Skip to Content

Earworms: The Rise of Mobile Malware

Is your phone the next great malware vector?
January 21, 2013

Stoking worries that smartphones and tablets represent the next frontier for malware, security researchers have discovered a vast botnet on over a million devices in China. The Chinese news agency Xinhua and the BBC report that the botnet makes it so that smartphones can be hijacked remotely, potentially for denial-of-service attacks or other malevolent purposes.

Android devices are reportedly more vulnerable than Apple’s devices, due to the openness of the Android Marketplace. Malware typically finds its way onto an unsuspecting user’s phone or tablet via an app download. Android dominates the Chinese market, which is showing explosive growth; China has almost half a billion mobile users (420 million, more precisely) per the China Internet Network Information Center.

Mobile malware is not anything new, but the scope of the threat reported here appears to be unprecedented in mobile. As recently as September of 2011, it was big news to find 20,000 Android devices communicating with known criminal command and control networks on a given week, per InformationWeek’s Kurt Marko. One of the worst Android botnets to date was called Rootstrap; it was reported to have reached 100,000 compromised devices about a year ago. Back in 2009, it wasn’t uncommon to find headlines–in this publication, say–like “Mobile Malware Isn’t So Bad, For Now.

White hat hackers have shown how easy it is to create Android malware. Hacker Georgia Weidman, for instance, illustrated how malware can worm its way into a phone’s modem driver. Oftentimes, the SMS messaging protocol can be used to control the malware, explains IW’s Marko, since SMS is operated by carriers (and therefore harder for security teams to monitor) and because it’s power-efficient: “botnet operators can have a relatively chatty dialog with their slave devices without tipping the owners off that something might be amiss on their phones,” he writes.

One of the most thorough–and frightening–reports on mobile malware came from Damballa Labs back in 2011. Even then, said Damballa, the mobile market had become “as susceptible to criminal breach activity as desktop devices.” This should almost go without saying, but phones’ and tablets’ very mobility can make them doubly scary as potential malware vectors; consider, too, the implications of the “bring your own” trend, where workers prefer to use their personal devices in office settings.

What can you do to protect yourself against this mobile malware scourge? Chinese authorities have said it’s a good idea to look at your data and call logs to see if anything unusual has cropped up. Marko further recommends that you minimize the amount of data you store locally (particularly sensitive documents), encrypt data when you can, and that you use a mobile device management service like AirWatch or Zenprise.

Naturally, be cautious before downloading any app. If you find yourself completely unable to check your app-downloading impulses, then it’s worth noting that the iOS ecosystem has maintained a pretty strong firewall against these problems, due to its “walled garden” approach to its network. That’s not to say that Apple’s track record is spotless here, though; remember the JailbreakMe exploit?

Keep Reading

Most Popular

Death and Jeff Bezos
Death and Jeff Bezos

Meet Altos Labs, Silicon Valley’s latest wild bet on living forever

Funders of a deep-pocketed new "rejuvenation" startup are said to include Jeff Bezos and Yuri Milner.

Professor Gang Chen of MIT
Professor Gang Chen of MIT

All charges against China Initiative defendant Gang Chen have been dismissed

MIT professor Gang Chen was one of the most prominent scientists charged under the China Initiative, a Justice Department effort meant to counter economic espionage and national security threats.

mouse engineered to grow human hair
mouse engineered to grow human hair

Going bald? Lab-grown hair cells could be on the way

These biotech companies are reprogramming cells to treat baldness, but it’s still early days.

conceptual illustration showing various women's faces being scanned
conceptual illustration showing various women's faces being scanned

A horrifying new AI app swaps women into porn videos with a click

Deepfake researchers have long feared the day this would arrive.

Stay connected

Illustration by Rose WongIllustration by Rose Wong

Get the latest updates from
MIT Technology Review

Discover special offers, top stories, upcoming events, and more.

Thank you for submitting your email!

Explore more newsletters

It looks like something went wrong.

We’re having trouble saving your preferences. Try refreshing this page and updating them one more time. If you continue to get this message, reach out to us at with a list of newsletters you’d like to receive.