Mobile malware becomes a good money making industry

Security company Lookout released its State of Mobile Security Report 2012 which describes the issues that individuals experienced on mobile phone devices this year and examines the popular styles in mobile risks.

Mobile malware turns into a moneymaking industry. Thanks to its global ubiquity as a phone payment mechanism, premium text billing is the most used method used by malware coders to commit financial hoaxes on mobiles. This class of malware, said “Toll Fraud,” has become the most predominant type of malware in the last year. If we take into consideration that only Toll Fraud malware version, FakeInst, accounted for 82 percent of Lookout user detections in June 2012 is estimated to have successfully taken millions of dollars from phone users in Russia, the Middle East, and parts of Europe.

Mobile privacy is a growing issue. Privacy is one of the biggest issues people face on mobile devices. In 2012, a significant portion of privacy problems arose from aggressive advertising techniques, including pushing out-of-app ads and accessing personally identifiable information without user notification. Lookout estimates that five percent of Android applications include these aggressive ad networks and these apps have been downloaded more than 80 million times.

Geography and user behavior are main drivers for encountering threats. People in Russia, Ukraine and China have a greater likelihood of seeing malware than elsewhere. User behavior is the other leading factor; people who download apps outside of a trusted source, like Google Play, have a greater chance of stumble into malware.

Visiting unsafe links from a mobile device is one of the most common ways people encounter mobile threats. Web-based threats like phishing are often able to target both traditional PC users and mobile users equally, making these schemes easy for malware writers to produce and replicate. Lookout’s detected that four out of ten mobile users click on an unsafe link over the course of a year.

Gaming the app ecosystem. Lookout observed malware designed to enable shady app promoters to conduct download fraud. These malware families primarily affected users in China. In the past year, Lookout discovered malware capable of automatically downloading apps from alternative app market sources without the user’s knowledge, rooting the phone to download additional apps without warning, or installing third-party app stores.

“Trust is one of the most important factors influencing whether people will continue to use mobile devices to their full potential,” said Kevin Mahaffey, CTO of Lookout. “As smartphones and tablets have come to house our personal data, access financial information, and power practically all of our communications, there are more incentives for attackers to strike. Our mission is to identify and solve emerging threats so people around the world can continue to trust their mobile devices.”