The Coming Wave of Mobile Attacks via itunes store

The pace of innovation on mobile phones and other smart wireless devices has accelerated greatly in the last few years, adding features, speed and computing power. But now the attackers are beginning to outstrip the good guys on mobile platforms, developing innovative new attacks and methods for stealing data that rival anything seen on the desktop, experts say.

For years there have been dire predictions from industry pundits about the coming wave of mobile malware, viruses and Trojans that would specifically target smartphones and PDAs, wreaking havoc on mobile devices. But that giant tide of mobile malware never materialized. There have been a few mobile viruses here and there, but for the most part attackers have decided to forego those kinds of attacks and instead have focused on stealthy techniques that give them unlimited--and unnoticed--control of the device.

Banker Trojans targeting platforms such as the iPhone and Windows Mobile have appeared in recent months, and fake mobile banking applications have shown up in the app stores of some mobile platorms, as well. Those malicious applications look exactly like the legitimate banking apps produced by major international banks and are designed to capture users' online banking credentials.

This particular attack vector--introducing malicious or Trojaned applications into mobile app stores--has the potential to become a very serious problem, researchers say. Tyler Shields, a security researcher at Veracode who developed a proof-of-concept spyware application for the BlackBerry earlier this year, said that the way app stores are set up and their relative lack of safeguards makes them soft targets for attackers looking to maximize the effectiveness and reach of their malicious applications.

rest at http://threatpost.com/en_us/blogs/coming-wave-mobile-attacks-051710