The sprawling mobile devices marketplace has spawned an industrialized mobile financial fraud plexus that today drives increasingly sophisticated criminal technical innovation to exploit the mobile devices explosion. It is funded by increasing revenues derived from potent new developments in mobile malware, according to the APWG.
Mobile devices increasingly present an attractive, practical and economical alternative to traditional desktops. In the coming years, global mobile payments are predicted to exceed $1.3 trillion, moreover, presenting a mother load of opportunity for cybercrime gangs who appreciate the vulnerabilities of these peripatetic communications and computing platforms, the APWG’s analysis reports.
Malicious attackers seek out the weakest targets. In the case of smartphones attackers are quick to exploit inherent infrastructure vulnerabilities.
Attackers will choose the attack mode depending on the target. However, some basic features are strikingly similar across all operating systems. Devices may vary on design, functionality or network stack Android, iOS, Symbian OS, Microsoft Window Mobile and Palm OS, all offer:
- Access or support of a mobile network.
- Access to the Internet through interfaces such as Bluetooth, WLAN, infrared or GPRS
- TCP/IP protocol stack.
- Desktop PC synchronization
- The ability to simultaneously run multiple applications
- APIs to develop the applications.
APWG Mobile Fraud Research Coordinator Jart Armin said, “On one hand we can see just one example of a major European bank that in early 2012 had 100,000 mobile banking users, and by April 2013, 4 million. In contrast, there were around 50 generally known samples of mobile malware in 2010, rising in 2013 to some 30,000 samples.”
APWG provides a rhetorical approach towards mobile crimeware and the intrusion supply chain’s structure and examines subjects in depth from a practitioner’s perspective.
Key points that illustrate the potential for growth of an established underground malware market:
- 5.6 million potentially-malicious files reported on Android (APK, dyn-calls, checks-GPS, etc.), of which 1.3 million are confirmed malicious by multiple AV vendors
- Mobile payments are on track to top $1.3 trillion in 2015, bring intense criminal interest
- By 2015 – est. 2 billion + mobile devices
- China, as an example, now has 564 million Internet users; 75% are mobile.