A Brief History of Mobile Malware (& How to Protect Your Apps)
As mobile phone ownership, dependency, and its use in making payments continues to grow, so does the likelihood that users will fall victim to mobile malware. Therefore, as a mobile app developer, knowing how to protect your apps from digital threats is crucial. Malware attacks on smartphones are believed to have started in 2004. Over the years, and especially from 2011 on, different types of malware threats have been developed to extract personal data and make money from unsuspecting users.
Here are the main four types of mobile malware:
- Spyware—secretly collects data about a victim’s activities and relays to third parties.
- Trojans—causes unauthorized actions on programs, leading to losses.
- Phishing attacks—masquerades as a trustworthy entity to steal user credentials.
- Hidden processes—runs malicious programs in the background, striking when a user completes an action such as accessing an online banking service.
History of Mobile Malware
The current crop of malware threats is getting more sophisticated, with every passing year. But, how did it all get here? To better understand the intricacies of today’s malware and how best to develop secure applications, a brief history of the past attacks can illustrate their role in the evolution of threats.
- 2004: Breaking Ground
It all started in 2004 when Cabir caught the world’s attention. Originally designed as “proof of concept” by a group of international virus writers calling themselves 29A, the malware targeted devices running Symbian OS. Cabir’s attack resulted in displaying the word “Caribe” on the screen of infected devices. Thereby, it spread itself by searching for other devices within close proximity and, if Bluetooth was on, would push itself onto them, prompting users to agree to download it. Clearly, the ground had been broken. Although Cabir was not very pernicious, the concept was improved by others with more mischievous intent, leading to soaring of the number of malware targeting smartphones.
- 2005: Integrating MMS to the Mix
Commwarrior enhanced the mobile malware evolutionary scale by adding the ability to propagate itself using both Bluetooth and Multimedia Messaging Service (MMS). It also targeted Symbian-based devices (which were the most popular at the time) by sending out a constant stream of surreptitious MMS messages to the phone’s contacts book, leaving users with the bill—literally.
Commwarrior was especially effective because the infected message appeared as though it had been sent from a source familiar to the victim. Once an unsuspecting user opened the message, the malware installed itself on the phone. As a secondary propagation method, the compromised phone would push the malware out to any other Bluetooth enabled device within proximity. Commwarrior’s objective seemed just to cause nuisances by spreading itself as much as possible, without profiting from the costs of sending the MMS messages.
- 2006: Following the Money
Following the demonstrated breakthroughs of Cabir and Commwarrior, malware developers took things a notch higher by introducing the first Trojan horse called RedBroswer, which would infect an extensive range of mobile phones running on different operating systems. RedBroswer would run on any device supporting Java 2 Micro Edition (J2ME) platform. It relayed messages that tricked users to complete some actions, such as visiting WAP websites using free SMS messages.
However, RedBroswer was actually sending premium-rate SMS messages to international phone numbers, generating a tidy trickle of income for fraudsters.
- 2007: Introducing Spyware
One of the earliest types of spyware, called FlexiSpy, was introduced during this period. Once installed on a victim’s device, FlexiSpy was very successful at tracking the activities of a smartphone user, such as SMS information, phonebook details, and voice calls, and relayed them to third parties. Currently, FlexiSpy is mainly advertised as a solution for monitoring the activities of spouses, employees, and children on smartphones.
- 2008: Trojan Burrowed into Windows Phones
In 2008, miscreants developed the InfoJack Trojan, which was capable of infecting Windows mobile devices. InfoJack leaked information from the infected device to a home server, whenever the device had an Internet connection. As a part of its troubling behavior, the Trojan would change the security settings on the device, causing installations to be done without any prior security warnings.
- 2009: Malware Targeting iPhones
In 2009, the Ikee malware was developed to target Apple’s iPhone. It was distributed by means of SSH connections between jailbroken Apple devices. Users were vulnerable if they had failed to change their default passwords after installing SSH. Ikee did nothing malicious other than merely changing the infected iPhone’s wallpaper to a photo of singer Rick Astley, and then searched other vulnerable iPhones on the mobile network to infect. Nonetheless, it was a powerful demonstration that malware protection is necessary across every device, even Apple’s devices.
- 2010: Following the Money—More Efficiently
2010 was a major turning point in the evolution of mobile threats: mobile attackers transitioned from random individuals to more organized, widespread attackers operating without geographical limits. From 2010 on, malware detection experts started seeing an explosion of cybercriminals working to generate money by exploiting vulnerabilities in mobile platforms.
A notable example is Zitmo (Zeus-in-the-mobile), which was a malicious Trojan horse capable of migrating from a PC environment and into a mobile environment, leading to massive losses by online banking customers. Zitmo stole transaction authorization numbers, thus evading the essential security processes.
