Six Ways Criminals Make Money from Mobile Malware

Mobile Malware is on the rise and the big question for many of us isn’t how this is happening, but why? What do hackers and malware coders get from developing and distributing their ill-intentioned apps?

Money.  That is the answer. There is a range of ways in which criminals can capitalize on mobile malware, but these are the six most significant.

Premium SMS Messages

Since the days of the very first smartphones, premium SMS messages have been the most common means of monetizing mobile malware. The malignant app takes control of the infected smartphone and commands it to send a message to a premium SMS number or access premium online content, giving the perpetrators or their partners the chance to request payment from the victim’s mobile provider. As the SMS can happen in the background with no visible indication, the only clue might be when the charge appears on the bill. It might take months before anyone notices the crime.

Mobile Adware (Madware)

It annoyed you on the PC, now it’s back to antagonise you on your smartphone or tablet. With so many free apps supported by advertising, Mobile Adware is a real grey area right now, but the worst offenders serve unwanted ads to your smartphone’s status bar, add bookmarks to your browser, redirect your browser home page and even read and modify calendar and contact information.

Illicit apps might even read and modify phone settings or drop icons on your home screen. As with most adware, the perpetrators make their money by triggering fraudulent click or affiliate revenue for their advertising portals or networks. This might not even be – strictly speaking – illegal, though it’s certainly immoral.

Stealing Information

There is no end to the useful content that spyware can steal from a smartphone or tablet. Everything from your contacts lists to your email, messages and documents are up for grabs. While apps usually have to ask permission to allow access, many users agree to permissions without checking the requests. Log-in details can be passed to hackers, who can use them to access accounts with a monetary value, while personal and business data can be used for future targeted phishing attacks. It all has value.

Bank Fraud

Few of us are careless enough to pass our banking details on to an illicit app, but mobile malware can still help criminals attack your accounts, capturing SMS messages and recording screengrabs or video while you log-in to your account. Zitmo, a variant of the Zeus mobile Trojan, even intercepts pass codes sent to mobile phones as part of a two-factor authentication process, working with a PC-based infection to divert money from your bank account to one owned by the attacker or their partners in crime.

Ransomware

Ransomware was the next big thing on PC, and now it’s appearing on mobile devices. A screen appears on your phone or tablet threatening to lock the device and encrypt your data unless you pay a ransom. Occasionally, this comes in the form of a warning that the police or FBI have detected illegal material and locked your device until you pay up. Sometimes the threats are bogus, sometimes there are real, but every time someone pays, the authors are making money.

Botnets and Spam

In recent years we’ve seen the first examples of mobile botnets, with apps that leave malignant code lurking on a smartphone until it’s triggered, adding the device to the network of zombie ‘bots’. This network can be used by criminals to send out spam email, earning them cash from the spam distributors, or to run distributed denial of service (DDoS) attacks that take out major websites or businesses – with criminal and government sponsors making this a nice little earner for black-hat hackers.

You can, of course, help stop the criminals from earning their pay. Avoid clicking on suspicious links in messages, use a mobile security app, keep your device updated and only download apps from official app stores. It’s the only way to be sure.