The business of cybercrime
We used to imagine malware coming from loosely knit groups of hackers walled up in non-descript offices, spending their days pinging websites in search of vulnerabilities to exploit. Today the purpose of nearly all malware is to make money for cybercriminals. Over the last 10 years the creation of malware has evolved into an organized international criminal enterprise.
In an August 2012 article in InfoWorld, IT security writer Roger Grimes pointed out that cybercrime syndicates are recruiting amateur hackers and coders to sign on as full-time employees of their increasingly professional organizations. These criminal operations now have HR departments and project management teams. The goal of these multi-level, service-oriented syndicates is no longer political hacktivism or carrying out denial-of-service (DoS) attacks. Their mission is to steal money and intellectual property from individuals and businesses.
At the heart of these organizations are what Grimes called “malware mercenaries”—malware writers who work daily to turn out malware intended to bypass security measures, attack specific customers and achieve specific outcomes. And like the independent malware creators of the past, these criminal organizations continue to sell their malware on the open market in fierce bidding forums.
Currently cybercriminals are developing malware to specifically target mobile devices. That's why protecting mobile devices in your enterprise is more important than ever. There are two prominent ways the criminals use malware to make money from unsuspecting mobile device users: banking malware and premium-rate SMS fraud.
Fraudsters have built a highly specialized industry around capturing authentication information used to access online financial institutions. Their attacks initially relied on simple key-logging software to capture your username and password. But evolving techniques have led to an advanced cat-and-mouse game between criminals and banks.
Malicious mobile software such as Spyeye and Zeus (aka, Spitmo and Zitmo) attack users that visit a website set up by malware writers, their sponsors, or their partners. If the user visiting the malicious site is using a Windows-based web browser, the site serves the Windows version of malware. If the user visits a malicious website from a mobile browser, the malware serves up mobile versions of Zeus or Spyeye.
In either case the website has the ability to identify the platform you’re using to access that website. For users of the Android platform, the malicious website will serve an Android package (APK file). This app is designed to steal the mobile transaction authentication numbers (mTANs) associated with a banking transaction. MTANs are temporary passwords users receive from their banks via SMS message.
Zeus intercepts all incoming SMS messages and transmits them to either a website or phone number controlled by the attacker. Zeus also allows the attacker to control malware settings using HTTP requests or SMS messages. For example, by sending a specifically formatted SMS message, the attacker can change the destination number of forwarded SMS messages such as those from a bank. Zeus also targets devices running other mobile operating systems such as BlackBerry OS.
Premium-rate SMS fraud
Rather than ask you for your credit card or attempt to withdraw money directly from your bank account, many mobile phone malware authors use premium-rate SMS services to make money.
Once installed, a malicious application disguised as a pirated app for your Android may come with a little something extra, a module that will start sending SMS messages to premium rate numbers at your expense.
For more information on premium-rate SMS fraud, download the whitepaper Exposing the Money Behind the Malware.
Go to next page: Why iOS is safer than Android
We also offer a free Android malware scanner. It scans all your Android apps for malware and protects against loss and theft with a remote lock feature. Start protecting your Android device today.