Poll