Welcome!

News Feed Item

Lookout Report Finds 10 Organizations Behind 60% of Russian Toll Fraud Malware

The security researchers at Lookout, the leader in security technology, will share the findings of an investigation into Russian mobile malware today at the Def Con Hacking Conference in Las Vegas, Nevada. Lookout also released an in-depth report on the research: Dragon Lady: An Investigation Into the Industry Behind the Majority of Russian Malware.

In the report, Lookout investigates 10 Russian-based organizations, uncovering that the mobile malware industry in Russia has become highly organized and profitable. These malware businesses develop more than 60 percent of all Russian malware and have thousands of individual affiliate marketers and web properties advertising their malware.

Within the industry, Lookout identified distinct malware development and distribution businesses (i.e., Malware Headquarters) that have created online do-it-yourself (DIY) malware platforms so that just about anyone can distribute and profit from malware – no prior coding or technical experience required. The Russian Malware Headquarters leverage a large and highly motivated workforce of affiliates, who earn a share of the profit by marketing and distributing the malware. Affiliates use the malware platform to configure their own customizable, “Easy-Bake” malware applications. Lookout has evidence of the affiliates making up to $12,000 per month. Malware Headquarters handle the production tasks such as releasing new Android code and configurations every two weeks, malware hosting, shortcode registration, and marketing campaign management tools. Like any other large business, Malware Headquarters provide customer support, post regular newsletters, report downtime or new features, and even run regular contests to keep their affiliates engaged and motivated.

The malicious activity of choice for these organizations is toll fraud — malware designed to secretly make charges to a victim’s phone bill via premium SMS messages, often while providing nothing of value in return. The affiliates can customize their toll fraud malware so that it looks like the latest Angry Birds game or Skype app in order to lure in a potential victim. Affiliates then receive a link to their custom malware that they can distribute as they see fit; common distribution points include social media sites like Twitter. Lookout reviewed 250,000 unique Twitter handles and, of those, nearly 50,000 linked directly to these toll fraud campaigns. The victim of the scheme is usually a Russian speaking Android user looking for free apps, games, MP3s or pornography. The victim may have been using search engine or click through links in Tweets or mobile ads, then unwittingly download the malicious app which secretly adds a premium SMS charge to their phone bill.

Lookout has been actively tracking SMS fraud since the first example was found in the wild in August 2010. Over time, this specific collection of malware samples, which primarily targeted Russian users with toll fraud, became the largest percentage of Lookout’s total Android malware collection. More than 50% of Lookout’s total malware detections in the wild for the first half of 2013 were Russian-based toll fraud.

Over the past three years, Lookout collected a dataset of the Russian SMS fraud malware, which they’ve classified into individual groups or “families” based on similarities in code and key features. This dataset — when merged with Lookout’s threat intelligence dataset of malicious links, domains and social media accounts — gives the full context on the issue at hand. This in turn allowed Lookout to track individual malware families back to the responsible affiliates and Malware Headquarters. Creating more connections in the dataset allows Lookout to more closely track malware families in the future.

See the full report: Dragon Lady: An Investigation Into the Industry Behind the Majority of Russian Malware. For more information on Lookout, visit www.lookout.com.

About Lookout

Lookout builds security software that protects people, businesses and networks from mobile threats. Lookout created the world’s largest mobile threat dataset, and the power of 40 million devices proactively prevent fraud, protect data and defend privacy on personal and business devices, and networks. Lookout’s flagship consumer product, Lookout Mobile Security is available for Android, iOS and Kindle, and received the 2013 Laptop Editors’ Choice Award. A 2013 World Economic Forum Technology Pioneer company, Lookout has offices in San Francisco and London. For more information, please visit www.lookout.com.

More Stories By Business Wire

Copyright © 2009 Business Wire. All rights reserved. Republication or redistribution of Business Wire content is expressly prohibited without the prior written consent of Business Wire. Business Wire shall not be liable for any errors or delays in the content, or for any actions taken in reliance thereon.

