Welcome!

News Feed Item

Lookout Report Finds 10 Organizations Behind 60% of Russian Toll Fraud Malware

The security researchers at Lookout, the leader in security technology, will share the findings of an investigation into Russian mobile malware today at the Def Con Hacking Conference in Las Vegas, Nevada. Lookout also released an in-depth report on the research: Dragon Lady: An Investigation Into the Industry Behind the Majority of Russian Malware.

In the report, Lookout investigates 10 Russian-based organizations, uncovering that the mobile malware industry in Russia has become highly organized and profitable. These malware businesses develop more than 60 percent of all Russian malware and have thousands of individual affiliate marketers and web properties advertising their malware.

Within the industry, Lookout identified distinct malware development and distribution businesses (i.e., Malware Headquarters) that have created online do-it-yourself (DIY) malware platforms so that just about anyone can distribute and profit from malware – no prior coding or technical experience required. The Russian Malware Headquarters leverage a large and highly motivated workforce of affiliates, who earn a share of the profit by marketing and distributing the malware. Affiliates use the malware platform to configure their own customizable, “Easy-Bake” malware applications. Lookout has evidence of the affiliates making up to $12,000 per month. Malware Headquarters handle the production tasks such as releasing new Android code and configurations every two weeks, malware hosting, shortcode registration, and marketing campaign management tools. Like any other large business, Malware Headquarters provide customer support, post regular newsletters, report downtime or new features, and even run regular contests to keep their affiliates engaged and motivated.

The malicious activity of choice for these organizations is toll fraud — malware designed to secretly make charges to a victim’s phone bill via premium SMS messages, often while providing nothing of value in return. The affiliates can customize their toll fraud malware so that it looks like the latest Angry Birds game or Skype app in order to lure in a potential victim. Affiliates then receive a link to their custom malware that they can distribute as they see fit; common distribution points include social media sites like Twitter. Lookout reviewed 250,000 unique Twitter handles and, of those, nearly 50,000 linked directly to these toll fraud campaigns. The victim of the scheme is usually a Russian speaking Android user looking for free apps, games, MP3s or pornography. The victim may have been using search engine or click through links in Tweets or mobile ads, then unwittingly download the malicious app which secretly adds a premium SMS charge to their phone bill.

Lookout has been actively tracking SMS fraud since the first example was found in the wild in August 2010. Over time, this specific collection of malware samples, which primarily targeted Russian users with toll fraud, became the largest percentage of Lookout’s total Android malware collection. More than 50% of Lookout’s total malware detections in the wild for the first half of 2013 were Russian-based toll fraud.

Over the past three years, Lookout collected a dataset of the Russian SMS fraud malware, which they’ve classified into individual groups or “families” based on similarities in code and key features. This dataset — when merged with Lookout’s threat intelligence dataset of malicious links, domains and social media accounts — gives the full context on the issue at hand. This in turn allowed Lookout to track individual malware families back to the responsible affiliates and Malware Headquarters. Creating more connections in the dataset allows Lookout to more closely track malware families in the future.

See the full report: Dragon Lady: An Investigation Into the Industry Behind the Majority of Russian Malware. For more information on Lookout, visit www.lookout.com.

About Lookout

Lookout builds security software that protects people, businesses and networks from mobile threats. Lookout created the world’s largest mobile threat dataset, and the power of 40 million devices proactively prevent fraud, protect data and defend privacy on personal and business devices, and networks. Lookout’s flagship consumer product, Lookout Mobile Security is available for Android, iOS and Kindle, and received the 2013 Laptop Editors’ Choice Award. A 2013 World Economic Forum Technology Pioneer company, Lookout has offices in San Francisco and London. For more information, please visit www.lookout.com.

More Stories By Business Wire

Copyright © 2009 Business Wire. All rights reserved. Republication or redistribution of Business Wire content is expressly prohibited without the prior written consent of Business Wire. Business Wire shall not be liable for any errors or delays in the content, or for any actions taken in reliance thereon.

