Most recently, however, researchers have learned that hackers are now creating mobile
David Rayhawk, senior researcher for McAfee Mobile, said there is evidence that malware writers are now actively working on developing their own mobile spyware. So far, he said, a Russian malware author has released a prototype of SMS-forwarding spyware that is invisible to the user, loads on startup, and forwards SMS text in a new SMS to the spyware's author. The malware breaks down at the forwarding part, but with some tweaking, Rayhawk said, an experienced hacker could figure it out.
The recent discovery is not the first time mobile spyware has been noticed, but Rayhawk said that it is time for folks to pay attention.
"It's definitely not the end of the world," he said, noting that whoever created the most recent mobile spyware program also released the incomplete source code that would allow hackers to spy on others. If that source code spreads further, he said, it could be cause for alarm.
"If that source code gets out, a semi-able hacker could adjust it," Rayhawk said.
The spyware works like this: A hacker sends an SMS message to the target. The target opens the message, installing the spyware onto the device. That spyware, unbeknownst to the victim, takes the SMS messages and forwards them on to the hacker.
Rayhawk said mobile operators should be the most concerned because protecting devices would cost them money, and a massive spyware outbreak could also have a financial impact. But he said it's premature for users to worry.
"The likelihood of an individual user getting targeted is pretty low," he said.
In March, malware was found that copied SMS messages and sent them to a server where they could be retrieved by hackers. Then, in September, spyware was found that could retrieve SMS messages, contact numbers and call logs. There is also mobile malware that can call a device, make the device answer silently without the user's knowledge, and turn the device into a remote bug.
Rayhawk suggests that smartphone and mobile phone users start treating their devices more and more like PCs. He said that -- as a culture -- mobile users need to recognize that their devices are just as susceptible as their larger, fixed counterparts to spyware, worms, viruses and other malware.
"People trust phones too much," Rayhawk said. "Users need to apply the same level of paranoia to their phones as they do to PCs."