Nearly all of that activity has until now targeted overseas users, sometimes with devastating results. A program aptly named “BillShocker” by researchers infected 620,000 users earlier this year, mostly in China, and ran up hefty bills through premium text message services.
Mobile malware writers are also developing hybrid threats designed to counterattack online banking security systems. In one sophisticated attack, criminals hacked both a victim’s computer and cellphone, then lurked until an online banking transaction was initiated on the PC. When the bank sent a so-called “out of band” text message as a security confirmation, the criminals intercepted them and approved the transactions. A malicious program named Eurograbber is blamed for stealing $47 million from 30,000 bank accounts this way, according to a report by security firm F-Secure.
Those victims were in Europe, but now there are other indications that mobile hackers are circling the waters, aggressively looking for more ways into the U.S. market.
Computer security expert Brian Krebs reported earlier this month on his blog that criminals are selling authorized Google Play developer accounts on underground bulletin boards. A developer account would theoretically give a criminal the ability to post rogue software onto the Google Play store.