Sexy Malware Bound for Smartphones
Your smartphone is like a miniature computer, getting smarter and more powerful while enabling greater functionality with each new mobile device that is released. It's exciting to customize your cell phone with any type of application you want. Google and Apple, alone, offer more than 250,000 apps such as games, productivity and financial tools, and other apps. In fact, the apps craze is moving at such a fast pace, it might prove difficult to keep up with the malicious software that is sometimes a "bonus" in the app download. One thing is certain, your cell phone is not safe. Mobile phones are now targeted by malware writers and cell phones can even be lassoed into botnets.
"Mobile phones are a huge source of vulnerability," Gordon Snow, assistant director of the Federal Bureau of Investigation's Cyber Division, told the Wall Street Journal. "We are definitely seeing an increase in criminal activity." Snow also told WSJ that the FBI's Cyber Division is working on cases based on tips about malicious apps that can compromise banking or be used for espionage. The FBI does not allow its employees to download apps on FBI-issued smartphones.
After the Schmoocon hacker conference last year, security researchers presented a vulnerability that was considered so dangerous to Google's mobile OS Android that owners were warned not to use the phone's web browser. And now the Android is being hit with its first SMS trojan in the wild. It seems Android owners are getting wise about protection at a rapid pace. DroidSecurity's free antivirus was clocked at 2.5 million downloads last week.
Last year at Black Hat security conference, researchers were able to attack an iPhone via SMS. "Consumers should be aware that iPhone security is far from perfect and that a piece of software downloaded from the App Store may still be harmful," wrote software engineer Nicolas Seriot in a research paper detailing iPhone security holes.
Apple, Blackberry, Android, Windows mobile, and Symbian smartphones all have been under siege; none are immune from attacks. Yet we can't quench our desire for apps. So what is a cell phone owner to do? Think of it sort of like safe sex. You can still engage in it, but you need to be wise and to take precautions in order to avoid complications.
Sex and "sexy malware" played a part in one of the first alerts of mobile botnets aimed at the Symbian. Sexy Space was a variant of another mobile malware called Sexy View. It was capable of downloading new SMS templates from a remote server in order to send out new SMS spam. "No malware for a mobile device has been known to do that before," said Rik Ferguson, senior security advisor for Trend Micro. Trend Analysts had "heated internal discussions" about whether Sexy Space qualified as botnet code. It took a little bit of social engineering to get users onto a malicious site where it was unknowingly downloaded. Part of its lure was that the vendor seemed to point to "Playboy." Many users were caught without protection and voila! Sexy mobile malware gave a whole new meaning to phone sex.
Speaking of sex and phones, the dating site OKCupid.com conducted research on nearly 10,000 smartphone users. iPhone owners are getting much more sex than Blackberry or Android owners. Women iPhone users get the most action of anyone. OkCupid's results are listed on the graphs below. (Click on the image for a larger view)
It may prove interesting to see if the heaviest hit mobile malware sectors will mirror this sex and cell phone study, with iPhone on top, followed by Blackberry and then Android. Take precautions; be wise before you take "home" an app that you don't know well enough to trust. And by all means, please use protection!
For comprehensive coverage of the Android ecosystem, visit Greenbot.com.