A new black market
With mobile becoming an increasingly lucrative target for cyber criminals, the mobile malware marketplace is getting busier by the day, as unscrupulous groups and individuals look to exploit vulnerabilities in operating systems. Mobile malware has wide-ranging appeal for hackers, from organised gangs to lone individuals, all of whom can use it to carry out fraud without needing a fully-fledged banking Trojan operation.
So what are the latest threats and what can be done to combat them?
Going beyond GM Bot
One of the most high-profile mobile malware families of recent times has been GM Bot. This family has become something of a fixture of the threat landscape, providing the overlay screen capabilities and data theft abilities that have inspired the development of new malware strains.
Unfortunately, the malware black market is becoming more competitive, in much a similar way to any above-board software market. This has been brought on in part by GM Bot’s expensive latest iteration, which at $15,000 costs three times as much as the previous version.
To make their own mark, other cybercriminals are aiming to introduce cheaper or more sophisticated offerings into this murky marketplace.
KNL Bot enters the fold
The KNL Bot offering has been around at least as long as GM Bot, but is now growing in popularity due to its much lower price point. KNL appears to be similar to GM Bot in terms of its feature list, but costs about half as much as GM Bot’s cheapest offering.
Its developers also claim that KNL can enable remote attackers to gain control over their victim’s device, which in turn can assist in the theft of online banking details or other sensitive data.
KNL’s growth is a clear indicator of this growing competition in the marketplace: criminals are looking for more cost-effective ways to facilitate their nefarious activities.
Bilal Bot: the basics at a low price
The hunt for cheaper malware has also given rise to a new family known as Bilal Bot. This malware has the benefit of being less costly than both GM Bot and KNL, at just $3,000, with unlimited bug fixes included in the price.
As part of the deal, it is less advanced than its more sophisticated rivals. However, its makers see this as a good thing, arguing that less functionality means fewer bugs, and that Bilal is supposedly harder to detect than better-known and more established offerings.
Regardless of its levels of functionality, Bilal Bot offers an inexpensive way for cyber criminals to cause damage.
Cron Bot: one for the future
Cron Bot is a newly identified malware strain that claims to offer high levels of sophistication, bringing levels of functionality seen in PC-based Trojans to the Android platform.
The developers of Cron Bot say that it offers the following features:
- Works on every Android operating system
- Has several modules, including hVNC, SOCKS5, loader, keylogger, stealer and injects
- A file size of just 400KB
- A builder
In addition to this main piece, the developers also offer an Android application package (APK), which brings features that are often seen in other financially focused malware. Some of its functions include:
- SMS hijacking, CC grabbing, overlay screens and any other functions that can be done without needing root-level access
- Ability to work covertly on all versions of Android, excluding system privilege queries
- An APK size of just 100KB
- Cleanup twice per week
- A polymorphic builder to make sure that every new build is different, as well as encryption of resources and strings
Each of these two pieces can be bought separately for $4,000 per month, or cyber criminals can combine both for $6,000, and add encryption services and hosting for $7,000.
All in all, it’s a versatile offering that is an indicator of the nature of the mobile-based threats we’ll be facing in the near future.
So what can we do to stop them?
Sadly, the threat of mobile malware is only going to get bigger, which brings us to how businesses and app developers can take the fight to the cyber criminals.
As a company, you should be advising your customers to take the utmost care when downloading apps. This includes avoiding using rooted devices, only downloading from approved app stores and remaining vigilant at all times.
But this isn’t a foolproof way of guarding against these new forms of malware. Firstly, it’s impossible to control how every user goes about using their mobile device. Secondly, malware can, on occasion, find its way onto legitimate app stores or be bundled with adware apps distributed through Google Play.
Instead, this advice-based approach should be combined with mobile app security, in order to enable apps to defend themselves from external threats. App hardening software can provide this effective line of defence, by adding protective code to the app. This method is a proactive one, and makes sure apps are protected from future threats, not just current ones.
Mobile malware isn’t going away, and the marketplace for new, more effective malware strains is clearly a growing one. By embracing the proactive approach that app hardening encapsulates, businesses and app developers can stay one step ahead of the threat landscape, rather than falling a step behind.