Mobile malware is malicious software which targets mobile devices, such as smartphones and tablets, with an aim of accessing private data of the user, stealing data, signing users up for services. Mobile Malware is a growing threat as organizations do not allow employees to access corporate or secure networks using their personal device which brings in potential threats to the environment.
Mobile malware statistics
As per the McAfee Labs report, Mobile malware represented 3.5 percent of all malware attacks in 2017. However, despite these numbers, security experts believe that mobile malware is under reported.
Mobile banking became a target for malware designers in 2018 as users came to rely on their smartphones to conduct banking tasks. In 2017 there was a 60 percent increase in mobile banking Trojans, according to McAfee Labs.
Researchers at Check Point analyzed in the Cyber Attack Trends: 2019 Mid-Year Report that the cyber attacks on Mobile devices have risen by 50% when compared to the previous year. The findings have been outlined in the Cyber Attack Trends: 2019 Mid-Year Report.
Spreading Mobile Malware
Unguarded endpoints are created by the employees in the corporate environment due to the increased usage of personal devices. Organizations targeting cost cutting allow their employees to follow the ‘Bring Your Own Device’ methodology, in order to lower the costs and improve efficiency and effectiveness, thereby creating security concerns for the company network and the data stored on it. One breach through a personal device can potentially lead to widespread infection and a catastrophic large-scale data loss.
There are a few common ways that attackers rely on to spread their malicious code:
- Phishing and Spoofing
Phishing is the practice of tricking someone into providing their valuable account or personal information often with the practice of disguising electronic communication or websites as a trusted entity of the victim. The practice of disguising electronic communication is known as Spoofing. Although, spoofing and phishing often go hand in hand, yet spoofing can be used for other despicable goals beyond phishing for account information. For example, a spoofed email may try to convince the recipient to click a malicious URL and end up being a victim of cyber attack.
One popular method for enforcing victims to install malware is to send those links via an SMS spoof to Android Package (APK) files hosted on attacker-controlled websites. Through these Pop up messages or emails, where victims would be prompted to click the link sent with malicious intent. These links can lead the victim to a spoofed banking site designed similar to the original site which can easily convince the victim to “update your banking app”. The update would then install the malicious code, thereby allowing the attacker to gain access and collect credentials.
As recorded, 57% of organizations have specifically experienced a mobile phishing attack. Hence it should be educated to all the employees regarding the links and pop ups which can be phishing links and might end up compromising organizational data. This shouldn’t be too surprising when you consider the fact that people are 18 times more likely to click a suspicious link on a mobile device then they are on desktop.
- Rooted Device
Rooted device is a device simply means that you have bypassed the internal protections and have unrestricted control of the operating system. Those who perform the ‘root device’ function on their phones often have the reason to download third-party apps that are not approved by their operating system, or make customizations to their phones that are not possible with the default protections.
With this action being performed on a device, the device would become open to all the malicious attacks prevented by operating system security. For organizations that operate in a Bring-Your-Own-Device (BYOD) environment, an employee’s rooted device could leave its network unknowingly exposed to a breach.
“All it takes is just one rooted device, lacking the basic default protections, to give attackers the opening they need to obtain account credentials, intercept sensitive company data, or open your network to a malware intrusion.”
- Drive-by Downloads
Opening a wrong email or visiting a malicious website, could become the possible reason for allowing a different form of mobile malware known as the drive-by download. This form of malware installs malicious files on the device automatically and can unleash a range of threats, including spyware, malware, adware or some more serious malicious codes such as a Bot. These Bots can use mobile devices to perform reprehensible tasks like sending viruses to other people within the organization or scanning the network for a malicious intent while they are connected to the network.
- Browser Exploits
As compared to the desktop browsers, mobile browsers are still not completely secure. Due to this, there are a number of browser exploits taking place without the knowledge of the device owner that can take full advantage of the browser and other applications that work within the browser, such as PDF Reader. It can also implant malicious code in the cookies which can save unauthorized data and transfer it to the attacker.
Since mobile devices are in more demand due to portability, attackers target these devices at a larger range as compared to desktop and large systems. Mobile malware is on the rise, with attackers shifting their efforts to smart phones and tablets as global mobile markets come under attack. To stay secure means recognizing your risk, understanding common threats and following basic mobile security best practices.