Media releases are provided as is by companies and have not been edited or checked for accuracy. Any queries should be directed to the company itself.
  • 12 October 2011 11:22

Symantec Threat Researchers Profile Top 7 Android Monetisation Schemes

Experts say only the beginning in terms of quantity and sophistication

SYDNEY, Australia – October 12, 2011 – Today Symantec Corp. (Nasdaq: SYMC) announced the publication of new research titled, “Motivations of Recent Android Malware” (PDF). This whitepaper provides an in-depth analysis of the current monetisation schemes behind the growing wave of malware targeting the Android mobile computing platform, and schemes likely to be seen in the future.

The paper’s key finding is that the majority of current efforts to monetise mobile malware have only a low revenue-per-infection ratio, thus limiting the return on investment achieved by attackers. However, this ratio is likely to increase in the future as smartphones gain traction as payment devices. Smartphone usage is growing exponentially, with new mobile device shipments increasing 55 per cent in 2010.

The whitepaper offers detailed insight into the top current mobile malware monetisation schemes observed by Symantec, including how each scheme works and examples of the malware presently being used to carry them out. These schemes are:

• Premium rate number billing scams • Spyware • Search engine poisoning • Pay-per-click scams • Pay-per-install schemes • Adware • mTAN stealing

In addition, the whitepaper describes potential revenue generating schemes likely to be seen in the near future that are capable of increasing cybercriminals’ return on investment. These include stealing and subsequently selling sensitive financial information – such as banking credentials; selling stolen International Mobile Equipment Identity (IMEI) numbers for use on previously blocked or counterfeit phones; and peddling fake mobile security products, a tactic that has been highly successful in the PC realm.

The research also highlights the three factors needed for mobile malware to reach the levels of sophistication and breadth seen with threats targeting PCs. These factors are an open platform, a ubiquitous platform and sufficient attacker motivation.

Noted is the rise in prominence of the Android platform, which has largely fulfilled the first two conditions, and we’re seeing the beginning of the third. The research suggests that attackers will no doubt continue to invest in the creation of Android malware as monetisation schemes evolve.

“While we have seen a marked increase in threats targeting the Android platform, cybercriminals are still very much exploring how these devices can be exploited for financial gain. Current mobile attacks have a low revenue-per-infection ratio and do not deliver financial returns for scammers. However we can expect the adoption of mobile payment technology to trigger advances in the quantity and sophistication of mobile malware as attackers seek to access consumers banking information” said Craig Scroggie, vice president and managing director, Symantec, Pacific region.

Protecting Consumers

To address the potential of Android malware, Norton recently announced several offerings under its Norton Everywhere initiative that go beyond Internet security and give consumers the power to protect themselves and their families across multiple devices and platforms.

• Norton Mobile Security Lite is a free download from the Android Market which seamlessly combines select anti-theft features with powerful antimalware, giving users a sense of security in the event their phone is ever lost, stolen or compromised by malware

• Norton Tablet Security is a new offering designed specifically for Android tablets to protect devices, privacy and important data against loss, theft, viruses and other threats. It includes web-based antitheft functions like Report Lost, Lock, Locate and Sneak Peek in addition to Antimalware and anti-phishing protection

Protecting Enterprises

Enterprises may also find themselves at risk due to mobile malware; this threat is compounded by the growing consumerisation of IT trend and its accompanying management challenges. Symantec offers a full line of mobile security and management solutions to help organisations enable scalable, secure and integrated mobility.

• Symantec Mobile Management 7.1 is a scalable MDM platform that enables enterprise-wide mobile email and application rollouts, safeguards mobile data and devices and provides comprehensive visibility and control of the mobile environment

• Symantec Endpoint Protection Mobile Edition 6.0 offers comprehensive protection against malicious threats with award-winning antivirus technology, an advanced firewall and SMS Antispam features

• Symantec Encryption Solutions Symantec Encryption Solutions protect confidential information on hard disks, in e-mail communication and on mobile devices, and are centrally managed through a single console to automatically enforce security policies

• Symantec Validation and Identity Protection (VIP) provides two-factor authentication to verify users’ identity when logging into online accounts. The VIP Access for Mobile credential can be downloaded onto more than 800 different mobile phone models and provides out-of-band authentication across more than 700 websites


• White Paper: Motivations of Recent Android Malware (PDF) • Blog Post: New Symantec Research: The Motivations of Recent Android Malware • Podcast: Mobile Security & Management: A Holistic Approach • Norton Tablet Security • Norton Mobile Security Lite • Symantec Mobile Management 7.1 • Symantec Endpoint Protection Mobile Edition 6.0 • Symantec Encryption Solutions • Symantec Validation and Identity Protection (VIP) • Norton Everywhere • Expert Biography: Eric Chien

Connect with Symantec

• Follow Symantec ThreatIntel on Twitter • Follow Symantec on Twitter • Join Symantec on Facebook • Join Norton on Facebook • Read Industry Trends on Delicious • View Symantec’s SlideShare Channel • Subscribe to Symantec News RSS Feed • Visit Symantec Connect Business Community

About Security Technology and Response The Security Technology and Response (STAR) organisation, which includes Security Response, is a worldwide team of security engineers, threat analysts and researchers that provides the underlying functionality, content and support for all Symantec corporate and consumer security products. With Response centers located throughout the world, STAR monitors malicious code reports from more than 130 million systems across the Internet, receives data from 240,000 network sensors in more than 200 countries and tracks more than 25,000 vulnerabilities affecting more than 55,000 technologies from more than 8,000 vendors. The team uses this vast intelligence to develop and deliver the world’s most comprehensive security protection.

About Symantec Symantec is a global leader in providing security, storage and systems management solutions to help consumers and organisations secure and manage their information-driven world. Our software and services protect against more risks at more points, more completely and efficiently, enabling confidence wherever information is used or stored. More information is available at


NOTE TO EDITORS: If you would like additional information on Symantec Corporation and its products, please visit the Symantec News Room at All prices noted are in U.S. dollars and are valid only in the United States. Symantec and the Symantec Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners.

For more information please contact: James Curtis Max Australia +61 2 9954 3492

Submit a media release