UPDATED 23:09 EDT / DECEMBER 13 2011

Lookout Predicts More Mobile Malware In 2012

Lookout Mobile Security has been diligent in their duty to protect mobile devices from malware lurking in every corner of the tech world.  They reported yesterday that a new type of malware, RuFraud, is invading mobile devices disguised as free version of popular paid apps and games like Angry Birds.  Though early threats were neutralized, it doesn’t stop malware developers from re-posting, even after the first wave was removed by Google from the Android Market.

The “addressable market” in the mobile sector is huge, which makes malware makers giddy with excitement as the electric grid serves 80% of the global population and the wireless grid already reaches 85% of individuals worldwide.  With the addition of built-in payment mechanisms in mobile devices, it’s like were asking to be infected with malware – an open invitation to be violated.

At the beginning of 2011, the chance of encountering malware on Android devices is at 1% and the threat increased to 4% at the end of November.  Lookout identified more than 1,000 malware threats since July 2011.  And it’s not only because of apps.  Web-based threats, like phising, already crossed from the PC realm to the mobile realm, and there’s a 36% chance that an Android user will click on an unsafe link globally, while there’s a 40% chance that that would happen to Android users in the US.  Lookout predicts that in 2012, malware threats on mobile devices will only continue to rise.

Lookout identified the two key drivers for malware writers along with the type of malware that comes with them:

1. Profit from infection: New Methods of Malware Monetization

  • Mobile pickpocketing (SMS/call fraud) – i.e. GGTracker and RuFraud; the built-in payment mechanism is exploited by this type of malware by accessing your personal account.
  • Botnets come to life – i.e. DroidDream and Geinimi; this type of malware puts your device in autopilot, like your device has a mind of its own but you don’t notice this because you don’t realize that your device is connected.
  • Vulnerable phones – DroidDream is an exmample of this; the software in your mobile device has flaws and the problem with that is, mobile OS isn’t regularly updated unlike those found in your PC so malware protection isn’t that updated, making your device extremely vulnerable.  Though both iOS and Android devices fall prey to malware, Android devices are at greater risks because of their fragmented update.

2. Cost of infection: Innovation in Malware Distribution

  • Automated repackaging – this type disguises as a harmless app, maybe posing as a free version of a top paid app.
  • Malvertising – in-app ads are now being used to hide malware, like the GGTracker and because of the effectivity of this, more malware writers are expected to go down this route.
  • Browser attack – it’s so easy to entice users to visit malware-laced websites because people are innately curious.  Just put “free” on anything and you can bet that thousands would flock to that site in an instant.

Though security companies are hard at work battling malware attacks, malware writers won’t stop anytime soon.  They seem to enjoy the cat-and-mouse chase.  So we, as users, should also do our part to protect our devices and ourselves–we can’t always rely on other people to protect us.

Lookout identified the most common mistakes that people do to put themselves in harms way:

  • Visiting third-party app stores – legit app stores like the Android Market and the Apple App Store are less likely to deliver malware-laced apps.
  • Downloading gaming, utility and porn apps – these might be the top three most downloaded apps so before hitting the download button, better read the reviews first
  • Clicking on a shortened URL (e.g. bitly link) in an SMS message or on a social networking site – curiosity killed the cat, if you don’t know where the SMS containing a web link came from or even if it appears that a friend of yours sent it, don’t be quick to visit the link.  If you find it suspicious, better not click on it.
  • The app asks you click “OK” – auto piloting is something that most of us do because we’re always in a hurry, but this simple act can open our device to malware threats
  • Clicking on in-app ads – don’t get me wrong, not all ads are bad, some are legit but some are just posing to be legit, so just be vigilant and if an ad seems too good to be true, then it probably isn’t and just don’t click on it.

Click here if you want to read more of Lookout’s tips in keeping your mobile device safe from malware attacks.

You can’t always trust anything on the web, but Lookout has a trustworthy track record so far – it even acquired a fourth round of funding, amounting to $40 million, demonstrating investor interest for their mobile-specific take on security.  They even partnered with Sprint to provide customers with protection against malicious sites, phishing scams and drive-by downloads with the premium version including privacy, backup and restore, missing device, remote lock and wipe, security and management.

Lookout has come a long way, helping nab a robber with their tracking feature, protecting iPhone users, then moving on to protect Android tablets, and flourishing globally with their Telstra partnership with it being the largest telecommunications company in Australia.


A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU