Contact
QR code for the current URL

Story Box-ID: 441939

Imperva Inc. 3400 Bridge Parkway, Suite 101 94065 Redwood Shores, CA, United States http://www.imperva.com
Contact Ms Claire Hojem +44 20 7183 2841
Company logo of Imperva Inc.
Imperva Inc.

Ring Ring: Mobile Malware Calling

This is the first in a four-part series on mobile malware

(PresseBox) (Redwood Shores, CA, )
In the past, we've discussed the rise of mobile malware. More recently, Imperva's ADC has analyzed mobile malware and our findings support the observation that we'll see more Android malware than those targeted at Apple for two reasons:

- Technically, it is easier to write malware for Android.
- Currently, better channels exist to distribute for Android malware.

Google has bought Motorola (for the best market perspective on the acquisition, read Fabrizio's take). Consolidation aside, mobile malware is on the rise. For instance, Juniper's malicious Mobile Threat Threats Report found a 400% increase in Android malware since the summer of 2010. According to Paolo Passeri, the number of malware is growing exponentially, and has reached a huge peak in July. This trend is very important for the security industry. A recent Wall Street Journal headline captures the shifting landscape:

Microsoft Faces the Post-PC World Now 25 Years Old, Windows Sales Slow as iPad Gains; Lowest Market Share in Two Decades-82%.

Security translation: make room PC malware, there's a new player in town. The article also notes that in Q2'11, 43% of smartphones were sold with Android. We are already seeing issues: Dasient's recent paper on mobile malware highlighted how applications consistently violate privacy, leaking consumer data to app makers. In their report, they note:

The history of mobile malware continues to be written. After a slow start, the pace of attack is accelerating, and it is possible that we should expect some "mobile malware madness" to occur in the near future, at the very least, if not longer.

What kind of malware can we expect?

The next generation mobile malware is going to be rootkits for mobile. Mobile malware is evolving similarly to how PC malware had evolved. While first-generation PC malware was not sophisticated, in time it achieved a variety of stealthy features: anti-detection, hidden deployment and forensics deletion capabilities. We should expect to see the same in the mobile realm where rootkits for mobile will be hidden from the victim and mobile system processes. In fact, a Proof of Concept was already released in last week's Defcon. The researcher had shown that once the code was installed on an Android phone, the rootkit becomes activated via a phone call or a text message. Since the rootkit runs as a module in Android's Linux kernel, it has the highest level of access to the Android phone and can be a very powerful tool for attackers.

And hackers are taking note. We did an analysis of a hacker forum to determine the frequency that hackers discuss issues around mobile. A simple search over the past few years using iPhone, Android, Nokia and BlackBerry shows a fast-growing fascination.

Though our chart shows more iPhone discussions, we expect this to change.

In this series we'll highlight how Android's distribution model makes it easy to put malware on phones as well as take you through an analysis of a mobile malware. This malware first captures incoming SMS messages before any other system application. It then posts their contents to a drop server. What's unique about this particular malware? The industry has been calling it ZitMo - the mobile equivalent to the notorious PC-based Zeus malware. To be clear, after analyzing this piece of code, the ADC cannot guarantee 100% that this is the Zitmo code, but it seems likely.
The publisher indicated in each case (see company info by clicking on image/title or company info in the right-hand column) is solely responsible for the stories above, the event or job offer shown and for the image and audio material displayed. As a rule, the publisher is also the author of the texts and the attached image, audio and information material. The use of information published here is generally free of charge for personal information and editorial processing. Please clarify any copyright issues with the stated publisher before further use. In case of publication, please send a specimen copy to service@pressebox.de.
Important note:

Systematic data storage as well as the use of even parts of this database are only permitted with the written consent of unn | UNITED NEWS NETWORK GmbH.

unn | UNITED NEWS NETWORK GmbH 2002–2024, All rights reserved

The publisher indicated in each case (see company info by clicking on image/title or company info in the right-hand column) is solely responsible for the stories above, the event or job offer shown and for the image and audio material displayed. As a rule, the publisher is also the author of the texts and the attached image, audio and information material. The use of information published here is generally free of charge for personal information and editorial processing. Please clarify any copyright issues with the stated publisher before further use. In case of publication, please send a specimen copy to service@pressebox.de.