Expensive malware appears for Microsoft’s Windows Mobile

invisibleSHIELD case for iPad“Malware embedded into legitimate-looking games designed for Windows Mobile has appeared, automatically dialing up foreign telephone services to rig up hundreds of dollars in illicit charges for users behind their backs,” Prince McLean reports for AppleInsider.

“The discovery, reported by John Hering of the Lookout security firm, was covered in a report by Reuters, which inaccurately described the malware a ‘virus’ and misleadingly referred to the exploit as being orchestrated by ‘hackers,'” McLean reports. “In reality, the malware was simply the product of malicious mobile software developers who misrepresented their work as safe, and distributed it through ‘sites that provide legitimate software for mobile devices.'”

“The fraudulent mobile software for Microsoft’s smartphone platform punctuates the warnings Apple has been sounding about security-free software distribution, and underlines why the company has maintained a strict policy that forces iPhone mobile developers to get their work approved by and cryptographically signed for distribution by Apple itself,” McLean reports. “Critics have chafed at Apple’s secure software signing model and have praised Google’s alternative Android model, which enables users to download software from any source, without any security model in place, at their own risk.”

McLean reports, “The appearance of malware on Windows Mobile is particularly interesting because the motivation of this assault was entirely financial. That being the case, the fact that the malicious developers targeted Windows Mobile, which is almost entirely limited to the US and now trails Symbian (42%), RIM (21%), and Apple’s iPhone OS (15%) in market share (9% over the last year), throws decades of Windows-based punditry on its head because ‘malicious hackers’ supposedly only target the largest platform.”

Read more in the full article here.

MacDailyNews Take: Security via obscurity disproven yet again. For further reading, please see: Unlike proactive Apple, reactive Google doesn’t block malware from Android app store – June 04, 2010

44 Comments

  1. Another nail in the coffin of the “security by obscurity” myth, as Windows Mobile certainly qualifies as “obscure” by now. Yet more proof that malicious coders will target weaknesses they can exploit, regardless of the marketshare it has. (Further proven by the fact that malware exists for only jailbroken iPhones, which comprise a very small minority compared to regular iPhone users.)

  2. Remember, Apple had this same problem with apps they approved. It started sending info on the device and it’s whereabouts and ultimately disclosed the presence if the iPad before it was launched. Steve Jobs ranted about this at D8.

    We shouldn’t be too sanctimonious or risk being hypocrites.

  3. @ MadMac – You’re trying to equate data privacy breaches with malware infections? Seriously?? Sure, both are serious, but it’s extremely disingenuous to pretend there isn’t a huge difference between them.

  4. So finally the truth comes out. The least amount of users of a product doesn’t guarantee that it is safe. Yet
    most PC experts have always claimed that Macs were virus free because of there smaller user base.
    Well so much for that as being fact.
    OSX is safer because it just is, ask Google.

  5. Hope those idiots over at CNET are reading this. It just proves that hackers pick on an OS because it’s easy to hack. They don’t bother with MacOS because it’s difficult to hack. That simple. Learn to live with it instead of creating this security by obscurity nonsense. Windows: Our security is your pane (pain).

Reader Feedback

This site uses Akismet to reduce spam. Learn how your comment data is processed.