Malware designed for mobile devices is far less profitable than the type designed for desktops, but that may be changing.
What comes into play on the mobile front is, of course, Android where there is a considerable increase in the number of pay-per-install campaigns for that platform. A Russian forum found those campaigns freely advertised, said researchers from security software firm ESET.
According to the website, those who take part in such pay-per-install programs can earn as much as $5 for each device they infect with a piece of malware, usually an SMS Trojan.
The amount is much higher than Windows malware can earn, but, then again, malicious elements designed to target Windows devices are somewhat easier to spread.
The plan works when the cyber criminals create a piece of malware and masquerade it as a legitimate application on an alternative app market. After users download and install it, the app starts sending out SMS messages to premium rate numbers, inflating the victim’s bill.
Researchers uncovered at least 30 different domain names tied to a single operation. These domains spread hundreds of malicious files. So far, 300 unique URLs distributed 33 unique pieces of malware, most of them sending SMSs to numbers such as 6666, 9999, or 7375.
While pay-per-install campaigns are not new, this scenario further highlights the fact as mobile platforms attract more customers, malware creators and those in charge of their distribution will shift their attention to this sector.