IBM researcher: 'Mobile malware marketplace' is heating up

The "mobile malware marketplace" has heated up in recent months, according to an IBM security export, as developers increasingly recognize the money to be made in targeting Android devices with malware. But just how big a threat exists to U.S. consumers is as unclear as ever.

"A scan of recent events linked with mobile malware includes the GM Bot code leak… and the subsequent release of a new version of GM Bot in March 2016," wrote IBM Executive Security Advisor Limor Kessem in a blog post this morning. "With this later release, the GM Bot author tripled the price of the overlay malware from $5,000 to $15,000."

The vendor of the nefarious code was recently banned "in the top underground markets" due to a dispute with a customer, Kessem noted.

GM Bot is a popular Trojan that places a fraudulent window on top of banking apps in an effort to entice users to submit their online banking information. Its source code was leaked online several weeks ago, stoking fears that developers could refine it and exploit it on a wider scale.

While cyber attackers often develop their own code, some malware is available for one-time sale or via a time-based subscription, enabling access to evolving code designed to keep ahead of security measures.

"Three alternative offerings actively being sold in underground boards include Bilal Bot, Cron Bot and KNL Bot," Kessem wrote. "These malicious codes are being peddled by their authors for prices ranging from $3,000 to $6,000. While they may not possess the same feature variety as GM Bot, all three claim to have the overlay screen capabilities and data theft ability, according to their vendors."

And the number of malware offerings coming to the underground market is on the rise, Kessem wrote, which may indicate growing demand "at a time when full-fledged banking Trojans have become the domain of organized crime groups."

As a vendor of security software, IBM has a dog in this fight, of course. And just how big a threat mobile malware is to mainstream users remains uncertain. A study from another security developer last year found that 440,000 new strains of Android malware emerged in the first quarter of 2015, marking a 6.4 percent jump from the previous quarter.

But a year-old study from the security firm Damballa found that users "are 1.3 times more likely to get struck by lightning than have mobile malware communicating" on their phones. Damballa monitored roughly half of all mobile traffic in the U.S. and found only 9,688 out of a total of 151 million mobile devices contacted "black list domains," marking a miniscule 0.0064 percent.

"This research shows that mobile malware in the United States is very much like Ebola -- harmful, but greatly over exaggerated, and contained to a limited percentage of the population that are engaging in behavior that puts them at risk for infection," a Damballa researcher said at the time.

For more:
- see this IBM blog post

Related articles:
Apple removes apps affected by 'XcodeGhost' malware after App Store is hacked
Nokia: iOS-based malware is on the rise
Verizon, Google team on Android digital safety and security app