Smartphone scams: Owners warned over malware apps

Rik Ferguson, an "ethical hacker" and expert on smartphone security, demonstrates how easy it is for criminals to create trojan apps

A national computer security campaign is urging smartphone users to do more to protect themselves from unwittingly downloading malware applications.

Get Safe Online says that there has been an increase in smartphone malware as the market has grown.

Criminals are typically creating Trojan copies of reputable apps and tricking users into installing them.

Once on the phone, the app can secretly generate cash for criminals through premium rate text messages.

Get Safe Online, a joint initiative between the government, police and industry, said it was concerned that users of smartphones, such as Android devices, were not taking steps to protect their devices.

Analysis

Mobiles are attractive to cyber criminals because no matter what you do with a handset, money changes hands.

Smartphones are especially tempting because they run apps.

Most of those apps are vetted before you can install them but that does not provide bullet-proof protection.

It can be hard to distinguish between legitimate apps that want access to your contacts so they can spread the word about a high score, and those that just want to steal the list of names.

What makes matters worse is that many people unlock or jailbreak their handsets to get at non-official apps. Many of these are booby-trapped versions of programs that would cost money on the legitimate marketplace.

Jailbreaking a phone also leaves it open to infection if you browse the wrong website.

Given this, and the lack of security software for handsets, it is clear why the pool of potential victims is deepening.

The rule of thumb is to be sure that what you are installing comes from a legitimate source, keep an eye on your bill, investigate if your battery runs down quickly and try not to leave your phone unattended.

Get Safe Online said fraudsters are designing apps which generate cash secretly in the background without the owner realising until their monthly bill.

A typical scam involves an app designed to send texts to premium rate services without the user knowing.

Apps can appear to be bona fide software or sometimes masquerade as stripped down free versions of well-known games.

Rik Ferguson, a hacking researcher with internet security firm Trend Micro, said: "This type of malware is capable of sending a steady stream of text messages to premium rate numbers - in some instances we've seen one being sent every minute.

"With costs of up to £6 per message, this can be extremely lucrative. The user won't know this is taking place, even if they happen to be using the device at the same time, as the activity takes place within the device's back-end infrastructure."

Online banking

Another major security firm, Symantec, recently warned in its annual threat assessment that Android phones were at risk and that it had found at least six varieties of malicious software.

Minister for Cyber Security Francis Maude said: "More and more people are using their smartphone to transmit personal and financial information over the internet, whether it's for online banking, shopping or social networking.

"Research from Get Safe Online shows that 17% of smartphone users now use their phone for money matters and this doesn't escape the notice of criminals."

Tony Neate, head of Get Safe Online, urged people to check their phone's security.

"Mobile phones are very personal. I have talked to people who are never more than a yard away from their mobile phone. Because of that attachment, they start to think that they are in a way invincible.

"It's the end user that picks up the tab - it's your phone that incurs the costs. Whether you have pay-as-you-go or a monthly account, that money is going to come from the account and go to the criminal."

More UK stories

RSS

Features & Analysis

Elsewhere on the BBC

  • Arash AF8Naughty Brits

    From scrappy upstarts to legendary brands, six speed demons that hail from the UK

Programmes

  • A man holds a sign which reads Bring Back Our GirlsHARDtalk Watch

    Why there is still hope and optimism for the rescue of Nigeria’s kidnapped schoolgirls

BBC © 2014 The BBC is not responsible for the content of external sites. Read more.

This page is best viewed in an up-to-date web browser with style sheets (CSS) enabled. While you will be able to view the content of this page in your current browser, you will not be able to get the full visual experience. Please consider upgrading your browser software or enabling style sheets (CSS) if you are able to do so.