(mikewirthart.com / Lookout Mobile Security)
Get ready for a case of the creepy crawlies, because we just got a list of the scariest malicious attacks on smart phones to date, and it's full of worms, snakes, evil bunnies ... and Rick Astley.
If you've got an Android phone and don't yet know the name Lookout, get familiar with it quick. It's sort of like a Norton Anti-Virus for your Android phone, only it's free and doesn't annoy you with constant pop-ups. Because the mobile security company scours the globe uncovering threats to Android and iPhone, they were kind enough to fill us in on the nastiest ploys and cyber cons.
Before you go freaking out, just be aware that these beasties are not so much running loose in the Android App Market and the iPhone App Store as they are festering out past the protective borders of the legitimate app business. Though they use different methods, Apple and Google are pretty good about monitoring what goes into their app stores. You should worry most if you're seeking ways to try to download premium apps without paying, trying to score bootleg apps available for "jailbroken" iPhones, or visiting any shady alternative Android app markets.
Despite that qualifier, it pays to be a little paranoid — and a lot informed. So without further ado, here are the most sinister six:
Hackers take this little guy and attach him to established apps and cutesy casual games such as "Monkey Jump 2" — over 30 apps so far. Then they redistribute the corrupted software in back-alley Android app stores. When people download the game or app, their whole phone gets taken over. Text messages, contacts and location information can be sent to a remote server, and evil-doers can even take over your phone, downloading files, placing phone calls and sending SMS messages. "This is the first Android malware in the wild that displays botnet-like capability," according to Lookout, which created the above infographic to show the mechanics of the assault.
SMS Android Trojan
"From Russia with love," says Lookout, this Trojan makes use of premium text messages. Once you download the seemingly harmless "Movie Player" app that it was hidden inside, it starts sending text messages to premium-rate numbers, each one levying a several-dollar charge to your phone bill. Though it's only surfaced on Android phones in Russia, it's probably worth keeping a close eye on your phone bill.
This one was a game that was posted all around the Internet on download sites specializing in Windows Mobile apps. Much like the Russian SMS Trojan, this one got hold of the phone and made premium-rate international calls, jacking up your phone bill in all kinds of ways. Windows Mobile was known for being wide open, and without a central app store, it was harder to know what to trust.
A supposed Snake game clone, the app would track your GPS coordinates and upload them to a remote server. If that wasn't bad enough, it would then download a premium app called GPS Spy, which would steal additional data from the phone. Scarily enough, Lookout says that this malware actually made its way to Google's Android App Market before it got yanked.
Red Bunny Trojan
The HongTouTou (aka "red bunny") exploit was just reported this week by Lookout. Making its way around Chinese app stores and targeting Chinese-language users, the bunny's full functionality and motivation are not yet known, but it appears to masquerade as a mobile browser in order to hit specific sites, possibly to fulfill some kind of pay-per-click traffic commitment. It may also be visiting pages with ads, in order to drive up ad revenue with falsely inflated page views.
When certain Australian iPhone users would "jailbreak" their phones in order to load illicit apps, some were infected by a worm that changed their wallpaper to an image of 80s pop crooner Rick Astley, says Lookout. The worm would then go out and search for other compromised phones to infect. As anyone who's ever been "rickrolled" could predict, the worm's slogan, written across the wallpaper image, was "ikee is never going to give you up." My guess is that some victims were left feeling very let down.
Now that you're good and scared witless, it's important to remind you again that these are not yet at your doorstep. However, behaving in a certain irresponsible way may bring them closer to you.
"Use common sense," says Kevin Mahaffey, Lookout co-founder and CTO. "If you're downloading applications, look at the info you have available — user ratings, the developer, the number of downloads." If there's an app with few user comments and few total downloads, and it's released by a developer you never heard of, steer clear. If you see a free game or entertainment app that collects phone call, location and contact data, you should probably skip it.
For Android, the danger is downloading apps outside of Google's App Market (or other reputable app stores such as Amazon's). If you're off somewhere getting apps from sources you don't know or trust, there could be consequences. For iPhone users, the line really is whether you jailbreak or not. Jailbreaking can be pretty easy, and getting pirated or bootlegged apps can seem like a great way to save money, but in doing so, you're basically handing out the smart phone equivalent of a front door key to Lord only knows.
"Just realize that there can be bad things out there," says Mahaffey.
More smart phone stories from msnbc.com's Technolog:
Catch up with Wilson on Twitter at @wjrothman, or join our conversation at Technolog's Facebook page.
First published February 16 2011, 6:30 AM