At the Virus Bulletin Conference last month in Dallas, Grayson Milbourne and Armando Orozco presented a talk entitled XXX Malware Exposed: An in-depth look at the evolution of XXX Malware. I have renamed it in this blog post to mobile malware because the techniques that malware writers are doing are not unique to any one platform. They could be applied to any mobile environment with a few changes (I have x’ed out a certain smartphone to underscore this even though its name is given in clear text in the actual presentation).
Mobile malware started two years back:
Mobile malware is now delivered in multiple ways: through social engineering, through rogue marketplaces, through infected applications, through SMS phishing, man-in-the-middle attacks, and drive-by infections. Furthermore, they have started using the same techniques to evade detection as the desktop world: polymorphic distribution (minor changes in every downloads including hashbuster to evade signatures), payload encryption, security app removal, and payloads in embedded files.
Gee, you might think they’ve done this before.
How has the malicious action changed over time? Early versions did not use encryption and send premium SMS messages. Now, they root the device and add it to a bot network that installs payload for its applications.
How can this happen?
Part of the problem is that there is no easy mechanism to update the smartphone OS to the latest version. Many users are running OS’es 2.x versions ago. Manufacturers don’t have easy ways to update (there’s no Windows Update for your phone… yet).
Malware authors know this; if hundreds of millions of people are using an insecure OS, malware authors will exploit it. They do things like:
What are some security tips?
And that’s my summary of the evolution of mobile malware. It looks a lot like the evolution of PC malware, and the security tips for increasing your security are very similar.