As our smartphones have become our wallets and personal computers, holding everything from banking to social network information, they’ve become targets for hackers, scammers and criminals. Our phones hold a treasure trove of data—and the bad guys know it.
A screen lock is no longer enough.
Dream Droid, a botnet-type of malware program, recently infected the Android Market. It got its name because the malware activated at night, affecting users while they were asleep. Originally it was thought that 21 apps were infected, but an independent security firm found an additional 30 apps. Google flipped its famous kill switch—a scary, but seemingly necessary, piece of code that accesses phones without users’ permission and deletes the offending software. About 260,000 Android users were hit. The phone’s IMEI identifier numbers were stolen, but no other personal user information was breached.
Dream Droid and other mobile botnets such as Zeus Mobile are more than viruses or spyware. They take over a phone. In this case the software “rooted” the users’ phones, giving complete access to whoever was on the controlling end of the botnet. Most botnets go undetected. A hacker or botmaster simply gains access then does nothing. Often these networks of captured phones and computers are sold in underground Internet forums to spammers or hackers with even darker intentions—attacking the financial system, for example. They deploy software from the hijacked computers, effectively rerouting their steps.
It’s nasty stuff.
And aside from having your phone hijacked for evil, there are very real identity theft risks. Access to root on a phone means everything on that phone has been pealed open like a can of tuna.
What can you do about botnets, viruses and malware on your mobile phone? Not much, unfortunately, except to be very aware of the apps you’re downloading and why. There are also some security applications worth trying, such as Lookout Mobile Security, but how they’ve responded in a case like Dream Droid remains unseen.
[Free Tool: Obtain your Identity Risk Score from Credit.com]
This article originally appeared on Identity Theft 911 on June 14, 2011.
More from Identity Theft 911: