South Korean information security company AhnLab is predicting botnets and malware targeting specific geographic regions could emerge as some of the most serious mobile security threats in 2012 as unscrupulous app developers become more sophisticated.
While malware is already a growing mobile security issue, this year AhnLab is predicting that the scope of attacks will expand, moving from situations where malicious apps rack up unauthorized charges on a user’s phone bill (as was the case in the RuFraud attack in December) to situations where the aim will be to establish a botnet of infected or zombie smartphones. A botnet of zombie smartphones could be used to send spam or conduct distributed denial of service attacks, just like botnets of infected PCs.
According to JungSin Lee, a researcher at AhnLab, that the first attempts to establish a smartphone botnet have already been made. In December a code named Geinimi appeared in the third party app market in China.
“Unlike other malicious codes which operate just for profit purposes, Geinimi had ‘bot’ functions including a remote control and downloading of additional malicious codes,” explains Lee.
Although the attempt was ultimately unsuccessful, if Geinimi had been able to establish a botnet it would have been very difficult for users to tell their smartphones had become zombies and the attackers would have had access to every function on the infected phones, including call monitoring, voice capture and the ability to download, install and uninstall applications according to Lee.
AhnLab is also predicting more locally based malware this year, as attackers focus on countries with well developed smartphone using population bases such as Russia, Europe and China.
“By far, the most efficient way for attackers to distribute malicious codes is through a direct download-and-install method. However, users have tended to prefer apps with a local culture UI and language. As a result, attackers make more local focused malicious apps,” Lee says. “Attackers investigate the local market before orchestrating the attack. In most cases, the malicious codes disguise themselves as a popular local applications such as a local game [or] adult apps.”
The company is also predicting an increase in the amount of malware transmitted through infected webpages to grow as smartphone users continue to increase the amount of websurfing they do from their phones. AhnLab is also expecting to see an upswing in malware specifically designed to attack jailbroken phones.
Lee highlighted third party app markets as the most common place to find malicious apps and pegged Android as the OS under greatest threat from malware. “Android is the most vulnerable,” he explains, “it has a mass number of users and a market policy that is not proactive in screening for malicious apps.”
AhnLab’s findings are bad news for Google, but don’t come as much surprise. Other mobile security companies such as Lookout and Juniper Networks have also called out Android for the same reasons. Lookout is predicting Android users will have a four percent chance of downloading a malicious app by accident this year and Juniper has tracked a 472 percent increase in the amount of malware found on the platform since July of 2011.
According to AhnLab, the best way for users to avoid malicious applications and malware is to use common sense approaches such as installing a mobile antivirus program and keeping it updated, checking applications before downloading them, taking caution when browsing the internet and avoiding the temptation to jailbreak a smartphone.