Friday, 28 October 2011

How Android Malware Makes Money

In the old, old days researchers wrote virus code to prove a point and lone coders released malware that disseminated a message or simply vandalized computers. Modern malware is all about money. Symantec has just released a report on the various techniques used to make a profit from Android-focused malware. Given that Android is now the most widespread mobile platform, it's a wide-open field for malefactors seeking to cash in.



Premium rate billing is one simple technique to skim some cash. In this case a Trojanized Android application performs some useful or entertaining function, but secretly sends SMS short codes that bill the caller  $10, $50, or even more. The attacker splits the fee with the phone service carrier. Apps can send text messages without any visible indication, making this a better choice than forced dialing of premium rate telephone numbers.

Some apps literally spy on the victim, recording phone calls and texts and tracking GPS location. It's true that on installation the victim must agree to specific permissions, but many users just routinely give an OK to all such requests.

Malicious apps that poison search engine results can drive traffic to malicious Web sites, either to encourage download of more malware or to generate income based on pay-per-view or pay-per-click advertising.

Fake antivirus, often called scareware, is a big money-maker on the PC platform, where users routinely pay $50, $60, or more for antivirus protection. Symantec hasn't yet seen a surge in Android fake antivirus, quite possibly because users would expect to pay just a few dollars for protection. Symantec's own Norton Mobile Security Lite is free, for example, as is Snuko Anti-Theft For Mobiles.

In truth, almost all of the existing monetization schemes have a low payoff. The report concludes, "While we will continue to see malicious Android applications, additional advances in the mobile technology space that allow greater monetization are likely required before malicious Android applications reach parity with Windows." You can view the entire report on Symantec's Web site.

0 comments:

Post a Comment