Mobile malware: Threatening endpoint security for a decade

by Charles Leaver

January 28, 2014

access_time 5 min read

Ever since mobile devices first began permeating the market, there have been cybercriminals leveraging them for malicious purposes. Recently, security researchers took a look at the history of mobile malware, which has been threatening endpoint data protection measures for 10 years now.

Mobile malware through the years
According to Help Net Security, the first mobile malware worm appeared in 2004, called Cabir. The sample was designed to specifically infect the Nokia Series 60; infected endpoints displayed the word "Caribe" on the devices' screens. Using the hardware's Bluetooth capability, the sample was able to quickly spread to other nearby mobile devices.

The very next year saw the development of mobile malware, as a new sample emerged that could spread through Bluetooth as well as MMS. The sample, dubbed CommWarrior, had the ability to access an endpoint's contacts and send messages without the user's permission. Not only did this serve to further expand the malware's infection range, but also cost users an additional surcharge when messages were sent. Eventually, this endpoint security threat became so prevalent that some carriers reported up to 3.5 percent of all traffic came from CommWarrior messages. In all, Help Net Security stated that the sample sent more than 450,000 unauthorized messages.

Another mobile malware sample, RedBrowser, built on the capabilities of Cabir and CommWarrior by leveraging a phone's premium rate SMS service. Infected endpoints caused users to be charged around $5 per SMS, one of the first steps in malware's revenue generation. This sample also boasted another significant difference not previously seen with other malicious programs, in that it infected endpoints via the Java 2 Micro Edition platform.

"Until the emergence of RedBrowser, the security community believed it was impossible that a single piece of malware could infect a wide range of mobile phones with different operating systems," security researcher Axelle Apvrille told the source. "The use of J2ME as an attack vector was an important milestone during this period, as was the use of SMS as a cash generating mechanism."

Fast forward just a few years, and mobile malware samples have a wide variety of new abilities, including unique ways to infect endpoints, spread, and attack users' financial resources and sensitive information.

New ways to detect mobile malware
However, as cybercriminals discover new ways to leverage mobile malware, so too have white hats changed the way users detect infections. Today, nearly every business utilizes a bring-your-own-device practice, which calls for boosted security including endpoint data protection programs.

Additionally, MIT Technology Review recently reported on a new application called Zimperium that can learn a user's habits to detect suspicious activities. The source stated the application can "watch how your smartphone normally acts and can spot strange changes in its usage, enabling it to detect and prevent attacks, including those that may strike via unprotected Wi-Fi networks."

For the typical end users, this application could mean the difference between a usable, normally functioning device or one that suffers from performance lags and considerably increases the service bill. However, business users require something more substantial, such as business-geared endpoint data protection from Ziften.