Nominum analyzed customer data from around the world to find the mobile malware that presents the greatest risk to mobile subscribers. The top five mobile-device-only malware threats are:

  1. NONCOMPATIBLE – a drive-by trojan malware which can infect android phones via their mobile web browsers. When browser’s download is completed, it will ask for user permission for installation. After infection, the android phone works as a proxy.
  2. SMSPACEM- another malware for android phones. It will change phone’s wallpaper and send SMS messages to all the phone contacts.
  3. LENA – is capable of rooting an android phone device without asking user permission. It uses exploits such as gingerbreak or appears as a VPN app trojan malware.  Once gaining a root access, LENA can start to communicate with its command site, download additional components and update binaries once installed.
  4. NETISEND – is an information stealer malware. It can retrieve infected android phone information like IMEI, IMSI, model, and installed apps. After downloading, the malware will ask permission to connect to the Internet and to open a backdoor with its command domain site.
  5. BASEBRIDGE – exploits the netlink message validation to get android phone root access. Once infected, Basebridge can disable installed AV software, download additional malware components, and open a backdoor with its command site.

It will steal IMSI, manufacture, and model info. It can also send SMS messages, delete SMS messages from inbox, and dial phone numbers.

In our analysis of the data, we found that the mobile malware threat is very real with a significant number of infections capable of stealing mobile phone users’ identities. Android remains the top target of malware writers – in fact, the top five malware are all targeted at Android phones. And the problem is only getting worse. As the proliferation of smartphones continues and the mobile ad market matures, the incentive of malware writers to write more malware will only grow stronger.

A few other observations:

  • There are major regional differences in mobile malware prevalence
    • Non-compatible has a much higher infection rate in LATAM
    • SMSPACEM and Netisend are much more prevalent in APAC
    • Mobile malware writers are leveraging many of the same social engineering techniques (spreading through end-users contact lists) and technical capabilities (e.g. rootkits) they’ve used on then fixed side for years.
    • An equal or greater danger for mobile users is that they are being “tricked” into sharing data with criminals through phishing attacks or other scams.
      • In this scenario, no malware ever has to be installed on the device so every mobile user is vulnerable. 

This problem is actually worse on mobile devices where QR codes can easily obfuscate the true destination a user is navigating to on a mobile device.