Mobile users face growing threat from compound attacks

Smartphones offer rich pickings for ingenious cyber crooks

Cyber crooks are turning to a new breed of double-pronged malware attacks to make their nefarious activities more lucrative, security researchers have warned.

In the past year, there was a sharp increase in the number and sophistication of so-called compound attacks, according to security firm Adaptive Mobile. These attacks combine elements of fixed internet attacks with smartphone malware.

Smartphones are an ideal target for cyber crooks because once the device is compromised, there are a multitude of ways to make money, from dialling premium rate satellite numbers to stealing banking credentials, said Gareth Machlachlan, chief operating officer at Adaptive Mobile.

In one such attack, the thieves attempted to bypass online banking security by combining a Zeus-based malware attack on a PC with smartphone malware. With both devices compromised, the thieves were able to siphon off funds using the victim's online banking credentials and then intercept the fund-transfer text messages the bank sent to its customers as a security check.

“Typically, many of these compound attacks involve the attackers deleting evidence of their activity, making it more likely that the attacks will go unnoticed,” said Machlachlan.

Separately, security firm McAfee warned today that instances of smartphone and tablet malware rose by almost 50 per cent in 2010 compared with 2009.