Mobile threats doubled in 2010, anti-virus firm says

A new report from software security firm Kaspersky Lab has shown that mobile device threats increased dramatically in 2010, primarily due to the popularity of Google’s Android operating system.

Over 1,000 variants of 153 “families” of mobile device threats were found between August 2009 and December 2010, accounting for 65-percent increase during this period.

In the report “Mobile Malware Evolution: An Overview, Part 4”, Kaspersky Lab senior malware analayst Denis Maslennikov said the list of platforms targeted by malicious programs expanded considerably in 2010.

The growing popularity of the Android platform has inevitably drawn the attention of cybercriminals. In August 2010, the first malicious program targeting Android was detected. Since then, that number has reached 15 programs from a total of 7 families.

The first threats targeting Apple’s iPhone OS also appeared during this last reporting period, but infected only devices that had been jailbroken in order to install third-party games and other software not manufactured by Apple.

Most mobile threats continue to target the Java 2 micro edition (J2ME) platform, which is supported by a huge number of mobile devices. This means it is not only smartphones that are at risk of infection, but basic mobile phones as well.

The second most-targeted platform is Symbian, with Python in third place.

“The use of SMS Trojans is still the easiest and most effective means by which malicious users can earn money. The reason is relatively simple: any mobile device, be it a smartphone or a basic mobile phone, has a direct connection to its owner’s money via their mobile account. It is this ‘direct connection’ that cybercriminals actively exploit,” explained Maslennikov.

From 2010 onwards, sending fee-based text messages ceased to be the sole illegal money-making scheme for virus writers developing threats targeting different platforms.
Other unlawful schemes such as redirecting mobile internet banking users to phishing sites and stealing passwords sent by banks to mobile phones were also used. Mobile threats have become more complex than ever and include the emergence of mobile bots and other remotely-controlled software.

“This means that attacks launched by mobile threats have reached a completely new level,” Maslennikov said.

Kaspersky Lab said it expects an increase in the number of vulnerabilities found on mobile platforms, as well as an increase in the number of threats for Android and the continued use of short numbers by cybercriminals.