Mobile Device Crimeware Evolves into Global Criminal Marketplace in Response to Mobile Payment and Banking Expansion
May 2013 by APWG
The sprawling mobile devices marketplace has spawned an industrialized mobile financial fraud plexus that today drives increasingly sophisticated criminal technical innovation to exploit the mobile devices explosion. And it is funded by increasing revenues derived from potent new developments in mobile malware, a new APWG report released concludes.
In a "post-PC" era, mobile devices increasingly present an attractive, practical and economical alternative to traditional desktops. In the coming years, global mobile payments are predicted to exceed $1.3 trillion, moreover, presenting a mother load of opportunity for cybercrime gangs who appreciate the vulnerabilities of these peripatetic communications and computing platforms, the APWG’s analysis reports.
Arresting and rolling back the successes of the mobile financial fraud marketplace requires a global response based on cooperation, education and awareness, according to the APWG in the new industry advisory whitepaper, Mobile Threats and the Underground Marketplace.
APWG Mobile Fraud Research Coordinator Jart Armin said, "On one hand we can see just one example of a major European bank that in early 2012 had 100,000 mobile banking users, and by April 2013, 4 million. In contrast, there were around 50 generally known samples of mobile malware in 2010, rising in 2013 to some 30,000 samples. "
This latest paper from the APWG provides a rhetorical approach towards mobile crimeware and the intrusion supply chain’s structure and examines subjects in depth from a practitioner’s perspective.
Key points that illustrate the potential for growth of an established underground malware market:
5.6 million potentially-malicious files reported on Android (APK, dyn-calls, checks-GPS, etc.), of which 1.3 million are confirmed malicious by multiple AV vendors
Mobile payments are on track to top $1.3 trillion in 2015, bring intense criminal interest
By 2015 - est. 2 billion + mobile devices
China, as an example, now has 564 million Internet users; 75% are mobile
The entire report, the initial installment of the APWG’s Mobile Fraud series, can be downloaded here: http://docs.apwg.org/reports/mobile...
The Mobile Crimeware and Criminal Services Market Supplement that details technical aspects of mobile-focused crimeware can be downloaded here: http://docs.apwg.org/reports/mobile...
"Mobile fraud we can clearly state has become an industrialized process, although globally we show currently some countries are more at risk than others. This APWG white paper helps to demonstrate the existence of such an industry and how it operates through stealthy intrusion and a crimeware supply chain," Mr. Armin concluded.
The APWG whitepaper defines these malware markets and demonstrates the modus operandi of an industry that is self-funding, prosperous, vertically stratified and agile.
Types of malware and attack methods under analysis include: spyware, phishing direct attacks, Trojans, worms, apps delivered through malware, pocket botnets and blended attacks, many of which are designed to steal or pilfer money from users. Equally as invasive can be "track and trace" intrusion techniques used to extract intelligence about an owner’s usage, contacts, and habits.