Latest Stories
Your business relies on your applications and your employees to stay in business. Whether you develop apps or manage business critical apps that help fuel your business, what happens when users experience sluggish performance? You and all technical teams across the organization – application, network, operations, among others, as well as, those outside the organization, like ISPs and third-party providers – are called in to solve the problem.
SYS-CON Events announced today that Roundee / LinearHub will exhibit at the WebRTC Summit at @ThingsExpo, which will take place on November 1–3, 2016, at the Santa Clara Convention Center in Santa Clara, CA. LinearHub provides Roundee Service, a smart platform for enterprise video conferencing with enhanced features such as automatic recording and transcription service. Slack users can integrate Roundee to their team via Slack’s App Directory, and '/roundee' command lets your video conference ...
In his general session at 18th Cloud Expo, Lee Atchison, Principal Cloud Architect and Advocate at New Relic, discussed cloud as a ‘better data center’ and how it adds new capacity (faster) and improves application availability (redundancy). The cloud is a ‘Dynamic Tool for Dynamic Apps’ and resource allocation is an integral part of your application architecture, so use only the resources you need and allocate /de-allocate resources on the fly.
Digital transformation is too big and important for our future success to not understand the rules that apply to it. The first three rules for winning in this age of hyper-digital transformation are: Advantages in speed, analytics and operational tempos must be captured by implementing an optimized information logistics system (OILS) Real-time operational tempos (IT, people and business processes) must be achieved Businesses that can "analyze data and act and with speed" will dominate those t...
SYS-CON Events announced today the Kubernetes and Google Container Engine Workshop, being held November 3, 2016, in conjunction with @DevOpsSummit at 19th Cloud Expo at the Santa Clara Convention Center in Santa Clara, CA. This workshop led by Sebastian Scheele introduces participants to Kubernetes and Google Container Engine (GKE). Through a combination of instructor-led presentations, demonstrations, and hands-on labs, students learn the key concepts and practices for deploying and maintainin...
A strange thing is happening along the way to the Internet of Things, namely far too many devices to work with and manage. It has become clear that we'll need much higher efficiency user experiences that can allow us to more easily and scalably work with the thousands of devices that will soon be in each of our lives. Enter the conversational interface revolution, combining bots we can literally talk with, gesture to, and even direct with our thoughts, with embedded artificial intelligence, wh...
SYS-CON Events announced today the Enterprise IoT Bootcamp, being held November 1-2, 2016, in conjunction with 19th Cloud Expo | @ThingsExpo at the Santa Clara Convention Center in Santa Clara, CA. Combined with real-world scenarios and use cases, the Enterprise IoT Bootcamp is not just based on presentations but with hands-on demos and detailed walkthroughs. We will introduce you to a variety of real world use cases prototyped using Arduino, Raspberry Pi, BeagleBone, Spark, and Intel Edison. Y...
Without a clear strategy for cost control and an architecture designed with cloud services in mind, costs and operational performance can quickly get out of control. To avoid multiple architectural redesigns requires extensive thought and planning. Boundary (now part of BMC) launched a new public-facing multi-tenant high resolution monitoring service on Amazon AWS two years ago, facing challenges and learning best practices in the early days of the new service. In his session at 19th Cloud Exp...
If you’re responsible for an application that depends on the data or functionality of various IoT endpoints – either sensors or devices – your brand reputation depends on the security, reliability, and compliance of its many integrated parts. If your application fails to deliver the expected business results, your customers and partners won't care if that failure stems from the code you developed or from a component that you integrated. What can you do to ensure that the endpoints work as expect...
Fact is, enterprises have significant legacy voice infrastructure that’s costly to replace with pure IP solutions. How can we bring this analog infrastructure into our shiny new cloud applications? There are proven methods to bind both legacy voice applications and traditional PSTN audio into cloud-based applications and services at a carrier scale. Some of the most successful implementations leverage WebRTC, WebSockets, SIP and other open source technologies. In his session at @ThingsExpo, Da...
Internet of @ThingsExpo, taking place November 1-3, 2016, at the Santa Clara Convention Center in Santa Clara, CA, is co-located with the 19th International Cloud Expo and will feature technical sessions from a rock star conference faculty and the leading industry players in the world and ThingsExpo Silicon Valley Call for Papers is now open.
SYS-CON Events announced today that Niagara Networks will exhibit at the 19th International Cloud Expo, which will take place on November 1–3, 2016, at the Santa Clara Convention Center in Santa Clara, CA. Niagara Networks offers the highest port-density systems, and the most complete Next-Generation Network Visibility systems including Network Packet Brokers, Bypass Switches, and Network TAPs.
While DevOps promises a better and tighter integration among an organization’s development and operation teams and transforms an application life cycle into a continual deployment, Chef and Azure together provides a speedy, cost-effective and highly scalable vehicle for realizing the business values of this transformation. In his session at @DevOpsSummit at 19th Cloud Expo, Yung Chou, a Technology Evangelist at Microsoft, will present a unique opportunity to witness how Chef and Azure work tog...
Cognitive Computing is becoming the foundation for a new generation of solutions that have the potential to transform business. Unlike traditional approaches to building solutions, a cognitive computing approach allows the data to help determine the way applications are designed. This contrasts with conventional software development that begins with defining logic based on the current way a business operates. In her session at 18th Cloud Expo, Judith S. Hurwitz, President and CEO of Hurwitz & ...
SYS-CON Events announced today that ReadyTalk, a leading provider of online conferencing and webinar services, has been named Vendor Presentation Sponsor at the 19th International Cloud Expo, which will take place on November 1–3, 2016, at the Santa Clara Convention Center in Santa Clara, CA. ReadyTalk delivers audio and web conferencing services that inspire collaboration and enable the Future of Work for today’s increasingly digital and mobile workforce. By combining intuitive, innovative tec...