Windows7DEF CON:30 Percent Of Mobile Malware Made By 10 Russian Firm
Almost a third of all mobile malware is made by just 10 organisations operating out of Russia, a security company has claimed.These “malware HQs” a...
Almost a third of all mobile malware is made by just 10 organisations operating out of Russia, a security company has claimed.
These “malware HQs” are pumping out nasty toll fraud apps, largely aimed at Android users, which force the user to call premium rate numbers, said Lookout Mobile Security.
It followed the money all the way back to these ten organisations, discovering thousands of affiliate marketers are also profiting from the scheme, helping spread the malware by setting up websites designed to trick users into downloading seemingly legitimate apps.
These affiliates, who can make up to $12,000 a month, are heavy users of Twitter too. Lookout looked at 500,000 unique Twitter handles it believed were involved in spreading mobile malware, 247,863 of which were linking directly to malicious kit from the micro-blogging platform.
Mobile malware crackdown
“We are not too fond of their activity,” co-founder and CTO of Lookout, Kevin Mahaffey, told TechWeekEurope earlier this week, ahead of the report’s release at the DEF CON 21 conference in Las Vegas.
“We cannot comment on ongoing investigations with law enforcement. But we are very motivated to get them to stop.”
Ryan Smith, senior security engineer at Lookout, said the malware HQs had gone to great lengths to obfuscate and encrypt their code to make detection tricky. Yet many advertise in the most brazen of ways on the public Internet, as seen in the images below:
These malware factories pump out the tools that let the affiliates create custom malware to their liking, meaning they don’t require much technical nous. The main skill they require is web development and a knack for phishing, creating pages that look like the Google Play market itself, or ones that link to updates for popular software, like Skype or Opera:
The next step is to organise massive advertising campaigns over Twitter, getting users to download the app, which starts sending texts without the users’ permission to premium rate numbers. The affiliates take the money, some of which gets invested into more malware.
Whilst Lookout isn’t divulging the names or whereabouts of the original malware sellers, other than saying they’re based in Russia, it continues to monitor the operation, which it has called Dragon Lady. “We have cast a wider net around these organisations,” Smith added. “We are monitoring domains used by the affiliates and malware HQs.”
These “malware HQs” are pumping out nasty toll fraud apps, largely aimed at Android users, which force the user to call premium rate numbers, said Lookout Mobile Security.
It followed the money all the way back to these ten organisations, discovering thousands of affiliate marketers are also profiting from the scheme, helping spread the malware by setting up websites designed to trick users into downloading seemingly legitimate apps.
These affiliates, who can make up to $12,000 a month, are heavy users of Twitter too. Lookout looked at 500,000 unique Twitter handles it believed were involved in spreading mobile malware, 247,863 of which were linking directly to malicious kit from the micro-blogging platform.
Mobile malware crackdown
“We are not too fond of their activity,” co-founder and CTO of Lookout, Kevin Mahaffey, told TechWeekEurope earlier this week, ahead of the report’s release at the DEF CON 21 conference in Las Vegas.
“We cannot comment on ongoing investigations with law enforcement. But we are very motivated to get them to stop.”
Ryan Smith, senior security engineer at Lookout, said the malware HQs had gone to great lengths to obfuscate and encrypt their code to make detection tricky. Yet many advertise in the most brazen of ways on the public Internet, as seen in the images below:
These malware factories pump out the tools that let the affiliates create custom malware to their liking, meaning they don’t require much technical nous. The main skill they require is web development and a knack for phishing, creating pages that look like the Google Play market itself, or ones that link to updates for popular software, like Skype or Opera:
The next step is to organise massive advertising campaigns over Twitter, getting users to download the app, which starts sending texts without the users’ permission to premium rate numbers. The affiliates take the money, some of which gets invested into more malware.
Whilst Lookout isn’t divulging the names or whereabouts of the original malware sellers, other than saying they’re based in Russia, it continues to monitor the operation, which it has called Dragon Lady. “We have cast a wider net around these organisations,” Smith added. “We are monitoring domains used by the affiliates and malware HQs.”
相关热词:
本站内容来源于网络,如有侵权请与我们联系,我们会及时删除,我们深感抱歉!
注:本站所有信息仅供用于网络技术学习参考,学习中请遵循相关法律法规!
本文地址: https://v30.fanwenzhu.com/xt/linux/8936.shtml
相关文章
热门TAG
win10 ecshop 主机 阿里云 解决 配置 C# C++ 解析 SQL语句 命令 Go语言 方法 CSS3 HTML5 CSS win7 MSSQL 服务器配置 IIS7.5 IIS7 IIS6 IIS CentOS 7 Linux oracle数据库 oracle phpcms discuz discuz教程最新文章
-
并进行了数次优化更改
时间:2021-01-23
-
在Linus发表文章的第二年
时间:2021-01-23
-
当一个文件被加载时
时间:2021-01-21
-
与--delete 呼应的是--exis
时间:2021-01-21
-
$top top-18:50:38up6days
时间:2021-01-21
-
CLI和程序包管理器使开发
时间:2021-01-20
-
但是有时候这个系统上跑
时间:2021-01-20
-
配置好prometheus数据源
时间:2021-01-20
热门文章
-
Anki:让记忆更轻松的开源神器
时间:2020-12-22
-
配置好prometheus数据源
时间:2021-01-20
-
如何在Linux启动时自动启动LXD容器
时间:2020-12-22
-
使用Vi/Vim编辑器:基础篇
时间:2020-12-22
-
linux系统比windows系统声音小怎么办?
时间:2021-01-08
-
使用parallel利用起你的所有CPU资源
时间:2020-12-22
-
Zsync:一个仅下载文件新的部分的传输工
时间:2020-12-22
-
Linux SecureCRT显示乱码解决方案
时间:2021-01-05
-
linux 防御SYN攻击步骤详解
时间:2020-12-23
-
在Linus发表文章的第二年
时间:2021-01-23