Toll Fraud Tops Mobile Malware Threats

Some parts of the world at higher risk of mobile attacks than others, Lookout report shows

Dark Reading Staff, Dark Reading

September 7, 2012

2 Min Read

It's not so much the spyware that's plaguing mobile devices as much now: that was so 2011. Now the majority of mobile malware executes toll fraud, and has sapped millions of dollars from its victims in Russia, the Middle East, and parts of Europe, according to new data from mobile security firm Lookout.

A prolific family of malware called "FakeInst" tops the charts in toll fraud attacks, which bill victims using premium SMS services. These types of attacks -- and malware -- have increased from 29% of all mobile malware in the third quarter of 2011 to 62% in the second quarter of 2012.

Derek Halliday, senior product manager for Lookout, says these types of malicious apps are well-designed. "They work in a way that can potentially hide" red flags from the victim, he says, including intercepting premium SMS billing messages.

"Victims don't find out until they get the bill," Halliday says. FakeInst, which poses as an installer for legit apps like Opera and WhatsApp Messenger, represented 82% of malware detections by Lookout in June of this year.

Aside from the obvious risk of downloading apps from untrusted sources, geography is a major indicator of the risk of your mobile phone getting infected and attacked by scammers. Russia, Ukraine, and China are the most malware-laden locations for mobile users. Toll fraud is lucrative and easy to do in Eastern Europe due to weak SMS regulation of those services, according to Lookout.

Mobile devices in Japan are some of the cleanest: only .04 percent likely to be infected with malware, while 41.6 percent of devices in Russia are infected. Lookout estimates that 6 million mobile users have come across malware in the past 12 months, while four out of 10 mobile users visits an unsafe URL each year.

Meanwhile, overly aggressive mobile ads are getting personal information from the devices without the users knowing. "Lookout estimates that five percent of Android applications include these aggressive ad networks and these apps have been downloaded more than 80 million times," according to the report.

Attackers also are writing mobile malware that can download apps from unsanctioned app stores without the user knowing.

"Trust is one of the most important factors influencing whether people will continue to use mobile devices to their full potential," said Kevin Mahaffey, CTO and co-founder of Lookout. "As smartphones and tablets have come to house our personal data, access financial information, and power practically all of our communications, there are more incentives for attackers to strike."

So download apps only from trusted sources and stores; review your phone bill; make sure the URL you visit matches the website; and run mobile antivirus software, Lookout recommends.

A copy of the full Lookout report is available here for download.

Have a comment on this story? Please click "Add Your Comment" below. If you'd like to contact Dark Reading's editors directly, send us a message.

About the Author(s)

Dark Reading Staff

Dark Reading

Dark Reading is a leading cybersecurity media site.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights