We went to Infosec 2011 to investigate the truth behind malicious apps that steal money and personal data from your smartphone.
Anyone can have a smartphone these days. They’re everywhere, from high-end dual-core models to £99 Pay-As-You-Go bargains. As they have become more popular, the billion-dollar malware industry has started to take a serious interest.
Android, which makes it easy to install third-party apps that haven’t been checked by Google, is the platform all the anti-malware companies are focusing on this year. As Webroot’s David Bennet told us, “Android is the fastest growing mobile platform at the moment” and is open and easy to develop for, while “iOS is locked down”.
Fortunately, despite a theoretically huge number of potential targets, there are only a handful of threat vectors that the security industry has picked up.
Premium rate SMS senders:
One of the most subtle attacks, this type of malicious app gains permission to use your phone’s SMS feature and then sends text messages to premium rate numbers without telling you. They can even be designed to send only a handful of messages every month, costing you just a couple of pounds. If you don’t bother to read your bill, you might never find out.
Perhaps even more worrying than getting a couple of hundred pounds worth of premium rate text messages tacked on to your phone bill is the risk of losing all your personal data. Almost all smartphone users store the details of our social networking and email accounts on our mobile devices, but many also store online shopping account data, sensitive business information and even credit card details. ESET CTO Pavel Luka informed us that, far beyond the theoretical proof of concept threats we saw last year, “there is malware we’re seeing that is stealing personal data and it is out there [in the wild]”.
Naturally, no one is going to deliberately install an app labelled “Secret Premium Rate SMS Sender”. Whatever threat a malicious application presents, it’ll be cleverly disguised to make it appealing to its potential victims. This usually takes the shape of a legitimate and functional program that has been repackaged with a malicious payload attached to it. You’ll be able to use the app itself normally to do whatever it’s supposed to, but in the background, it’ll be doing something far more unpleasant.