Mobile threats are on the rise — Lookout estimates that mobile threats successfully stole more than one million dollars from Android users in 2011. In 2012, Lookout predicts that the criminal business of malware will be more profitable than ever before as the possibility of monetizing mobile devices grows and the cost of infecting devices lessens.
In the report, Lookout reveals that the annual likelihood of an Android user encountering malware today has increased to 4% up from a 1% likelihood measured at the beginning of 2011. Web-based mobile threats are also an important component of Lookout’s research, and the company found Android users worldwide have a 36% chance of clicking on an unsafe link in 2011.
In the United States, the likelihood of encountering an unsafe link is higher than the global average at 40%. Additionally in the report, Lookout anticipates the methods that would-be thieves will use to target mobile users directly and discusses tips for consumers to protect themselves.
“2011 was a watershed year in terms of the types of threats we saw emerging. Threats had greater sophistication and were deployed using more innovative and efficient distribution methods,” said Kevin Mahaffey, CTO at Lookout. “In 2012, we expect to see the mobile malware business turn profitable. What took 15 years on the PC platform has only taken the mobile ecosystem two years.”
Mobile malware monetization trends:
Mobile pickpocketing (SMS/call fraud). In 2012, Malware writers will continue to steal money directly from consumers by accessing their mobile devices’ ability to charge phone bills via SMS billing and phone calls. Earlier this year, Lookout identified GGTracker, the first mobile malware that steals money from users in the U.S. and earlier this week Lookout identified another Android Trojan, RuFraud, targeting Eastern European users.
Botnets. To date, Lookout notes botnet networks have yet to be used at scale. In 2012, Lookout anticipates malware writers could secretly integrate thousands of mobile devices into extensive botnet-like networks to distribute spam, steal private info, and install other malware. DroidDream and Geinimi are examples of botnets.
Vulnerable phones. Due to the difficulty of updating software and patching vulnerabilities on mobile phones, malware writers will continue to exploit iOS and Android OS at a pace greater than vulnerabilities can be resolved.
Mobile malware distribution trends:
Automated repackaging. Malware writers will develop tools that enable the automatic repackaging of malicious applications. Lookout has seen instances where several infected apps were packaged by the same developer within a matter of seconds — quicker than someone could do manually — so the means for automated repackaging may already be in existence.
Browser attacks. As with PC-based threats in the past, malware writers will attempt to profit via Web-based distribution like email, text messages and fraudulent websites. Even iOS devices have been targeted by websites designed to jailbreak them. In 2012, Lookout expects a continued increase in mobile phishing and messages linked to websites that automatically install malware.
Malvertising. Instances of malvertising (genuine-looking advertisements that link back to fraudulent sites) will continue to increase. Given this method has been successful with Trojans like GGTracker, we expect other malware writers to try similar distribution tactics.