Mobile Malware: Reinventing the Wheel or Not?

Posted by Darragh Kelly on 2015-06-04 14:30:00

Mobile is everywhere, no pun intended. At a security conference I attended recently, one of my colleagues humorously quoted Jules Winnfield, played by Samuel L Jackson, from Pulp Fiction by saying “Say mobile again, I dare you, I double dare…”

It’s true: it’s ubiquitous and unavoidable. And for plenty of good reasons. For example, Gartner stated this year that Android alone “surpassed a billion shipments of devices in 2014, and will continue to grow at a double-digit pace in 2015, with a 26 percent increase year over year”. It’s forecasted to surpass the 1.5 billion by 2016.

That type of volume and usage draws a lot of attention – both “good” and “bad” – as it clearly demonstrates a huge and growing market space, with possibly a lot of unexplored business opportunities. When it comes to bad news, it generally travels fast. So when we look at attacks and hacks in the mobile space, there is more than a lot of expectation, at least within certain sectors, to see how this market is and will evolve: who will be the main players, what will be the plays etc.



Mobile malware: Android in the spotlight

How secure or insecure mobile operating systems (OSes) are has led to heated debates and face-offs between the main players. But for the purpose of this post, and to play the numbers game, we will focus on Android.

So with all of this market opportunity, how will malware actors look to leverage the numbers into financial gain? One approach is don’t reinvent the wheel, look to the past to see what has worked, and reapply tried and trusted techniques. It makes sense to me, and it would seem that it makes sense to others also.


Ransomware: the new highlight of the mobile threat landscape

This brings us to one of the most money-hungry types of malware ever created, and which seems to go from strength to strength in the endpoint space: Ransomware. This started as far back as 2005-2006, and reached maturity in 2013 via Cryptolocker. Featuring military-level encryption of end user or corporate data, with no real possibility to restore it to a usable state, ransomware leaves victims with only two options: either pay a ransom to free the data, or accept an ill faith.

Recent variants have been tweaked to improve money transfer, via e-money payment systems like Bitcoin. But they are still good (or bad in this case!) old #Ransomware. Some notable attacks have targeted law enforcement agencies that have had to fork up the money to keep their data. However, as Brian Krebs once said, “it’s no surprise ransomware attacks against police agencies have become public, while those against private companies have not.” In a nutshell: Ransomware, as we know it, has and continues to wreak havoc as it works both effectively and efficiently; only now, it has an extended audience enabled by evolving mobile consumer trends.


Mobile ransomware: money-hungry and tried and trusted

So from one side you have tried and trusted, financially lucrative malware, and on the other side you have a massively growing market: Mobile. Now we can also add to the equation that the mobile space is potentially more vulnerable in a lot of circumstances due to unsure Wi-Fi usage, use of unsanctioned market spaces, and let’s not forget the end users perception of mobile being immune to threats: only 1 in 50 smartphones has an antivirus protection installed!...

If we join the dots, the business case for mobile ransomware starts to build itself.
It would be hard to weigh the factors that are driving ransomware creation and propagation in the mobile space. But the reality is that it is happening and it is on the rise. Attacks are becoming more common place as you can see from the growth in detections – mobile specific – in the last 12 months.



Case in point: Android ransomware discovered recently by Bitdefender

Bitdefender detected roughly 15,000 spam emails originating from servers sited in Ukraine. The emails contain APK files that try to pass as Adobe Flash Player updates, but is in fact ransomware, more specifically Android.Trojan.SLocker.DZ.Upon downloading and running the file, an FBI warning pops up on the screen that tells the user they broke the law by visiting pornographic websites, and explains that the device will remain locked until a $500 fine is paid.

In this particular case, encryption is not actually used, but as Bogdan Botezatu, Senior e-threat analyst with Bitdefender, said to SC Magazine last week:

“Unlike file-encrypting Android ransomware, this type of malware requires less permissions – [primarily,] it does not need device administrator permissions – [making] its installation much less suspicious. After infection, the user is presented with a web form that prompts the user to enter a valid MoneyPak voucher code,” Botezatu said. “This voucher number is linked with a device ID and is reported to a central server. If the user enters too many invalid codes, the amount of money they have to pay triples.” 


Mobile ransomware: opportunity and leverage

So mobile is on everyone’s tongue at present and ransomware is thriving. Due to huge mobile opportunity, market growth, and greater vulnerability (e.g. consumer perception of mobile immunity), these two terms will no doubt be seen together more often in the coming future. They might even create a combined Twitter hastag #MobileRansomware.


Subscrine to OEM Hub

Find me on:

Darragh Kelly

Darragh Kelly, Global OEM Product Marketing Manager at Bitdefender, has been working within the IT Security industry for over 17 years. Having had a diverse number of roles, such as QA, Tech Support, Training and Product Marketing in his career he has a unique understanding of the challenges faced by a wide range of stakeholders in the business.

Topics: Threats, Mobile Security