- 2011: Android Attacks Intensifying
As Android domination of the smartphone market increased (it was reported in August 2011 that Android controlled nearly 50 percent of the smartphone market share in the world), cybercriminals also saw the potential it offered. The attacks on Android platform intensified, especially with the development of more powerful malware. For example, the Trojan DroidDream was discovered in Google Play in 2011. The dangerous Trojan infected more than 50 apps with thousands of downloads, leading to sensitive user information being sent to third parties, and sneakily installing other unauthorized apps on the infected device. As a protection strategy, Google removed the affected apps from its store.
- 2012: Game On (Especially on Android)
Cybercriminals continued to wage their attacks on the Android operating system. For example, in 2012, another SMS Trojan called Boxer burrowed into Android, and generated profits to fraudsters by sending premium-rate SMS messages. Boxer was prevalent in 63 countries, where it took advantage of MCC (Mobile Country Code) and MNC (Mobile Network Code) from the infected mobile phones to send an SMS that propagated itself, and charged users premium rates.
- 2013: Android, Android, Android
Believed to be the first example of mobile ransomware (a malicious program obstructing access to a device until a certain amount of money is paid), FakeDefender intensified the attacks on Android platform. FakeDefender displayed bogus security alerts, which tried to lure the user to buy an application with the false promise that it would eliminate non-existent malware or other inefficiencies from the mobile device. After installation, the ransomware displayed the picture of an animal with the message “Android Defender.”
- 2014: Ransomware Attacks Intensifying
After the success of FakeDefender, other ransomware was developed to attack Google’s operating system. A notable example is Simplocker, which scans the victim’s SD memory cards for certain file types and encrypts them, then demands payment for decrypting. Simplocker corrupts most of the common file types, including audio files, PDFs, and photos.
- 2015: Amazon Gift Cards Targeted
In 2015, malware detection experts discovered a scary new malware called Gazon, which spreads by a phishing SMS containing a shortened link with a $200 Amazon gift card offer. The use of the Amazon brand as well as the supposed financial incentive led to thousands of unsuspecting users falling victims.
Gazon masquerades as an Android app, which when downloaded and installed, will ask the victim to take part in a survey to claim the Amazon rewards and vouchers. However, a victim ends up clicking a spam web page or is redirected to a download page of a game in Google Play, generating money to the malware author. Worse still, Gazon harvests a user’s contact list and distributes itself by sending unsolicited messages through SMS and social media networks.
- 2016: Malware Threats Continue to Escalate
In 2016, mobile malware attacks continued to escalate in both volume and sophistication. A recent report revealed that malware attacks on smartphones rose by 95 percent over the year to April 2016
A good example is the SMS Thief, which is a malicious application disguising itself as an uninstaller utility. Once installed on a device, the malware lives to its name: it copies and forwards all text messages from the Android phone to third parties, leading to loss of sensitive personal information. Ultimately, the victim ends up paying huge bills, since the malware sends premium-rated text messages. Worse still, SMS Thief runs in the background while hiding its icon from the app launcher, complicating the user’s malware protection efforts.
How to Protect Your Apps
To this end, it is evident the mobile malware landscape has been experiencing rapid changes, and this makes forecasting the happenings in the next few years even more difficult. As an app developer, you should be forward-thinking and develop secure apps that can outsmart the techniques attackers use to reap users of their hard-earned money.
Here are some ingenious ways you can protect your apps:
- Education: Educate app users on the risks of mobile malware, especially on the techniques for preventing theft of their sensitive data. For example, to prevent app imitation, encourage them to download your app only from legitimate sources, and not anywhere else.
- Code securely: If you code your mobile product in a secure manner, you can embed some security features in your design that can prevent fraudsters from taking advantage of users. For example, excessively depending on client-side data storage can expose your app to attacks.
- Test frequently: After each stage of app development, you should practice code scanning. This way, you can identify any design flaws and security loopholes that can ease malware penetration.
- Practice encryption: Ensure your app does not leave user data unencrypted on the mobile device. For example, you should store users’ authentication credentials in a secure environment.
- Practice obfuscation: With this technique, you can transform your code into indecipherable gibberish, which makes it complicated to reverse engineer your app. This way, finding a Trojanized version floating somewhere else is difficult.
- Reduce opportunities for malware threats: Rather than developing on broad frameworks, you can concentrate on shrinking the app capabilities to only those features that are really beneficial to users. This way, you’ll reduce the attack surface area of the app.
- Update frequently: Frequently keep your app up-to-date to surmount any new digital threats.