Welcome!

News Feed Item

Lookout Report Finds 10 Organizations Behind 60% of Russian Toll Fraud Malware

The security researchers at Lookout, the leader in security technology, will share the findings of an investigation into Russian mobile malware today at the Def Con Hacking Conference in Las Vegas, Nevada. Lookout also released an in-depth report on the research: Dragon Lady: An Investigation Into the Industry Behind the Majority of Russian Malware.

In the report, Lookout investigates 10 Russian-based organizations, uncovering that the mobile malware industry in Russia has become highly organized and profitable. These malware businesses develop more than 60 percent of all Russian malware and have thousands of individual affiliate marketers and web properties advertising their malware.

Within the industry, Lookout identified distinct malware development and distribution businesses (i.e., Malware Headquarters) that have created online do-it-yourself (DIY) malware platforms so that just about anyone can distribute and profit from malware – no prior coding or technical experience required. The Russian Malware Headquarters leverage a large and highly motivated workforce of affiliates, who earn a share of the profit by marketing and distributing the malware. Affiliates use the malware platform to configure their own customizable, “Easy-Bake” malware applications. Lookout has evidence of the affiliates making up to $12,000 per month. Malware Headquarters handle the production tasks such as releasing new Android code and configurations every two weeks, malware hosting, shortcode registration, and marketing campaign management tools. Like any other large business, Malware Headquarters provide customer support, post regular newsletters, report downtime or new features, and even run regular contests to keep their affiliates engaged and motivated.

The malicious activity of choice for these organizations is toll fraud — malware designed to secretly make charges to a victim’s phone bill via premium SMS messages, often while providing nothing of value in return. The affiliates can customize their toll fraud malware so that it looks like the latest Angry Birds game or Skype app in order to lure in a potential victim. Affiliates then receive a link to their custom malware that they can distribute as they see fit; common distribution points include social media sites like Twitter. Lookout reviewed 250,000 unique Twitter handles and, of those, nearly 50,000 linked directly to these toll fraud campaigns. The victim of the scheme is usually a Russian speaking Android user looking for free apps, games, MP3s or pornography. The victim may have been using search engine or click through links in Tweets or mobile ads, then unwittingly download the malicious app which secretly adds a premium SMS charge to their phone bill.

Lookout has been actively tracking SMS fraud since the first example was found in the wild in August 2010. Over time, this specific collection of malware samples, which primarily targeted Russian users with toll fraud, became the largest percentage of Lookout’s total Android malware collection. More than 50% of Lookout’s total malware detections in the wild for the first half of 2013 were Russian-based toll fraud.

Over the past three years, Lookout collected a dataset of the Russian SMS fraud malware, which they’ve classified into individual groups or “families” based on similarities in code and key features. This dataset — when merged with Lookout’s threat intelligence dataset of malicious links, domains and social media accounts — gives the full context on the issue at hand. This in turn allowed Lookout to track individual malware families back to the responsible affiliates and Malware Headquarters. Creating more connections in the dataset allows Lookout to more closely track malware families in the future.

See the full report: Dragon Lady: An Investigation Into the Industry Behind the Majority of Russian Malware. For more information on Lookout, visit www.lookout.com.

About Lookout

Lookout builds security software that protects people, businesses and networks from mobile threats. Lookout created the world’s largest mobile threat dataset, and the power of 40 million devices proactively prevent fraud, protect data and defend privacy on personal and business devices, and networks. Lookout’s flagship consumer product, Lookout Mobile Security is available for Android, iOS and Kindle, and received the 2013 Laptop Editors’ Choice Award. A 2013 World Economic Forum Technology Pioneer company, Lookout has offices in San Francisco and London. For more information, please visit www.lookout.com.

More Stories By Business Wire

Copyright © 2009 Business Wire. All rights reserved. Republication or redistribution of Business Wire content is expressly prohibited without the prior written consent of Business Wire. Business Wire shall not be liable for any errors or delays in the content, or for any actions taken in reliance thereon.

