10 Predictions for Mobile Malware in 2010

I don’t know if my recent analysis of Java/GameSat set me on divination, but today I feel like predicting a few things for 2010. And as we’re already
at the end of January, I should probably hurry.

1. SymbOS/Yxes will be back and stronger this year. Its authors have probably had time to debug it, and I would be surprised if they do not release a few versions in the wild.
2. The AppStore will be abused, unintentionally offering one (or more) malware to the iPhone community. My crystal ball tells me this malware is likely to be a spyware, i.e a malware particularly targeting our privacy.
3. Hackers will release a Proof of Concept malware for Android.
4. There will be at least 2 new major malware. I mean really new families, with new implementations, new tricks and extensive press coverage.
5. People will keep on thinking their mobile phones are not at threat, even though it’s nothing less than secured.
6. The amount of spyware, dialers and SMS-sending malware will keep on increasing. Those are areas where malware authors make money.
7. Social engineering malware such as Koobface will spread to smartphones from which one can blog or tweet on the go.
8. One of my papers on mobile malware and SymbOS/Yxes will be accepted in a research conference.
9. Mobile malware will start using cryptography more frequently to conceal their malicious deeds. Apart from encryption of some parts, most of the malware’s code will remain unobfuscated.
10. No mobile malware author will be caught, nor sued, sentenced or fined whatsoever.

I may turn out to be wrong on a couple of those, but it will be fun looking at this post end of 2010.