For years now, we in the cyber security industry have been saying an explosion of mobile malware is just around the corner.
Beginning in earnest this year, we have indeed observed a marked increase in threats targeting mobile devices - particularly the Android platform. However, it’s probably not accurate to say the expected explosion has in fact occurred.
The reality is that cybercriminals are still very much in the exploratory phase of figuring out how to monetise the exploitation of mobile devices. This is the topic of Symantec’s latest research.
Above all else, our analysis highlights how most current efforts to monetise mobile malware have only a low revenue-per-infection ratio. This has severely limited the return on investment achievable by attackers.
It also offers detailed insight into the top current mobile malware monetisation schemes observed by Symantec, including how each works and examples of the malware presently being used to carry them out. These schemes are:
Premium-rate number billing scams
Spyware
Search engine poisoning
Pay-per-click scams
Pay-per-install schemes
Adware
Stealing mobile transaction authentication numbers (mTAN)
However, the research also points out that the currently struggling revenue-per-infection ratio is primed to improve. The trigger will likely be advances in mobile payment-type technology and the widespread adoption of using mobile devices for both payment and accepting payment.
The key is that these applications rely on devices to transmit financial information - such as mobile banking credentials - backed by real monetary funds. We’ve learned in the PC world just how lucrative the exploitation and sale of this kind of information can be for enterprising cyber criminals.