The phenomenon is not new: cybercriminals are increasingly using and developing mobile malware. These malicious pieces of code have more and more functionality and are becoming more dangerous every day. We’ll discuss the evolution of this threat, how it affects businesses, and how to protect yourself and your business.
Mobile malware, as we’ve covered many times, is a growing trend in cybersecurity. A few days ago, Proofpoint reported a 500% increase in mobile malware delivery attempts in Europe (Figure A).
Let’s try to understand why and expose the different threats it represents.
Why is there an increase in mobile malware?
Almost everyone owns a cell phone these days, and most people who use them aren’t really aware of the dangers. Also, they usually have less protection on their phones than on their computers.
The growth of the mobile market and the number of apps running on it has become interesting enough that cybercriminals put more effort into developing malware for phones. In addition, more and more people today use their mobile phones to access a wide variety of services and applications. These applications can be banking applications or applications that process their credit card numbers or any application that may disclose information that can be resold (eg credentials for services). All of this makes mobile phones really interesting for cybercriminals.
SEE: Password breach: Why pop culture and passwords don’t mix (free PDF) (TechRepublic)
According to Proofpoint, SMS/mobile messaging campaigns for distributing malware have increased over the past year. The use of SMS and instant messaging allows cybercriminals to use social engineering techniques different from those used on computers. Loïc Guézo, Senior Director, Cybersecurity Strategy at Proofpoint, said: “Scams, smishing and mobile malware have increased exponentially over the past few years. This is a trend that started before the pandemic and is continuing. Trust in mobile messaging communications makes it a very attractive platform for business and marketing activities; it also makes the mobile channel prone to fraud and identity theft for cybercriminals. »
Android phones are the most vulnerable
Android systems allow their users to get content from multiple app stores. It is also possible to easily install third-party applications from anywhere on the Internet. This ability makes it easier for attackers to infect phones running Android operating systems.
On the iOS side, the operating system does not natively allow sideloading; this requires jailbreaking the phone, which the common user will not do. This is probably the main obstacle preventing financially oriented attackers from developing and using malware on phones running the iOS operating system.
What types of mobile malware threats are there?
Mobile malware has evolved from simple credential theft to much more advanced functionality.
Some types of mobile malware are capable of recording phone and non-phone conversations (via apps), recording audio and video directly from the device or even destroying or erasing phone data.
In addition, mobile malware can intercept all interesting information on the phone: credentials for apps, credit card numbers, text messages, and can even be used to proxy for other attackswhich is particularly serious because the phone could be used to target someone else and a legal investigation would likely lead to it, making the phone user suspect in different cases.
A few of the top malware families using SMS as a threat vector, as revealed by Proofpoint, reveal extensive targeting and functionality (Figure B).
Smishing is on the rise
Apart from mobile malware, smishing attacks are another significant threat targeting mobile phone users. Basically, smishing is text phishing. It involves using text messages to lure victims into an immediate action like clicking on a link or downloading a file. Since users usually don’t expect to be targeted in this way, it has a higher chance of being opened than a normal phishing attack on a computer. The phishing scam can then lead to credential theft or malware infection.
What can be done to prevent mobile threats?
To protect yourself against malware threats as well as other mobile threats, it is important to:
- Install comprehensive security apps on your device to protect it.
- Do not click on any link that comes to your cell phone, no matter what application it is using, if it comes from an unknown source.
- Avoid unknown apps
- Never download apps from third parties or untrusted sources.
- Check permissions when installing an app. Apps should only request permissions for necessary APIs. Be very careful with apps requesting SMS processing privileges.
- Be very careful with apps requesting updates immediately after installation. An app downloaded from the Play Store is assumed to be the latest version. If the app asks for update permission on first run, immediately after installation, this is suspicious and may be a sign of malware trying to download more features.
Disclosure: I work for Trend Micro, but the opinions expressed in this article are my own.