Efforts to monetise mobile malware only have a low revenue-per-infection ratio, limiting the return on investment achieved by attackers, according to Symantec research.
The security vendor’s research publication titled Motivations of Recent Android Malware, provides an analysis of current monetisation schemes behind malware targeting the Android mobile computing platform and the schemes likely to be seen in the future.
It showed that the number of schemes is likely to increase as smartphones gain traction as payment devices – with new mobile device shipments increasing 55 per cent in 2010.
Top current mobile malware monetisation schemes included premium rate number billing scams, spyware, search engine poisoning, pay-per-click scams, pay-per-install schemes, adware and mTAN stealing.
It also described potential revenue generating schemes likely to be seen in the near future capable of increasing cybercriminals return on investment – including stealing and subsequently selling sensitive financial information – such as banking credentials; selling stolen International Mobile Equipment Identity (IMEI) numbers for use on previously blocked or counterfeit phones; and peddling fake mobile security products.
The research also highlights that an open platform, a ubiquitous platform and sufficient attacker motivation are the three factors needed for mobile malware to reach the levels of sophistication and breadth seen with threats targeting PCs.
The research further suggests that attackers will continue investing in the creation of Android malware as monetisation schemes develop.
To address the potential of Android malware, Symantec recently released several offerings under its Norton Everywhere initiative that include: the Norton Mobile Security Lite and Norton Tablet Security.
In protecting enterprises, Symantec introduced a range of solutions that include the Symantec Mobile Management 7.1, Symantec Endpoint Protection Mobile Edition 6.0, Symantec Encryption Solutions and Symantec Validation and Identity Protection (VIP).