Mobile Malware Showing Up on Desktop PCs

The last couple of years have seen a rise in the volume of malware targeted specifically at various mobile operating systems, including Android, iOS and Symbian. Getting a handle on exactly how much of that mobile malware is actually infecting users has been a bit difficult, but Microsoft researchers have found that many mobile malware samples also show up on the desktop for various reasons, giving them a view into the prevalence of malware on key platforms.

Mobile malwareThe last couple of years have seen a rise in the volume of malware targeted specifically at various mobile operating systems, including Android, iOS and Symbian. Getting a handle on exactly how much of that mobile malware is actually infecting users has been a bit difficult, but Microsoft researchers have found that many mobile malware samples also show up on the desktop for various reasons, giving them a view into the prevalence of malware on key platforms.

One of the main vectors that malware authors use to infect mobile devices is to place the malicious code inside a legitimate app and then submit it to an app store. This has been the favored tactic for attackers targeting the Android platform, as the official Android Market has a fairly permissive app acceptance policy. Much of the Android-based malware that’s appeared so far has been discovered in compromised apps, including DroidDream and others. This has happened on other platforms, as well, if not as frequently.

Those malicious apps can then be transferred to the user’s desktop PC when she syncs her phone to the PC, and that is typically when an anti-malware program would first have a chance to inspect the app. Many users don’t have malware protection on their mobile devices at this point, so any malware contained in a downloaded app likely won’t be caught on the device itself. Malware also can show up on the desktop when users search for apps on file-sharing sites or third-party app stores that allow downloads to PCs.

What the data gathered by Microsoft shows is that the Symbian platform had by far the highest number of infections detected on the desktop, with more than 400,000 through August 2011. The number of infections per month had been holding steady near 50,000, but then dropped down to about 42,000 in August. The next most targeted platform was Java ME, which saw more than 108,000 infections. The two major threats that targeted Symbian so far this year are the mobile versions of the Zeus bot and the SpyEye bot.

These families have data-stealing routines that can target sensitive account details. In the past, the main intent of Symbian-specific malware was to spread via Bluetooth and SMS (by distributing a URL leading to a copy of the malware), or to overwrite the mobile device’s system files, rendering the device unusable. However, malware on this platform seems to be evolving,” Marianne Mallen of the Microsoft Malware Protection Center wrote in a blog post.

Most of the malware targeting the Java ME platform that Microsoft detected came in the form of SMS senders, which install themselves on mobile devices and then rack up huge data charges by sending SMS messages to premium-rate numbers without the victim’s knowledge.

The number of infections on Android increased massively over the course of the year, from just 29 in January to more than 2,800 in August. Neither Apple’s iOS nor RIM’s BlackBerry platform saw much in the way of desktop infections, as there were virtually no new pieces of malware for these platforms in 2011.

Despite the relatively low volume of malware infections on mobile devices, as compared to the desktop, it’s stil important to realize that the threat is there and it’s evolving.

Mobile threat infection on desktops can be made possible when users venture into third-party application markets or file-sharing sites that allow download onto the desktop. Users often search from their desktops for unlocked or full versions of mobile applications already available in the official market, but they may be unaware that the software they are getting may be an application that has been repackaged with malware that can run stealthily without the user being made aware of the underlying payload,” Mallen wrote. “The payload can include data-theft, silent SMS-sending in the background, and downloading and installing of other malware components, among other things. This malware (or links to it) could also be spammed or sent through mail, using social engineering to entice the user to download a copy of the malware on to the desktop. So it’s always best practice to scan applications downloaded whenever possible, even when it’s already on a mobile device.”

Suggested articles

Discussion

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.