As our smartphones have become our wallets and personal computers, holding everything from banking to social network information, they’ve become targets for hackers, scammers and criminals.
Our phones hold a treasure trove of data—and the bad guys know it. A screen lock is no longer enough.
Dream Droid, a botnet-type of malware program, recently infected the Android Market. It got its name because the malware activated at night, affecting users while they were asleep.
Originally it was thought that 21 apps were infected, but an independent security firm found an additional 30 apps.
Google flipped its famous kill switch—a scary, but seemingly necessary, piece of code that accesses phones without users’ permission and deletes the offending software.
About 260,000 Android users were hit. The phone’s IMEI identifier numbers were stolen, but no other personal user information was breached.
Dream Droid and other mobile botnets such as Zeus Mobile are more than viruses or spyware. They take over a phone.
In this case the software “rooted” the users’ phones, giving complete access to whoever was on the controlling end of the botnet.
Most botnets go undetected. A hacker or botmaster simply gains access then does nothing.
Often these networks of captured phones and computers are sold in underground Internet forums to spammers or hackers with even darker intentions—attacking the financial system, for example.
They deploy software from the hijacked computers, effectively rerouting their steps. It’s nasty stuff.
And aside from having your phone hijacked for evil, there are very real identity theft risks. Access to root on a phone means everything on that phone has been pealed open like a can of tuna.
What can you do about botnets, viruses and malware on your mobile phone? Not much, unfortunately, except to be very aware of the apps you’re downloading and why.
There are also some security applications worth trying, such as Lookout Mobile Security, but how they’ve responded in a case like Dream Droid remains unseen.Ondrej Krehel, Chief Information Security Officer, Identity Theft 911 Ondrej has more than a decade of network and computer security experience. His expertise extends to investigations of intellectual property theft, massive deletions, defragmentation, anti-money laundering and computer hacking. He led U.S. computer security projects at Stroz Friedberg and worked in IT security at Loews Corp.