To developers, advertising frameworks may just be another way to make money from their free applications, but in at least one case -- dubbed "Vulna" by security firm FireEye -- the library has functionality that allows attackers to steal private data from a targeted phone and opens vulnerabilities that could be exploited by hackers.

The library, which FireEye has declined to name until its developer fixes the problems, underscores the dangers that mobile users and their companies will increasingly face. As smartphones and tablets become an essential part of information workers' tool sets, cybercriminals and digital spies have targeted the mobile devices to gain access to business data. Careful users who download mobile apps from well-vetted app stores are unlikely to encounter malware, but times are quickly changing, and targeted attackers will focus more heavily on mobile devices, says Manish Gupta, senior vice president of products for FireEye.

"Fundamentally, we believe that hackers have no restrictions on what they use for an infection vector -- they use what works, so mobile will be an increasing vector of choice," he says.

While malware has not become as pressing a threat on mobile devices as on personal computers, Vulna is not the only mobile vector that FireEye has found inside business networks. In another case, the company found a mobile application designed to access a device's calendar and turn on the phone's microphone during meetings, Gupta says.

To be ready for the inevitability of mobile malware, companies need to put limitations on their users, says Chet Wisniewski, senior security adviser for software security firm Sophos.

... Read full story on Dark Reading

Post a comment to the original version of this story on Dark Reading