Researchers Monitoring the Emergence of Mobile Malware Built to Mine Location Data

By Carlton Purvis

Security researchers are still trying to wrap their heads around what will come of an emerging trend in mobile malware that extracts a mobile user’s location in addition to personal data.

“While it isn’t clear why attackers are collecting location information, it is not difficult to imagine the ways to generate value from it…. Malware authors are certain to find ways to monetize such a rich data source,” says Trustwave Spiderlabs’ 2012 Global Security report.

Mobile malware is already hard to detect, and in 2012, researchers should expect to see even more of it infecting mobile platforms, says Nicholas Percoco, senior vice president and head of Trustwave SpiderLabs, a group of ethical hackers at a data security firm with expertise in investigations, research, and application security.

“Location-aware malware [targeting mobile devices] is really on the leading edge of the type of attack that we’ll be coming across in the next several years….It’s not in the same class of attacks as phishing attacks, where you’re trying to get someone’s social security number or credit card number. It gets a little closer to home,” he said.

Location-aware malware targeting PCs has existed for years; in some cases using fake “breaking news” e-mails sprinkled with links to malware. But in these cases, the PC-based malware used a person’s IP address to tailor these news alerts to their general location. The persistent collection of location data by iOS and Android through GPS allows someone mining that data to pinpoint a person’s specific locations--both past and present.

If a hacker manages to infect a person’s device with location-aware malware, that malware can relay exactly where a person is located at any given point in time. Additionally, stolen payment card information used in areas local to the legitimate user is less likely to activate fraud detection, the Trustwave report notes.

Percoco says location-aware malware has been seen in the wild, but what has yet to be seen is the monetization of that data and what kinds of other things it could facilitate. Just as hackers sell mined personal information on the black market, they could sell location information of targets to other criminal groups or terrorists. Hackers aren’t “collecting the information just to collect it,” he said.


View Recent News (by day)


Beyond Print

SM Online

See all the latest links and resources that supplement the current issue of Security Management magazine.