Researchers Monitoring the Emergence of Mobile Malware Built to Mine Location Data


photo by miss_hg/flickr

Researchers Monitoring the Emergence of Mobile Malware Built to Mine Location Data

Security researchers are still trying to wrap their heads around what will come of an emerging trend in mobile malware that extracts a mobile user’s location in addition to personal data.

“While it isn’t clear why attackers are collecting location information, it is not difficult to imagine the ways to generate value from it…. Malware authors are certain to find ways to monetize such a rich data source,” says Trustwave Spiderlabs’ 2012 Global Security report.

Mobile malware is already hard to detect, and in 2012, researchers should expect to see even more of it infecting mobile platforms, says Nicholas Percoco, senior vice president and head of Trustwave SpiderLabs, a group of ethical hackers at a data security firm with expertise in investigations, research, and application security.

“Location-aware malware [targeting mobile devices] is really on the leading edge of the type of attack that we’ll be coming across in the next several years….It’s not in the same class of attacks as phishing attacks, where you’re trying to get someone’s social security number or credit card number. It gets a little closer to home,” he said.

Location-aware malware targeting PCs has existed for years; in some cases using fake “breaking news” e-mails sprinkled with links to malware. But in these cases, the PC-based malware used a person’s IP address to tailor these news alerts to their general location. The persistent collection of location data by iOS and Android through GPS allows someone mining that data to pinpoint a person’s specific locations--both past and present.

If a hacker manages to infect a person’s device with location-aware malware, that malware can relay exactly where a person is located at any given point in time. Additionally, stolen payment card information used in areas local to the legitimate user is less likely to activate fraud detection, the Trustwave report notes.

Percoco says location-aware malware has been seen in the wild, but what has yet to be seen is the monetization of that data and what kinds of other things it could facilitate. Just as hackers sell mined personal information on the black market, they could sell location information of targets to other criminal groups or terrorists. Hackers aren’t “collecting the information just to collect it,” he said.

Trustwave hasn’t investigated any cases of location-aware malware facilitating a physical crime, but the possibly presents a serious physical security concern, says Percoco.

Trustwave Spiderlabs’ 2012 Global Security report will be available Tuesday from the Trustwave Web site and discusses 2011’s trends in cybersecurity and predictions for 2012. The first part of the report deals with investigations. The second part of the report focuses on analysis of the data pulled from penetration testing and more than 2,000 ethical hacking exercises performed in 2011.

In 76 percent of all incidents investigated by Trustwave, third parties were responsible for maintaining information technology systems.

“That becomes a problem because organizations are relying on a third party to manage their systems. Once the organization as customers of those third parties become better aware of those security risks, they are more of an informed consumer of those services and can ask the right questions like who has access to those systems or putting policies in place to maintain the security of those systems,” Percoco said.

Trustwave also found that 80 percent of hackers moved from system to system within in an environment by cracking weak administrator passwords. Analysis found that the most common password used by global businesses was “Password1” because it satisfies the default Microsoft Active Directory complexity setting.

“They were literally just guessing passwords,” Percoco said.​