Latest Stories
@ThingsExpo has been named the ‘Top WebRTC Influencer' by iTrend. iTrend processes millions of conversations, tweets, interactions, news articles, press releases, blog posts - and extract meaning form them and analyzes mobile and desktop software platforms used to communicate, various metadata (such as geo location), and automation tools. In overall placement, @ThingsExpo ranked as the number one ‘WebRTC Influencer' followed by @DevOpsSummit at 55th.
In 2014, Amazon announced a new form of compute called Lambda. We didn't know it at the time, but this represented a fundamental shift in what we expect from cloud computing. Now, all of the major cloud computing vendors want to take part in this disruptive technology. In his session at 20th Cloud Expo, John Jelinek IV, a web developer at Linux Academy, will discuss why major players like AWS, Microsoft Azure, IBM Bluemix, and Google Cloud Platform are all trying to sidestep VMs and containers...
SYS-CON Events announced today that Enzu will exhibit at SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY, and the 21st International Cloud Expo®, which will take place October 31-November 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Enzu’s mission is to be the leading provider of enterprise cloud solutions worldwide. Enzu enables online businesses to use its IT infrastructure to their competitive ad...
Providing the needed data for application development and testing is a huge headache for most organizations. The problems are often the same across companies - speed, quality, cost, and control. Provisioning data can take days or weeks, every time a refresh is required. Using dummy data leads to quality problems. Creating physical copies of large data sets and sending them to distributed teams of developers eats up expensive storage and bandwidth resources. And, all of these copies proliferating...
SYS-CON Events announced today that MobiDev, a client-oriented software development company, will exhibit at SYS-CON's 20th International Cloud Expo®, which will take place June 6-8, 2017, at the Javits Center in New York City, NY, and the 21st International Cloud Expo®, which will take place October 31-November 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. MobiDev is a software company that develops and delivers turn-key mobile apps, websites, web services, and complex softw...
The speed of software changes in growing and large scale rapid-paced DevOps environments presents a challenge for continuous testing. Many organizations struggle to get this right. Practices that work for small scale continuous testing may not be sufficient as the requirements grow. In his session at DevOps Summit, Marc Hornbeek, Sr. Solutions Architect of DevOps continuous test solutions at Spirent Communications, explained the best practices of continuous testing at high scale, which is rele...
DevOps tends to focus on the relationship between Dev and Ops, putting an emphasis on the ops and application infrastructure. But that’s changing with microservices architectures. In her session at DevOps Summit, Lori MacVittie, Evangelist for F5 Networks, will focus on how microservices are changing the underlying architectures needed to scale, secure and deliver applications based on highly distributed (micro) services and why that means an expansion into “the network” for DevOps.
In his session at 19th Cloud Expo, Claude Remillard, Principal Program Manager in Developer Division at Microsoft, contrasted how his team used config as code and immutable patterns for continuous delivery of microservices and apps to the cloud. He showed how the immutable patterns helps developers do away with most of the complexity of config as code-enabling scenarios such as rollback, zero downtime upgrades with far greater simplicity. He also demoed building immutable pipelines in the cloud ...
Using new techniques of information modeling, indexing, and processing, new cloud-based systems can support cloud-based workloads previously not possible for high-throughput insurance, banking, and case-based applications. In his session at 18th Cloud Expo, John Newton, CTO, Founder and Chairman of Alfresco, described how to scale cloud-based content management repositories to store, manage, and retrieve billions of documents and related information with fast and linear scalability. He addres...
Hardware virtualization and cloud computing allowed us to increase resource utilization and increase our flexibility to respond to business demand. Docker Containers are the next quantum leap - Are they?! Databases always represented an additional set of challenges unique to running workloads requiring a maximum of I/O, network, CPU resources combined with data locality.
Due of the rise of Hadoop, many enterprises are now deploying their first small clusters of 10 to 20 servers. At this small scale, the complexity of operating the cluster looks and feels like general data center servers. It is not until the clusters scale, as they inevitably do, when the pain caused by the exponential complexity becomes apparent. We've seen this problem occur time and time again. In his session at Big Data Expo, Greg Bruno, Vice President of Engineering and co-founder of StackIQ...
The cloud market growth today is largely in public clouds. While there is a lot of spend in IT departments in virtualization, these aren’t yet translating into a true “cloud” experience within the enterprise. What is stopping the growth of the “private cloud” market? In his general session at 18th Cloud Expo, Nara Rajagopalan, CEO of Accelerite, explored the challenges in deploying, managing, and getting adoption for a private cloud within an enterprise. What are the key differences between wh...
Security, data privacy, reliability, and regulatory compliance are critical factors when evaluating whether to move business applications from in-house, client-hosted environments to a cloud platform. Quality assurance plays a vital role in ensuring that the appropriate level of risk assessment, verification, and validation takes place to ensure business continuity during the migration to a new cloud platform.
"Tintri was started in 2008 with the express purpose of building a storage appliance that is ideal for virtualized environments. We support a lot of different hypervisor platforms from VMware to OpenStack to Hyper-V," explained Dan Florea, Director of Product Management at Tintri, in this SYS-CON.tv interview at 18th Cloud Expo, held June 7-9, 2016, at the Javits Center in New York City, NY.
Containers have changed the mind of IT in DevOps. They enable developers to work with dev, test, stage and production environments identically. Containers provide the right abstraction for microservices and many cloud platforms have integrated them into deployment pipelines. DevOps and containers together help companies achieve their business goals faster and more effectively. In his session at DevOps Summit, Ruslan Synytsky, CEO and Co-founder of Jelastic, reviewed the current landscape of Dev...