6 Discoveries That Prove Mobile Malwares Mettle

Trojans, botnets, adware, and more are jumping from theoretical to practical

Mobile malware hasnt yet grown to the problematic levels that once plagued Windows PCs back in the days before Trustworthy Computing. That doesnt mean mobile vulnerabilities arent exploitable, though: Todays security researchers are not only creating and discovering proof-of-concept examples with real-world applicability, but theyre finding in-the-wild samples, too.
Heres some of the most compelling evidence over the past year that shows mobile malware has bridged the gap from theoretical to practical.
1. Zitmo
One of the most successful banking Trojans of all time, Zeus, made the jump from PCs to mobile devices through
the Zeus-in-the-mobile (Zitmo) spyware application
. Prevalent on Android, Zitmo masquerades as a banking activation application and eavesdrops on SMS messages in search of the mobile transaction authentication numbers (mTANs) banks send via text to their users as a second form of authentication. Initially discovered in 2010, researchers last summer saw Zitmo gaining steam in the wild.
[ Are mobile banking apps safe enough to use? See
Making Mobile Banking Safe
. ]
2. Mobile Botnets
Since 2009, Perimeter E-Security Research Analyst Grace Zeng has been exploring the possibilities of botnets consisting entirely of mobile devices. Naysayers told her it wasnt feasible, but last month she showed how realistic the possibility is with a presentation at WiSec 2012. Zeng presented her
proof-of-concept design
, which showed how devices could be infected through code hidden in games or system applications, and how command-and-control (C&C) communications could be passed through SMS made to look like spam. The hackers may well be ahead of her -- researchers with NQ Mobile said last month that they discovered an
Android bootkit
that leverages root privileges and poses one of the first threats of mobile botnets in the wild.
3. CrowdStrike RAT Attack
Industry heavy-hitters George Kurtz and Dmitri Alperovitch made waves for their stealth start-up CrowdStrike when they wowed the crowd at the RSA Conference in February by demonstrating how the companys research team
reverse-engineered a Chinese remote access tool (RAT) to spy on a users calls, physical location, apps, and data
. The end-to-end mobile attack is delivered through a phony SMS message with a URL ostensibly leading to information about the users need to renew service. The attack goes to show how thoroughly attackers can spy on users through commandeered mobile devices.
4. Instastock
Many researchers have noted that the growing mobile malware problem is actually an Android malware problem. Thats true to a large degree at the moment, but exploits like the one Accuvants Charlie Miller came up with in November prove that attackers can and will find ways into Apples walled garden. Millers Instastock application was an
exercise in vulnerability exploitation
. He took advantage of a
flaw in the way Apple handles code signing
to load a stock ticker app into the App Store that phones home to the attackers server. Apples since fixed the exploit, but Instastock stands as proof positive that iOS is far from impregnable.
5. JiFake
Mobile marketers are loving the convenience of easy-to-scan QR codes to deliver mobile users to their websites and apps through their phones barcode scanners.
Attackers love these codes, too
. Researchers are finding that the bad guys are increasingly using the obfuscation of QR codes to trick users into downloading malware -- and there are plenty of real-world samples to back up those claims. Examples like
Jifake
are distributed through QR code. The end game, as with many QR code Trojans, is to get the phone to send SMS messages to a premium number without the user knowing about it.
6. Android.Notcompatible
This week
Symantec is warning of a new website injection campaign
hat tricks users who visit infected websites to allow installation of a malware payload pretending to be security software. Like a drive-by-download attack, Android.Notcompatible pops up as a URL redirect injected into the HTML body of an infected page. But users still need to intervene to allow installations and accept permissions on the malware, which poses as a security package. Symantec says the malware routes traffic from an infected device to an external source, opening the potential to steal sensitive content, perform clickjacking, and lay the foundation for extortion rackets.
Have a comment on this story? Please click Add Your Comment below. If youd like to contact
Dark Readings
editors directly,
send us a message
.

Last News
▸ ArcSight prepares for future at user conference post HP acquisition. ◂ Discovered: 07/01/2025 Category: security	▸ Samsung Epic 4G: First To Use Media Hub ◂ Discovered: 07/01/2025 Category: security	▸ Many third-party software fails security tests ◂ Discovered: 07/01/2025 Category: security

**Cyber Security Categories**
Google Dorks Database	Exploits Vulnerability	Exploit Shellcodes

CVE List

Tools/Apps

News/Aarticles

Phishing Database

Deepfake Detection

Trends/Statistics & Live Infos

Tags:
6 Discoveries That Prove Mobile Malwares Mettle