Android Mobile Malware Fails To Make Money - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


Android Mobile Malware Fails To Make Money

Attackers haven't yet achieved mobile malware returns that equal the payoff from a Windows PC infection or fake antivirus campaign.

Lookout Mobile Security Protects Android Smartphones
Slideshow: Lookout Mobile Security Protects Android Smartphones
(click image for larger view and for slideshow)
Mobile malware attacks don't pay--at least not yet. While the quantity of attacks aimed at exploiting Android devices has been increasing dramatically over the past year, the criminals behind mobile malware have so far largely failed to cash in on their creations.

"For malware to be successful for the cybercriminals, they've got to be able to make money, and what we're seeing here are the early days of them trying out strategies to see what works," said John Harrison, group manager with Symantec Security Response, in an interview. "They're getting a pretty low return on the effort, and pretty low revenue, and they're still trying to see where--as you'd say in the PC world--the easy money is.

When might mobile malware really take off? In "Motivations of Recent Android Malware," a report published Tuesday, author Eric Chien, technical director of Symantec's security technology and response group, said three factors are necessary for mobile malware to surge: open platforms, ubiquity, and financial gain.

[Think your mobile security strategy is sound? Learn about One Mobile Device Security Threat You Haven't Considered.]

Use of Apple iOS is widespread, but the operating system is closed and all applications vetted before being offered for sale, which accounts for the relative absence of malware targeting iPhones or iPads. But Android is open, able to use third-party application markets, and ubiquitous. Indeed, according to Gartner, from April to June 2011, Android accounted for 43% of all smartphone sales. All of those factors make Android the most attractive mobile platform to exploit.

Furthermore, there are few technical barriers to taking legitimate Android applications and adding attack code--a process known as "Trojanizing" them. "I don't know if you've seen how easy it is to Trojanize an app , but you take a released application, bring it down to your desktop, use a Java developer kit, add Trojan code, and then upload it after renaming it as a 'free' version of the real app," said Harrison. "You've got unsuspecting users who say, oh great, here's the free version of whatever, and behind the scenes, they don't know what's going on."

Despite the ease of Trojanizing legitimate Android apps, however, such malware has yet to hit the monetization mark, despite extensive experimentation by attackers. "Only if these monetization schemes succeed do we expect attackers to continue to invest in the creation of Android malware," said Chien. Of course, that's good news for Android users, especially since according to a SANS study conducted last year, only 15% of smartphone users employ add-on security tools.

Experimentally speaking, so far criminals have been testing the many techniques that pay handsome dividends when used for PC attacks, including fake AV campaigns, which trick users into thinking that their device is infected with malware, and then sell fake software that magically removes the (nonexistent) infection.

Meanwhile, pay per install--in wide use for exploiting PCs and using them en masse to launch distributed denial-of-service attacks or serve as spam relays--is likewise being used to distribute Android malware. Other techniques include installing spyware--which can record phone calls, if the device has first been rooted--as well as search engine poisoning and pay-per-click attacks, which use exploited Android smartphones to artificially inflate website hit rates, thus generating increased advertising revenue for the website owner. Meanwhile, other Android malware has served adware or stolen people's banking transaction identification numbers.

But attackers apparently haven't yet found the magic mobile malware monetization combination. "For each attack we have seen on Android, none were repeated. It is possible that the attackers did not generate enough revenue, and thus did not repeat the effort," said Chien. "So while we will continue to see malicious Android applications, additional advances in the mobile technology space that allow greater monetization are likely [to be] required before malicious Android applications reach parity with Windows."

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
InformationWeek Is Getting an Upgrade!

Find out more about our plans to improve the look, functionality, and performance of the InformationWeek site in the coming months.

Remote Work Tops SF, NYC for Most High-Paying Job Openings
Jessica Davis, Senior Editor, Enterprise Apps,  7/20/2021
Blockchain Gets Real Across Industries
Lisa Morgan, Freelance Writer,  7/22/2021
Seeking a Competitive Edge vs. Chasing Savings in the Cloud
Joao-Pierre S. Ruth, Senior Writer,  7/19/2021
White Papers
Register for InformationWeek Newsletters
2021 State of ITOps and SecOps Report
2021 State of ITOps and SecOps Report
This new report from InformationWeek explores what we've learned over the past year, critical trends around ITOps and SecOps, and where leaders are focusing their time and efforts to support a growing digital economy. Download it today!
Current Issue
Monitoring Critical Cloud Workloads Report
In this report, our experts will discuss how to advance your ability to monitor critical workloads as they move about the various cloud platforms in your company.
Flash Poll