The IDC survey found Android had a 78.1 percent share of global smartphone shipments in the fourth quarter.
The IDC survey found Android had a 78.1 percent share of global smartphone shipments in the fourth quarter.

How criminals are targeting Android

By Jayson O'Reilly, Security Practice Manager, Symantec Time of article published Dec 6, 2011

Share this article:

For years now, we in the cyber security industry have been saying an explosion of mobile malware is just around the corner.

Beginning in earnest this year, we have indeed observed a marked increase in threats targeting mobile devices - particularly the Android platform. However, it’s probably not accurate to say the expected explosion has in fact occurred.

The reality is that cybercriminals are still very much in the exploratory phase of figuring out how to monetise the exploitation of mobile devices. This is the topic of Symantec’s latest research.

Above all else, our analysis highlights how most current efforts to monetise mobile malware have only a low revenue-per-infection ratio. This has severely limited the return on investment achievable by attackers.

It also offers detailed insight into the top current mobile malware monetisation schemes observed by Symantec, including how each works and examples of the malware presently being used to carry them out. These schemes are:

Premium-rate number billing scams

Spyware

Search engine poisoning

Pay-per-click scams

Pay-per-install schemes

Adware

Stealing mobile transaction authentication numbers (mTAN)

However, the research also points out that the currently struggling revenue-per-infection ratio is primed to improve. The trigger will likely be advances in mobile payment-type technology and the widespread adoption of using mobile devices for both payment and accepting payment.

The key is that these applications rely on devices to transmit financial information - such as mobile banking credentials - backed by real monetary funds. We’ve learned in the PC world just how lucrative the exploitation and sale of this kind of information can be for enterprising cyber criminals.

Share this article: