• TREND MICRO
  • ABOUT
Search:
  • Latest Posts
  • Categories
    • Android
    • AWS
    • Azure
    • Cloud
    • Compliance
    • Critical Infrastructure
    • Cybercrime
    • Encryption
    • Financial Services
    • Government
    • Hacks
    • Healthcare
    • Internet of Everything
    • Malware
    • Microsoft
    • Mobile Security
    • Network
    • Privacy
    • Ransomware
    • Security
    • Social Media
    • Small Business
    • Targeted Attacks
    • Trend Spotlight
    • Virtualization
    • Vulnerabilities
    • Web Security
    • Zero Day Initiative
    • Industry News
  • Our Experts
    • Ed Cabrera
    • Rik Ferguson
    • Greg Young
    • Mark Nunnikhoven
    • Jon Clay
    • William “Bill” Malik
  • Research
Home   »   Security   »   Mobile Malware’s big birthday

Mobile Malware’s big birthday

  • Posted on:February 20, 2014
  • Posted in:Security
  • Posted by:Rik Ferguson (VP, Security Research)
0

This year marks another one of those anniversaries that we would rather not be celebrating; mobile malware is ten years old.

In 2004 a proof of concept, known as Cabir, was delivered by a coder known as Vallez, a member of the 29A group of virus writers. It didn’t take long for this original proof of concept to be picked by others with more mischievous intent and new more powerful variants were in the wild infecting Symbian-based devices by the end of that same year. 2004 also saw the birth of the premium service abuser, a tradition carried through to this year. Qdial disguised as a trojanised version of the game, “Mosquitos,” would send premium rate text messages from compromised Symbian s60 platform devices, running up a bill for the user and making money for the criminal. Finally, in November of that year the destructive Skulls virus was distributed through file-sharing sites and over email, designed to overwrite key files it harkened back to the outbreak days of the previous decade, especially when it incorporated the worm capabilities of Cabir to aid in propagation.

That being said, a couple of things really helped to protect mobile users in the early part of the 21st century; lower market penetration of the devices themselves and a fragmented platform meant that criminals didn’t have any one group firmly in their sights.

Five years later, things were looking more concentrated; criminals had begun to write for the J2ME (mobile Java) platform, to try and overcome the issues they faced with device fragmentation, still all designed to abuse premium rate services, but the ground was about to shift much to the delight of the attackers.

The following year, 2010, saw an increase in smartphone sales of more than 70% and the landscape was dominated by just two Operating Systems, iOS and Android with Android already sealing its number one spot. The growth in smartphone ownership, the continuing dominance of these platforms and the ever increasing bandwidth has led to a boom in mobile malware over the last three years that is set to continue. Gartner estimates that smartphone sales are set to increase from 968 million in 2013 to 1.2 billion in 2014 and that close to a billion of those will be running Google’s Android. It’s open season for the attackers now.

Historically, mobile malware has continued to focus on those traditional tactics of trojanised popular apps and abusing premium rate platforms. However, newer variants are increasingly taking advantage of advanced capabilities offered by today’s smart devices for espionage and information theft. In fact a proof of concept that I showed at Mobile World Congress in 2012 is an in-the-wild reality in 2014. An espionage app capable of deleting incoming SMS messages from specific numbers (C&C SMS anyone?) which can activate the microphone, take pictures or video footage, intercept incoming calls and text messages? This is the trajectory of mobile malware in 2014.

Criminals follow consumers and as we shift ever more rapidly away from using traditional chunky computing technology and more to smart devices and mobile platforms, criminals will continue to refine and adapt malicious creations that already have a 10-year track history. You’re not dealing with amateurs anymore.

For more facts and figures on the who, what, where and how much of mobile malware I recommend you take a look at Trend Micro’s 2013 Annual Security Roundup “Cashing In On Digital Information.”

Related posts:

  1. Mobile malware skyrockets in early 2011, study finds
  2. Mobile malware on the rise, study finds
  3. AV-Comparatives: Trend Micro Mobile Security for Android Provides 100% Malware Protection for Mobile Users
  4. Trend Micro Mobile App Reputation Service: Beyond Anti-Malware

Security Intelligence Blog

  • Our New Blog
  • How Unsecure gRPC Implementations Can Compromise APIs, Applications
  • XCSSET Mac Malware: Infects Xcode Projects, Performs UXSS Attack on Safari, Other Browsers, Leverages Zero-day Exploits

Featured Authors

Ed Cabrera (Chief Cybersecurity Officer)
Ed Cabrera (Chief Cybersecurity Officer)
  • Ransomware is Still a Blight on Business
Greg Young (Vice President for Cybersecurity)
Greg Young (Vice President for Cybersecurity)
  • Not Just Good Security Products, But a Good Partner
Jon Clay (Global Threat Communications)
Jon Clay (Global Threat Communications)
  • This Week in Security News: Ransomware Gang is Raking in Tens of Millions of Dollars and Microsoft Patch Tuesday Update Fixes 17 Critical Bugs
Mark Nunnikhoven (Vice President, Cloud Research)
Mark Nunnikhoven (Vice President, Cloud Research)
  • Twitter Hacked in Bitcoin Scam
Rik Ferguson (VP, Security Research)
Rik Ferguson (VP, Security Research)
  • The Sky Has Already Fallen (you just haven’t seen the alert yet)
William
William "Bill" Malik (CISA VP Infrastructure Strategies)
  • Black Hat Trip Report – Trend Micro

Follow Us

Trend Micro In The News

  • Advanced Cloud-Native Container Security Added to Trend Micro's Cloud One Services Platform
  • Trend Micro Goes Global to Find Entrepreneurs Set to Unlock the Smart Connected World
  • Winners of Trend Micro Global Capture the Flag Demonstrate Excellence in Cybersecurity
  • Companies Leveraging AWS Well-Architected Reviews Now Benefit from Security Innovations from Trend Micro
  • Trend Micro Announces World's First Cloud-Native File Storage Security
  • Home and Home Office
  • |
  • For Business
  • |
  • Security Intelligence
  • |
  • About Trend Micro
  • Asia Pacific Region (APAC): Australia / New Zealand, 中国, 日本, 대한민국, 台灣
  • Latin America Region (LAR): Brasil, México
  • North America Region (NABU): United States, Canada
  • Europe, Middle East, & Africa Region (EMEA): France, Deutschland / Österreich / Schweiz, Italia, Россия, España, United Kingdom / Ireland
  • Privacy Statement
  • Legal Policies
  • Copyright © 2017 Trend Micro Incorporated. All rights reserved.