Cybercriminals are tailoring malware threats depending on where users live
In 2013 cyber-criminals began tailoring mobile malware threats depending on where their victims live.Reuters

Just as marketeers and advertisers will tailor ad campaigns depending on the audience they are talking to, mobile malware campaigns are now evolving to create malicious apps which target a specific region or country.

While premium rate SMS fraud remained the primary type of malware affecting people across the globe in 2013, in the UK a specific type of malware called chargeware has become the most prevalent threat, allowing cybercriminals to sidestep regulation which prevents them using traditional premium rate SMS fraud.

According to a report from mobile security company Lookout, pornograhic apps with "deceptive charging practices" made up the most prevalent forms of chargeware in 2013, with one campaign called "SMS Capers" representing more than 50% of the risk in the UK.

Chargeware is best described as apps with hard-to-read end user licence agreements (EULAs or terms and conditions to you and me) which deceptively bill victims, often after luring them in with pornographic images or video.

Maximise profit, minimise risk

According to Lookout's research, the encounter rate of chargeware differs hugely depending on where you are in the world, with a 13% encounter rate in France, 20% in the UK but only 5% in the US.

Increasingly targeting malware by region allows the criminals to "maximise profit and minimise detectability" according to Lookout.

Mobile Malware Detection Globally
A graph showing global encounter rates of mobile malware in 2013.Lookout

Marc Rogers, principal security researcher at Lookout, explains why criminals have moved away from premium rate SMS malware:

"In the UK, setting up premium rate SMS [fraud] is very difficult as their is a lot of regulations, so they adapt to use chargeware. [Criminals] trick you into subscribing to a service which is very difficult to get out of."

"Not looking at an APPocalyptic situaiton"

While this type of chargeware is prevalent in the UK, France and Spain, Lookout says it sees "very little in Germany as it has very strict regulation."

While chargeware becomes the de facto threat in the UK, premium rate SMS fraud continues to rage in countries such as Russia and in Asia where regulation is much more lax.

While many reports into mobile malware these days are headlined by the huge numbers of malicious apps discovered - Kaspersky recently reported that it had discovered 10 million malicious Android apps - Rogers explains that most of these are merely iterations of the same piece of malware counted multiple times and that "we are not looking at an apocalyptic situation."

"One piece of malware could ruin your life"

Rogers thinks that, contrary to popular belief, Google "does a phenomenal job" of keeping malware out of the Play store.

He points to statistics in the report which says that the chances of encountering malware on your Android phone in the US - where Google Play is the primary source of apps - is just 4% while in Russia - where people use thrid-party app stores not affiliated with Google - the chances of encountering malware is 63%.

However Rogers warns that even a 4% chance of encountering malware is not good enough, as just "one piece of malware on your phone can ruin your life."

He adds that the chances of having your phone stolen is a much bigger theat especially when you consider the amount of sensitive personal and financial information people store on their smartphones these days.

Rogers also believes that while iOS is currently a malware free zone, he expects to see malware emerging on the App Store just as desktop malware moved from Windows-based PCs to Mac OS X devices in the last couple of years.