HackDig : Dig high-quality web security articles for hackers

Mobile Attacks: Cybercriminals' New Cash Cow

2014-08-15 01:13

Cybercrime is worth big money. So as people move away from using PCs and toward smartphones and tablets as their primary computing devices, digital crooks have taken note. Mobile devices are the next big target for cybercriminals looking to make quick cash, and according to the 2013 Norton Report, 38 percent of smartphone users have already been a victim of cybercrime.

It’s no coincidence that the rise in mobile device threats coincides with Android’s widespread adoption and use of an open marketplace. Android users represent the biggest addressable market for cybercriminals and offering apps through open environments like third-party markets, provides an easy way to take advantage of device owners.

So how much money are cybercriminals actually making on mobile schemes? Well, that varies. For most attacks it mainly depends on how many users download and install the malicious app. But we have seen cases where the estimated revenue could potentially reach millions of dollars. Mobile hacking is also very lucrative for malware application vendors. One of the most powerful, and expensive pieces of malware we’re seen recently in the underground market is iBanking, which developers are offering for $5,000 USD per subscription.

To give you a better idea of what the underground market looks like for mobile ploys, here’s a brief look at how scammers are monetizing their attacks on mobile.

Capture.PNGPremium Rate Number Billing

In this scenario, attackers set up and register a pre­mium-rate number. Typically, using “short codes” that are shorter than a normal phone number and bill at a premium rate above the normal cost of an SMS or phone call.

The attacker then sets up a malicious application and releases it on the app market. After an unsuspecting user downloads the application onto his device, the application will periodically send SMS messages to the premium-rate number. Since the app can covertly request permissions to send messages at installation, the app can continuously send messages without user confirmation. All the while, the phone owner incurs charges on his phone bill and the attacker cashes in. Attackers receive 30-70 percent of the premium rate charge, which can range from $10 USD up to $50 USD.

Scam Applications

Mobile scams usually come in the form of useless or misleading apps that request payment without properly signing users up for the paid service. For instance, we’ve seen one-click fraud apps in Japan that con users into paying a fee for fraudulent adult-related sites. The user is presented with several links to adult-related video sites, and the scammer mixes his malicious links among legitimate links within the app. Once the user attempts to play a video he is told to pay a fee.


Developers can monetize mobile apps by displaying advertisements on them. Many advertising networks pay content providers for each view and click when they display their ads, averaging around $1-2 USD per thousand impressions. Unfortunately, cybercriminals are capitalizing on this business model using malicious applications with aggressive ad libraries, called madware.

Often attackers simply repackage or clone popular, legitimate games and include a mobile advertisement library registered to themselves. Every time the application is used and ads are displayed, the attacker generates advertising revenue. While in most instances adware is just a nuisance, it can also present a security risk depending on the ad library features the developer chooses to use. This can include leaking personal data on the phone or user’s behavior through the ad library.


Mobile ransomware holds a device and data hostage until a ransom is paid. We first came across these apps last year, with the fake security app Android Defender (Android.Fakedefender), which locked a device, making it useless, to coerce the user into paying for the app.




Recently, we’ve seen a new batch of malicious apps, dubbed Android.Simplocker, that take files stored on mobile devices hostage by encrypting them. Once the app is downloaded, the malware displays a full screen message stating that the phone has been locked due to child pornography being viewed and distributed on the device. In order to unlock the device the app states that a payment must be paid.


Multiple Android apps exist that allow someone to track and monitor other mobile phone users. For example, these applications may record and export all SMS messages, emails, call logs, GPS locations or turn on the phone’s microphone. Examples include Android.Tapsnake and Spyware.Flexispy, which can cost up to $400 USD. While applications like spyware may not generate revenue for the attacker, they are an fast way for the spyware application vendor to cash in.

Intercepting Mobile Transactions

For customers using mobile online bank accounts, many banks use mTANs (mobile transaction authentication numbers) as a security mechanism to prevent cybercriminals from compromising online banking accounts. The bank sends the mTAN, a unique, randomized code, via SMS to the account owner's phone number. The account owner then has to input that code back into the online banking website in order for the transaction to be authorized. To circumvent the system, attackers use social engineering tactics to lure victims into downloading malicious apps that automatically hide SMS messages received from numbers associated with the targeted banks and silently upload the messages back to their servers.

While the above tactics represent much of schemes we’ve seen on the Android market, future possibilities still exist. The next economic opportunities for cybercriminals will likely include further adapting PC attacks to the mobile environment. This may mean seeing more sophisticated targeted attacks against mobile devices as well as cybercriminals working to improve the current revenue-making strategies to be less likely to be detected and infect more users.

Source: woc-hsac-wen-slanimircrebyc-skcatta-elibom/sgolb/tcennoc/moc.cetnamys.www

“Mobile Attacks: Cybercriminals' New Cash Cow”0 Comments

Submit A Comment



Blog :

Verification Code:


Tag Cloud