Mobile Threats archives

MMS Bomber Attacks China

Filed Under: Blog, Mobile Threats
Monday, April 5th, 2010

Over the Easter weekend, there were stories coming out of China about a ‘virus’ called ‘MMS Bomber’ that was running rampant through Chinese smartphones.  Conservative estimates put the infection rate at 100’s of thousands to possibly more than a million devices were affected by the virus that appeared to be spreading over MMS.

Proper analysis of the malware in question revealed that a multitude of Chinese users had been affected by a new variant, Yxe.e, of the Worm.SymbOS.Yxe family of worms.  The Yxe worm is widely known to be the very first malicious program that was able to infect Symbian S60 3rd Edition devices that also had a valid digital signature.  Yxe.e’s predecessors (Yxe.a – Yxe.d) had the following functionality:

  • Spread via SMS messages which contained a link to the worm
  • Used social engineering in order to trick victims
  • Harvested data about the smartphone from the device
  • Sent the harvested data to a cybercriminal server
  • Attempted to terminate third party applications designed for working with the smartphone’s file system or with active applications

Yxe.e adds in the following additional capabilities:

  • Sends MMS messages containing a link to itself, and, attached, a black and white skull and crossbones image (Skuller, a Trojan which first appeared in 2004, also used a skull and crossbones)
  • Connects to a Chinese social networking site
  • Downloads files
  • Block the smartphone’s Software Manager, making it more difficult to delete the malware

The Yxe.e worm currently spreads via MMS that includes social engineering as the means to trick the user into following a link to a website that will allow them to download and install the malicious program. Once the malicious application is installed on the victim’s device, Yxe.e automatically begins harvesting information about the device and sends it off to a server that is controlled by criminals, via SMS. Yxe.e will then attempt to stop several processes on the Symbian device that could assist the victim in identifying the malicious nature and/or from uninstalling the malicious application. In an attempt to propagate itself, Yxe.e will then begin crafting and sending MMS messages to phone numbers in the device address book that contains the URL to download the malicious applications, all at a cost to the user of the infected device. Yxe.e is also known to attempt to connect and spread itself via a Chinese social networking site.

It is believed that infections of the Yxe.e worm have been limited to devices operating within China. Symbian devices make up the largest percentage of smartphone devices in use outside of the U.S. However, Symbian devices make up merely a fraction of the market share of smartphones in the U.S. and North America.

As is the case with every malware threat that affects BlackBerry, iPhone and Android devices, the Yxe.e worm requires that the user manually install the malicious program, albeit under false pretenses. SMobile Security Shield currently provides detection and removal of this Symbian threat.



Study of Android Malware in the Market

Filed Under: Mobile Threats, Security
Monday, March 29th, 2010

The SMobile Global Threat Center (GTC) has released a study of malicious applications that currently exist in the Android Market. This study attempts to identify applications that are available for download that either market themselves as spyware, or have the ability to be used as a spying application against an unaware user. SMobile identifies and categorizes malicious applications that could enable illegal spying based upon the fact that the application lends the ability to hide itself from detection from a user. According to information security managers around the world, spyware represents the greatest threat to intellectual property or proprietary information manipulated on mobile devices. Law enforcement officials have stated that spyware could lead to identity theft, loss of sensitive, personal or financial information, and is often used to illegally track the movements and communications of consumers.

To continue reading, download the full report:

Android Malware in the Market



FlexiSpy Dives into Android

Filed Under: Mobile Threats
Tuesday, March 23rd, 2010

Over the last month, I’ve written two lengthy whitepapers discussing malware affecting Android devices.  The first whitepaper looks at some spyware applications that are avialable for Android that have not yet been published to the Android Market.  In that paper we discussed Mobile Spy and MobiStealth, as well as the bank phishing app from Droid09 that actually made it’s way into the Market for a short period of time before the community reacted and had it taken down.

The second whitepaper has yet to be published, but as a sneak peak, we take an in depth look at Android spyware that is currently in the Android Market and being marketed as tools to facilitate “legal” spying, as well as “illegal” spying.  The handful of applications from various developers that we found used different methods to hide themselves from detection, which is the determining factor when SMobile categorizes an application with monitoring capabilities as spyware.

Call it job security or bad luck, but almost as soon as I was done with these papers we found that FlexiSpy published their first version of spyware for Android.  As you may or may not remember, FlexiSpy is widely considered to be the leader in spyware for smartphones.  To date, they offer versions of their software for Symbian, Windows Mobile, BlackBerry, iPhone and now Android.  Various versions of FlexiSpy offer different levels of spying capabilities at different cost to the consumer.

