When a visitor clicks the download button at the infected site, Agregado explained, a connection is made to another site that, without the guest’s knowledge, sends a malicious APK file to the mobile web surfer’s smartphone.
Once on the phone, the malware starts to secretly send text messages to premium numbers. This scam is a popular one among cyber criminals targeting Android phones. Symantec estimates in its most recent annual threat report that in 2011 some 18 percent of all mobile threats during the year involved premium SMS messages from infected phones.
“Malware that sends premium SMS text messages can pay the author $9.99 for each text and for victims not watching their phone bill could pay off the cyber criminal countless times,” Symantec noted.
Mobile threats are a growing trend, increasing 93 percent in 2011 over the previous year, according to John Harrison, Symantec group product manager for endpoint threat protection and security technology and response.
“Malware authors are continuing to find ways to monetize a lot of these threats,” he told PCWorld. While mobile threats are small compared to desktop and laptop threats, he observed, “it’s a growing upward trend that we will continue to watch.”
Follow freelance technology writer John P. Mello Jr. and Today@PCWorld on Twitter.