New mobile malware silently transfers account credit

Kaspersky Lab today warned users of five newly found variants of the Trojan-SMS.Python.Flocker mobile malware, targeting an Indonesian mobile provider's service allowing users to transfer money or minutes to each other's accounts. SMS Python Flocker is a known mobile malware family, whose previous versions used to automatically send SMS message from the infected mobile device to premium-rate numbers operated by the malware authors.

Once infected with the latest variant, the malware would transfer credit from the infected device by silently SMS-ing the provider's credit transfer service with the desired amount of credit.

Such mobile credit transfer services are used internationally, however, compared to simple cash/account credit transfers, in the long term mobile malware authors would continue looking for ways to steal hard cash. Since the first releases of the RedBrowser in 2006, which was silently sending SMS messages (screenshots) to premium-rate numbers, mobile malware authors have been looking for ways to monetize the infected devices. What has changed since then is the growth of mobile payments/m-payments and mobile wallets, whose popularity is proportionally empowering potential mobile malware authors with all the purchasing power an infected device has.

For the time being, among the main reasons why we still haven't witnessed an epidemic of mobile malware, is sadly because cybercriminals are making enough profit even without exploiting the fact that there are more people with mobile devices, than people with personal computers around the world.