2012 Predictions for Mobile Malware and Botnets

Last year we looked into our crystal ball to make some predictions for 2011, including mobile devices and Macs becoming the target of malware and the expansion of banking trojans. All of these came true so we are going to put our perfect record on the line and make some new predictions for 2012.

While mobile malware grew substantially in 2011, most of the attacks lacked sophistication and the ability to make money for the cybercriminals. We see these mobile attacks evolving considerably in 2012, especially for the Android platform.

We also saw the takedown of DNSChanger in 2011 but believe that this is only the tip of the iceberg and expect even more and stealthier botnets in 2012 while also seeing a more coordinated effort to try and stop the growing botnet issue.

Here are our top 5 predictions for 2012: 

Android malware will make money as part of the underground economy.

In some European and Asian countries, cybercriminals already leverage premium SMS to make money from mobile malware. Look for the monetization of mobile malware to move to North America and include SMS Spam, adware, browser hijacking, ad-click fraud, spyware and fake apps as the vectors used to steal money or identities.

Android malware will become more sophisticated and more dangerous.

If we look at the development of PC-based malware through time, we can expect similar technologies to emerge on the mobile front: rootkit technology will be used to conceal the malware; command and control protocols will become more robust; and the malware will disable security features on the mobile device and protect itself from removal. Similar to what we saw with the Zeus and SpyEye toolkits being released, mobile malware builder kits will become available making it easier to create and deploy malicious apps.

Android malware will spread directly from phone to phone.

We saw the IKEE worm, in 2009, that used SSH to spread to jail-broken iPhones so vulnerabilities in network apps can and will allow phone-to-phone infections via the Internet connection. Malware that spreads directly from phone to phone will likely occur on Android devices in 2012. This will increase the need for consumers to take the appropriate security precautions on their mobile device and for mobile operators to do the same in the network.

More and stealthier botnets.

In 2011, we saw the takedown of the largest botnet to date, DNSChanger, but this was only the tip of the iceberg. In 2012, we will see more and stealthier super-bots that spread silently using existing infection vectors, bury themselves using stealth rootkit techniques, and make every effort to remain undetected. In addition to being harder to detect on the device, the command & control protocol will be encrypted and leverage both web-based and p2p components to communicate and get instructions for the next level of the attack. Once the botnet is established, the cybercriminals will use it to distribute additional malware components for a fee or launch widescale fraud or identity theft attacks.

More coordinated efforts to address the growing malware problem, especially botnets.

The public sector, vendors and Service Providers need to do something about the growing malware problem, especially botnets. We have already seen initiatives on several fronts, including DNSChanger. Other countries like Japan, Germany and Australia have put in place programs to combat botnets and the Department of Commerce and Department of Homeland Security issued an RFI in late 2011. The growing mobile malware threat will provide additional momentum to get all parties to do more to work together and prevent ongoing attacks.