Ten Years of Mobile Malware: From Symbian Worm to Tor-Based Android Backdoor

Evolution of mobile malware

Ten years have passed since the first piece of malware designed to target mobile devices was spotted. Mobile threats have come a long way from the SymbOS.Cabir worm that spread via Bluetooth to Backdoor.AndroidOS.Torec.a, the first Android threat that relies on the Tor network to protect its communications infrastructure.

SymbOS.Cabir is considered the first piece of mobile malware. It targeted Symbian devices, which back in 2004 were very popular. Some Cabir versions were designed to steal data from targeted devices, while others infected files.

In the same year, Trojan.Mos was spotted. Packaged with a cracked version of the popular Mosquito game, Trojan.Mos was designed to send SMSs to premium rate numbers, this being the first piece of malware that helped cybercriminals make a profit.

2004 was also the year in which a destructive piece of malware emerged. SymbOS.Skulls replaced all icons with skulls and made application files unusable.

Symbian malware was king of the hill until 2006 when the first BlackBerry Trojan, Trojan.Redbrowser, was launched. This was actually the first J2ME Trojan that could infect different mobile platforms. It was designed to send text messages to premium numbers.

Another BlackBerry malware that emerged in 2006 was Spyware.FlyxiSpy, a threat advertised as an spy app for spouses.

SymbOS.ZeusMitmo was the first piece of malware designed to steal the verification SMSs sent by banks to customers while they performed online transactions. Actually, ZeusMitmo, which emerged in 2010, was the first mobile malware to target online banking services.

In 2011, cybercriminals started targeting the Android platform. Now, most pieces of mobile malware are designed to target Google’s operating system.

“In the last two years, we have seen major growth from Trojans and adware targeting mobile devices, mainly focusing on Android phones. Even targeted attacks now make use of mobile threats for spying purposes,” Symantec’s Candid Wueest noted.

“Considering this boom, mobile malware has become a real threat that needs greater attention because it isn’t over yet. In fact, we are likely to see the next evolution of mobile threats soon, especially as mobile phones become identification tokens and payment solutions in the future.”

Android malware continues to evolve. Earlier this week, researchers from Kaspersky revealed the existence ofBackdoor.AndroidOS.Torec.a, the first Android malware to rely on Tor for C&C communications.

Both Symantec and Kaspersky have published reports on the evolution of mobile malware. Check out their websites for more information on this topic.


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s