Latest Stories
You know you need the cloud, but you’re hesitant to simply dump everything at Amazon since you know that not all workloads are suitable for cloud. You know that you want the kind of ease of use and scalability that you get with public cloud, but your applications are architected in a way that makes the public cloud a non-starter. You’re looking at private cloud solutions based on hyperconverged infrastructure, but you’re concerned with the limits inherent in those technologies.
SYS-CON Events announced today that Massive Networks will exhibit at SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Massive Networks mission is simple. To help your business operate seamlessly with fast, reliable, and secure internet and network solutions. Improve your customer's experience with outstanding connections to your cloud.
DevOps is under attack because developers don’t want to mess with infrastructure. They will happily own their code into production, but want to use platforms instead of raw automation. That’s changing the landscape that we understand as DevOps with both architecture concepts (CloudNative) and process redefinition (SRE). Rob Hirschfeld’s recent work in Kubernetes operations has led to the conclusion that containers and related platforms have changed the way we should be thinking about DevOps and...
SYS-CON Events announced today that SkyScale will exhibit at SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. SkyScale is a world-class provider of cloud-based, ultra-fast multi-GPU hardware platforms for lease to customers desiring the fastest performance available as a service anywhere in the world. SkyScale builds, configures, and manages dedicated systems strategically located in maximum-security...
SYS-CON Events announced today that Grape Up will exhibit at SYS-CON's 21st International Cloud Expo®, which will take place on Oct. 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Grape Up is a software company specializing in cloud native application development and professional services related to Cloud Foundry PaaS. With five expert teams that operate in various sectors of the market across the U.S. and Europe, Grape Up works with a variety of customers from emergi...
Detecting internal user threats in the Big Data eco-system is challenging and cumbersome. Many organizations monitor internal usage of the Big Data eco-system using a set of alerts. This is not a scalable process given the increase in the number of alerts with the accelerating growth in data volume and user base. Organizations are increasingly leveraging machine learning to monitor only those data elements that are sensitive and critical, autonomously establish monitoring policies, and to detect...
Everything run by electricity will eventually be connected to the Internet. Get ahead of the Internet of Things revolution and join Akvelon expert and IoT industry leader, Sergey Grebnov, in his session at @ThingsExpo, for an educational dive into the world of managing your home, workplace and all the devices they contain with the power of machine-based AI and intelligent Bot services for a completely streamlined experience.
Because IoT devices are deployed in mission-critical environments more than ever before, it’s increasingly imperative they be truly smart. IoT sensors simply stockpiling data isn’t useful. IoT must be artificially and naturally intelligent in order to provide more value In his session at @ThingsExpo, John Crupi, Vice President and Engineering System Architect at Greenwave Systems, will discuss how IoT artificial intelligence (AI) can be carried out via edge analytics and machine learning techn...
With tough new regulations coming to Europe on data privacy in May 2018, Calligo will explain why in reality the effect is global and transforms how you consider critical data. EU GDPR fundamentally rewrites the rules for cloud, Big Data and IoT. In his session at 21st Cloud Expo, Adam Ryan, Vice President and General Manager EMEA at Calligo, will examine the regulations and provide insight on how it affects technology, challenges the established rules and will usher in new levels of diligence a...
FinTechs use the cloud to operate at the speed and scale of digital financial activity, but are often hindered by the complexity of managing security and compliance in the cloud. In his session at 20th Cloud Expo, Sesh Murthy, co-founder and CTO of Cloud Raxak, showed how proactive and automated cloud security enables FinTechs to leverage the cloud to achieve their business goals. Through business-driven cloud security, FinTechs can speed time-to-market, diminish risk and costs, maintain continu...
When shopping for a new data processing platform for IoT solutions, many development teams want to be able to test-drive options before making a choice. Yet when evaluating an IoT solution, it’s simply not feasible to do so at scale with physical devices. Building a sensor simulator is the next best choice; however, generating a realistic simulation at very high TPS with ease of configurability is a formidable challenge. When dealing with multiple application or transport protocols, you would be...
An increasing number of companies are creating products that combine data with analytical capabilities. Running interactive queries on Big Data requires complex architectures to store and query data effectively, typically involving data streams, an choosing efficient file format/database and multiple independent systems that are tied together through custom-engineered pipelines. In his session at @BigDataExpo at @ThingsExpo, Tomer Levi, a senior software engineer at Intel’s Advanced Analytics ...
Existing Big Data solutions are mainly focused on the discovery and analysis of data. The solutions are scalable and highly available but tedious when swapping in and swapping out occurs in disarray and thrashing takes place. The resolution for thrashing through machine learning algorithms and support nomenclature is through simple techniques. Organizations that have been collecting large customer data are increasingly seeing the need to use the data for swapping in and out and thrashing occurs ...
In the enterprise today, connected IoT devices are everywhere – both inside and outside corporate environments. The need to identify, manage, control and secure a quickly growing web of connections and outside devices is making the already challenging task of security even more important, and onerous. In his session at @ThingsExpo, Rich Boyer, CISO and Chief Architect for Security at NTT i3, discussed new ways of thinking and the approaches needed to address the emerging challenges of security i...
As many know, the first generation of Cloud Management Platform (CMP) solutions were designed for managing virtual infrastructure (IaaS) and traditional applications. But that’s no longer enough to satisfy evolving and complex business requirements. In his session at 21st Cloud Expo, Scott Davis, Embotics CTO, will explore how next-generation CMPs ensure organizations can manage cloud-native and microservice-based application architectures, while also facilitating agile DevOps methodology. He wi...