Mobile malware increasingly being used for espionage by state-sponsored groups

State-sponsored groups take advantage of the lack of effective mobile malware solutions to target mobile users, according to a new report from BlackBerry.

How the malware landscape is evolving We still have a massive number of hacks and malware coming in through phishing and older "tricks," says Franc Artes, Architect of Security Business at Cisco.

As mobile devices have proliferated so has mobile malware. Just like desktop malware, mobile malware has long been employed not just by individual hackers and cybercriminals but by organized state-sponsored groups. But the use of mobile malware as a weapon by such groups far exceeds what was previously estimated, says a report released on Wednesday by BlackBerry.

SEE: Incident response policy (TechRepublic Premium) 

In its report entitled "Mobile Malware and APT Espionage: Prolific, Pervasive, and Cross-Platform," BlackBerry describes an environment in which advanced persistent threat (APT) groups are combining mobile malware with traditional desktop malware to conduct ongoing surveillance and espionage campaigns. Mobile malware presents itself as an ideal area for state-sponsored groups to exploit due to a few different factors, according to BlackBerry.

Low threat detection rates and a false sense of security have made mobile users an inviting target. Security products designed to block mobile malware are still low in number. Forensic access to smartphones is limited. And research into the threat of mobile malware by governments and government-sponsored groups has been clumsy and disorganized.

To compile the report, BlackBerry researchers looked at mobile and mobile+desktop malware campaigns connected to such nations as China, Iran, North Korea, and Vietnam along with two other unidentified but likely state-sponsored actors. All of the campaigns were aimed at foreign and/or domestic targets with economic and/or political objectives in mind.

Notable malware campaigns

Some of the most notable malware campaigns that BlackBerry discovered in its research included:

  • A newly identified threat actor called BBCY-TA2 is using a newly identified Android malware family called PWNDROID3 in combination with a newly identified Windows malware family dubbed PWNWIN1. This cross-platform campaign dubbed OPERATION DUALCRYPTOEX distributes malware through phone mobile apps that mimic a popular bitcoin cashing program.
  • A newly identified threat actor dubbed BBCY-TA3 has engaged in economic espionage against a range of Western and South Asian commercial enterprises in the telecommunications sector as well as almost every chemical manufacturing company in the world outside of China. BBCY-TA3 has also been sharing its attack infrastructure with BBCY-TA2.
  • A newly discovered cross-platform espionage campaign dubbed OPERATION OCEANMOBILE conducted by an APT group called OCEANLOTUS is deploying a newly identified Android malware family called PWNDROID1 through three different fake mobile apps.
  • A newly identified cross-platform espionage campaign dubbed OPERATION DUALPAK conducted by an APT group called BITTER has been targeting the Pakistani military. This campaign deploys a mobile malware family named PWNDROID2 via fake apps as well as through SMS and WhatsApp.
  • A second newly identified cross-platform espionage campaign taking advantage of interest in the recent Kashmir crisis has been targeting the Pakistani government and military. Known as OPERATION DUALPAK2 and conducted by a group named CONFUCIUS, this campaign is distributing a newly identified Windows malware family called PWNWIN2 via a JavaScript version of a chat app.

"Both organizations and consumers should be very concerned about what this means for not only their information, but also the safety and security of the countries in which they reside," Brian Robison, chief evangelist at BlackBerry Cylance, said in a press release. "It's clear that the market for exploits targeting mobile devices has skyrocketed, and the sheer scale of what we found--mobile malware that is interwoven with desktop malware campaigns--shows definitively that several nation states are getting in on the mobile campaign action. It is essential that organizations utilize the utmost advanced technology to protect and secure the mobile landscape." 

Organizations trying to protect themselves against cyber espionage campaigns should enhance their security strategy to encompass mobile defense, advises BlackBerry, both for company-issued smartphones and for phones allowed through a "bring your own device" plan.

Also see

Malware and criminal concept

Image: iStockphoto/peshkov