Cyber-thieves cash in on mobile phone fraud

Cyber-thieves who target mobile phones are ramping up efforts to steal cash from victims, suggests a report.

In nine months viruses that steal cash have jumped from 29% of mobile malware to 62%, found the report by Lookout.

Mobile security firm Lookout said the growth was down to phone fraudsters industrialising their scams.

Viruses were getting on to phones via booby-trapped apps and through adverts and webpages harbouring malware, it said.

Kevin Mahaffey, head of technology at Lookout, said phone fraudsters were increasingly using viruses that surreptitiously added charges to a user's bill to cash in.

Over the last few months, he said, Lookout had seen fraudsters stop experimenting with ways to steal cash and move on to large scale campaigns on networks where they knew they would succeed.

"Once they find a repeatable, scalable way to make money they try to get as big as possible," he told the BBC.

This meant, he said, that some territories had been hit hard by mobile malware once the fraudsters found a loophole to exploit. For instance, he said, in June this year 30-40% of those who signed up for Lookout's security service in Russia already had malware on their phone.

China and India were also places that were suffering significant amounts of infection, he said.

Analysis by Lookout suggested that a small number of malware writers were behind the mobile viruses stealing cash.

Mobile viruses were being included in so-called crimeware kits, he said, sold to thieves with little technical knowledge that automate the process of stealing cash.

In addition, said Mr Mahaffey, Lookout was starting to see attacks that did not directly try to steal money from a phone. Instead, he said, they inserted a virus called "NotCompatible" on to a phone as a way to hide other nefarious activity.

"It turns your phone into a proxy for fraudulent behaviour," he said.

A phone infected with the "NotCompatible" virus would have traffic piped to it that it would then be sent on to a target website, he said. In this way the true source of that traffic, the criminal, would be hidden.

Such a virus might be used to artificially inflate the popularity of an advert, a song on a music website to help generate a larger return for criminals.

Lookout based its conclusions on data gathered from its 20 million users as well as statistics from industry analysts.