Phone Hackers Build Networks to Deliver Legitimate Ads and Malicious Code
To keep hackers off your smartphone, the standard advice has been to avoid downloading dodgy applications. Digital criminals love to hide their attack code in free porn apps and counterfeit versions of popular programs such as Angry Birds.
Users should be wary of legitimate apps, too.
Palo Alto Networks said today it has discovered a threat emerging from China and other Asian countries, where hackers are going to the extreme of building their own ad networks. Their goal is to trick developers into embedding the networks' code in their apps, unwittingly opening a door for malware to be pushed through alongside legitimate ads, according to Wade Williamson, a senior security analyst with the Santa Clara, California-based company.
That could make mobile muggings even more difficult to escape.
"This is where things get extremely interesting," Williamson said in an interview. "The issue is that for pretty much anybody who builds a mobile application, they don't make much money from the application, so they have to build in these hooks to the mobile ad networks. What happens is those ad networks are more or less behaving like crude botnets."
Palo Alto found more than a half-dozen samples of the malware targeting Android devices in a study involving up to 15 "soak sites" used for monitoring attacks, he said. The malicious software enabled hackers to send text messages from infected phones to pay services, a scam known as "toll fraud." The malware also cleared the way for criminals to access the phones to steal personal information.
The findings are a sign that hackers are developing more advanced techniques for making money from infected devices. Another recent study by Lookout Security showed that hackers targeting Russian smartphone users can make as much as $12,000 per month in text-message scams from malware installed via free applications the users downloaded.
In April, Lookout also said it discovered a mobile-ad network that appeared innocent at first glance but was in fact malicious. The malware being pushed by the ad network was dubbed BadNews and targeted mostly users in Russia with text-message fraud. It was associated with 32 mobile apps that were downloaded as many as 9 million times from Google Play, according to Lookout. The company said Google deleted the applications and the developers' accounts after being notified.
What's alarming about the latest threats is that they involve no user interaction.
"You have this built-in network for proliferating malware over millions of devices," Williamson said.