Based on their security study findings from 2011, our researchers were able to deduce certain probabilities regarding the future of mobile malware. With approximately 700,000 Android activations taking place each day, it’s safe to say that the growth of Android malware won’t be slowing down any time soon. There are three “hotbeds” for mobile malware that we expect to be dealing with in 2012:
In this type of malware, legitimate mobile applications are being dismantled, embedded with malware, re-assembled and repackaged to look like the originals, launching their payload when the app is activated.
Cyber thieves use the phone’s SMS system to send surreptitious text messages to premium call numbers, with charges applied to the phone’s owner. This kind of fraud also gathers contact information for use in phishing and identity theft scams.
Only now starting to surface in the mobile world, botnets override security safeguards to allow hackers to take total control of the device. Botnets can also spread by sending copies of themselves to other devices via text and email.
Although these specific forms of malware have been seen in the past, the likelihood of their growth this is obvious. There are thousands of software engineers graduating from college every year, and a global unemployment rate that breaks all records. People will do what they need to do to survive, and this will certainly continue to be the case for malware authors. In fact, we have not yet seen all the new and sophisticated versions of the three examples of “hotbed” malware, but we can safely predict that they will fall into three general categories.
Smartphones have created a simple, convenient way to conduct our monetary transactions, including banking and bill paying, as well as shopping online. Because the primary intent of malware is financial gain, our researchers expect that malware such as SMS scams, mobile botnets and personal data collection will increase in popularity. Some forms of malware that matured in 2011 will are likely to evolve even more fully in 2012.
Our researchers expect mobile rootkits to emerge in a major way in 2012. Installing a rootkit requires either physical access to a phone, or tricking users into installing the malware themselves. Successful installation of a rootkit allows thieves to remotely control the phone and steal private data, undetected.
Since we are familiar with clicking on ads to download all kinds of applications, “malvertising” is probably going to surface more often than it has in the past. A malware author can simply purchase a mobile ad which, when clicked, launches malware into the device and routes the user to a malicious website.
This could be a rather dismal peek into the future, but there is a definitive silver lining. One positive is the fact that we know even more about malware than we did last year, thanks to research by experts like our security team. Consider our team’s few simple tips for protecting our mobile devices:
- Be cautious when downloading new apps or clicking on URLs, and use only trusted purveyors for your app purchases.
- Make protection of your device a priority in your life, just as you would with a PC
- Regularly download the latest updates and security patches available for your device.
- Disable geo-tagging features if you’re not using them.
- Don’t make major purchases or conduct financial transactions at public Wi-Fi hotspots.
We can rest assured that companies like NQ Mobile are working day and night to identify and prepare solutions for new and innovative forms of malware. What’s more, the results of that research are available to us at any time. Downloading powerful protection, such as NQ Mobile Security, will apprehend and resolve threats before they are able to reach our phones.
Read our press release about the NQ Mobile 2011 Security Report.