Though there are now a multitude of imitators attempting to compete with FlexiSpy’s capabilities, it is undeniable that FlexiSpy did the lion’s share of the initial work in developing the capabilities necessary to make these types of applications a reality.  Traditionally, FlexiSpy offers the ability for an attacker to:

  • Read the victim’s call records
  • Determine device’s GPS location
  • Read SMS and Email messages
  • Listen in on actual phone calls as they are in progress
  • Notify the attacker when the SIM has been changed
  • Can activate the device’s microphone (spy call) in order to listen to ambient room conversation
  • Remote configuration of the spyware via undetectable SMS messages
  • Central management of acquired logs via web portal

Fortunately for unsuspecting victims, the version of FlexiSpy that was just released for Android devices only allows an attacker to read the victim’s call records, read SMS messages, and determine GPS location.  Well, I guess that’s still enough to be considered spying.  However, as a means to further ingratiate themselves with those that would want to illegally spy on someone’s activities, FlexiSpy is being generous enough to offer the Android version of their app for free for personal use.  If you would like to use FlexiSpy for “professional use”, you’ll have to check back later to see if they have published their professional version.

As we’ve already seen FlexiSpy do, they’ll likely begin to ask their customers to consider SMobile’s anti-virus/anti-spyware software to be considered malware.  According to FlexiSpy, who are we to “interfere with legitimate, legal and accountable software”? I mean, who appointed us judge, jury and executioner anyway?

As long as service providers, enterprises, and consumers turn to SMobile to protect the privacy of their personal information and communications, we’ll continue to identify, categorize and “interfere” with applications that attempt to illegally monitor the activities of unsuspecting users.  Besides, if you have our software and it tells you that FlexiSpy is installed and asks you if you would like to remove it, if you already know it’s on there…what’s the problem? Right?



SMobile GTC Sees Android Malware Coming

Filed Under: Blog, Mobile Security, Mobile Threats
Friday, March 12th, 2010

Open source versus closed source.  It’s a discussion that often leads to heated arguments and one that will likely continue well beyond its usefulness.  The discussion began before many of us realized there would need to be terms such as “malware” and the often incorrectly used “hacker”.  Regardless of what side of the discussion you come down on, the term Android has not helped to lessen the veracity of the debate.  Since Google released the first Smartphone operating system that was supposed to be completely open source, the debate between BlackBerry, Windows Mobile, iPhone and Symbian users continues to get louder.

Whether you’re new to the Smartphone revolution or are an Android convert from some other platform, there is a reason that you chose Android.  Some wanted to break the stuffy business-like feel of the BlackBerry.  Others were excited about the possibilities that an operating system built on a Linux kernel with incredible customization capabilities brings.  Some wanted something that was friendly or easier to use than the Windows Mobile or their Symbian device.  Then there are the ones that just want to be anti-Apple.  There are just as many anti-everything-Apple as there are Apple “fanboys” in the world.  There are also those that just got a deal from their provider that they couldn’t refuse.  Regardless of the reason, Andriod’s market share is growing….

To continue reading, download the full Android Malware Whitepaper



MSM: How mobile phones let spies see our every move

Filed Under: Mobile Threats
Sunday, February 28th, 2010

Government’s secret Celldar project will allow surveillance of anyone, at any time and anywhere there is a phone signal.

Secret radar technology research that will allow the biggest-ever extension of ‘Big Brother’-style surveillance in the UK is being funded by the Government.

The radical new system, which has outraged civil liberties groups, uses mobile phone masts to allow security authorities to watch vehicles and individuals ‘in real time’ almost anywhere in Britain.

The technology ’sees’ the shapes made when radio waves emitted by mobile phone masts meet an obstruction. Signals bounced back by immobile objects, such as walls or trees, are filtered out by the receiver. This allows anything moving, such as cars or people, to be tracked. Previously, radar needed massive fixed equipment to work and transmissions from mobile phone masts were thought too weak to be useful.

Read the entire article about mobile threats



New security threat against ‘smart phone’ users

Filed Under: Mobile Security, Mobile Threats
Wednesday, February 24th, 2010

Nefarious: The software can even drain a smart phone’s battery.

Computer scientists at Rutgers University have shown how a familiar type of personal computer security threat can now attack new generations of smart mobile phones, with the potential to cause more serious consequences.

The researchers demonstrated how such a software attack could cause a smart phone to eavesdrop on a meeting, track its owner’s travels, or rapidly drain its battery to render the phone useless.

These actions could happen without the owner being aware of what happened or what caused them.

Read the entire article on New Security Threats against ’smart phone’ users



Hordes of new threats ahead for mobile networks

Filed Under: Mobile Security, Mobile Threats
Wednesday, February 24th, 2010

Malware on smartphones is just the first in a series of new security threats for mobile networks ushered in by the embrace of internet technologies, according to mobile phone encryption firms.

Dr Bjoern Rupp, chief exec of GSMK CryptoPhone, warns that criminal gangs are able to steal private information and undermine fair business trading thanks to advances in technology that have made attacks possible on low-cost kit. Years ago such attacks were only possible for intelligence agencies, but have now become feasible as a means of industrial espionage.

Read the entire article on new mobile threats ahead



News Archives
Blog Archives