min read

Welcome to 2013, the year of mobile malware

by Anders Nielsen , 10.01.2013

Are you old enough to remember the ILOVEYOU worm?

Our little friend was born 4 May 2000, spread across the globe within one day, infected 10% of all computers and caused an estimated €4 billion in damage. The US-based Central Intelligence Agency and the British Parliament were among many that had to shut down their email systems to get rid of this computer worm.

The worm required the recipient to open an email attachment entitled LOVE-LETTER-FOR-YOU.TXT.vbs. Such fools we were back then - although in our defense, who would have thought that love letters could be anything but genuine?

Today, of course, we know better. Email attachments with questionable names or from seemingly suspicious senders remain unopened. Any online offer of instant love, viagra or rapid weight loss is met with aggressive deletion. Also gone are the days when a shocking proportion of passwords consisted mainly of the word 'holiday', instead replaced by lengthy series of keystrokes including characters we struggle to name (^~'||\"¬‘¦). In a bid to protect our computerware, we happily surrender half our active laptop memory to internet protection software in the knowledge that a malware infection would do far worse to cripple our digital experiences.

In short, we are infinitely wiser today when it comes to online security. As a result, the top 10 list of the most damaging global virus attacks remains dominated by events dating back to the late '90s and early '00s.

However, many predict that 2013 will be the year when the battle for online security will again swing in favour of the dark side. Why? Our growing dependence on mobile devices has added a whole new playing field for malware which we, as consumers and businesses, are yet to protect effectively.

At present, around four million smartphones are infected with malware every month (78% of which are Android based). In the first half of 2012 almost 20,000 new mobile malware programs were detected, a rise of over 40% from the year before. Here is a flavour of some of the most malicious 2012 mobile malware:

- FakeInst: a family of Trojans disguising themselves as trusted programmes (e.g. Skype or Opera) and once inside, sends SMS messages to premium numbers
- SMSZombie: cleverly obtains device admin privileges before sending SMS messages to the mobile operator’s online payment system to top up ‘designated’ accounts
- NotCompatible: automatically downloads (ironically disguised as a ‘security update’) when an Android browser visits an infected website. Once installed, it can be used to gain access to protected information
- Android.Bmaster: bundled in with legitimate apps to get onto the device. It then swipes sensitive data from the phone and triggers SMS to premium numbers.

As the nature of the above suggests, most mobile malware of today is not created by your neighbors’ bored teenage sons, but rather organized cybercriminals on the look-out for opportunities. Several of the above are estimated to generate millions of euro for their criminal fathers every year. Cybercrime targeting mobiles is starting to become big business.

Increasingly, the primary target for many of these is likely to be to capture our financial details. Around half of smartphone owners have already used their device to make an online payment and with the anticipated 2013 growth in mobile commerce, there is every reason to assume that our associated mobile wallets, near field communication payments and banking apps are firmly on the development road map for cybercriminals.

Maybe 2013 would be the time to invest in a decent online-security app?

For more information on this post, you can contact the author Anders Nielsen.