Mobile Malware Nothing To Mess With

Malware doesn’t just hit computers; layered security should be applied to mobile devices as well.

As fans of the groundbreaking hip-hop group can tell you, the Wu-Tang Clan is nothing to … well, mess with. Neither is mobile malware, according to a recent Dark Reading article.

Many iPhone and Android owners may not even know that they need an antivirus program, let alone a layered security approach, to help keep their information safe on a device, but the news source believes that there have been plenty of events that have showed the gravity of mobile malware, including the Zitmo trojan.

“Prevalent on Android, Zitmo masquerades as a banking activation application and eavesdrops on SMS messages in search of the mobile transaction authentication numbers banks send via text to their users as a second form of authentication,” the website said. “Initially discovered in 2010, researchers last summer saw Zitmo gaining steam in the wild.”

Another big threat that has been rising over the past few years has been mobile botnets. Dark Reading said an e-security research analyst, Grace Zeng, has been exploring what mobile botnets are and what they could do. Zeng presented the proof-of-concept design for mobile botnets at a conference and showed that “command-and-control” communications could be sent through SMS text messages that look like spam. This means those random texts could actually be a botnet and not just someone from New Jersey wondering “where u are.”

InformationWeek said in a story last year that while these mobile botnets mostly use non-Apple devices, iPhone and iPad users shouldn’t get complacent. The news source said Apple’s curated App Store provides a shield against malware apps, but said the operating system is not completely immune to viruses or malware and can be compromised.

Scared about the prospects of your phone being hijacked by someone else or used for a botnet? InformationWeek said users should store as little data as possible on their phone, encrypt data in storage and in transit to make it harder for anyone to get their hands on it,and look into using a mobile security solution.

Other threats from Dark Reading’s mobile malware story include the CrowdStrike RAT attack, which the news source said is delivered through a text message with a URL, the JiFake malware, which came in QR code form, and Instastock, an experimental piece of malware that a researcher placed in Apple’s app store.

What do you think about mobile malware? Does it freak you out or do you think it’s mostly hype?

Scott Cornell

When he’s not knee deep in blogging and all things tech, Scott spends his free time playing ultimate Frisbee and watching foreign films. An expert in emerging tech trends, Scott always has his ear to ground for breaking news related to IT security.