Mobile phone malware is everywhere. Over the course of a year, any one consumer has a 30 percent chance of clicking on an unsafe link, such as a phishing attack, when they surf the web on a mobile phone, according to a new survey by Lookout Mobile Technology. That’s 2.5 times more likely than just six months ago.
The problem is that many users believe smartphones are relatively immune from malware, because they’re on closed mobile phone networks. But now that smartphones can access email and the web, they’re prone to attackers who target the known vulnerabilities of data communications.
“There is a huge increase in malware relative to last year on mobile phones,” said Kevin Mahaffey, chief technology officer at San Francisco-based Lookout, which protects mobile phones against malware. “The likelihood of encountering malware keeps going up.”
In January, there were hundreds of malware detections a day. Today, there are thousands. The company is revealing the data at the Black Hat security conference in Las Vegas this week.
Mahaffey said in an interview that Lookout has encountered 89 variants of just one piece of malware, DroidDream, because virus writers keep changing it and republishing different versions of it on different Android stores. Another piece of malware, GGtracker, would spread by advertising links in popular games. You would see an add for a battery saver app. If you clicked on it, the ad would load malware into your phone. The malware would then start sending you premium text messages, resulting in a huge monthly bill for the user.
“It seemed like a trusted download,” Mahaffey said.
Many pieces of malware are hidden in repackaged apps. These are legitimate apps that are pirated and then packaged with malware and then are re-uploaded to app stores. Games, utilities and porn apps are the mostly likely targets for repackaging, Mahaffey said.
Also, the malware writers are getting more clever. Now they are publishing clean apps that actually do something useful and are therefore likely to spread wide. Once they are widely distributed, the malware creators upload an update with malware into the app, which compromises the user’s phone.
“I hate to call it innovation, but we expect to see more clever ways about how to trick users into dowloading apps and how to make money from those users via malware,” Mahaffey said.
Most of the malware is on Android phones, but malware has spread through many mobile sites. Jailbroken phones are particular targeted because such apps exploit weaknesses in browsers to overcome a phone’s security. Malware can also attack the kernel layer of a jailbroken phone, much like what happens on the PC. Lookout has more than 10 million users across the globe, and its Mobile Threat Network scans more than 500 million apps a day.
Malware apps are now digging into personal wallets and personal information stored on phones. The malware can take control of a phone, steal personal data, or steal money. Lookout is funded by Accel Partners, Index Ventures, Khosla Ventures and Trilogy Equity Partners. Its app is available on 400 mobile networks in 170 countries. The company has been analyzing just about every known app through its App Genome Project, which has collected more than 700,000 mobile apps and is adding more than 1,000 aps daily. Lookout has around 60 employees.
Lookout’s app is available for free; a premium version has features such as more backup options and the ability to wipe your records from a stolen phone remotely. The premium version costs $2.99 a month.