Mobile malware is malicious software that targets mobile phones and tablets by causing the collapse of the system and loss/leakage of confidential information. And while this problem was virtually non-existent just two decades ago, in 2018, security firm Kaspersky Lab recorded 116.5 million malicious mobile software attacks (nearly doubling the 66.4 million attacks detected in 2017). And with more mobile devices in use, there are more mobile apps to compromise and more opportunities for hackers.
The average user now has between 6-90 apps on his or her mobile device.
Types of Mobile Malware
This standalone malware is designed to endlessly reproduce itself and spread to as many devices as possible. Mobile worms are usually transmitted via SMS/MMS text messages and typically do not require user interaction to be executed.
This type of malware always requires user interaction to be activated and is often found in seemingly non-malicious applications. Once activated, the malware can cause serious damage to the mobile device by infecting and deactivating other applications.
This malware poses a threat to mobile devices by collecting and spreading a user’s personal information without the user’s consent or knowledge by synchronizing calendars, email accounts, notes, and other information with a remote server.
This type of malware encrypts user data such as documents, photos and videos and demands that a ransom be paid to the attacker (usually in untraceable currency like Bitcoin). If the ransom is not paid, user files are deleted or permanently locked.
Note: This is far from an inclusive list and even within the mentioned items there is overlap (ransomware is often a trojan, for example).
A (Brief) History of Mobile Malware
The first known mobile virus was discovered by antivirus labs in Russia and Finland in June 2000. Dubbed “Timofonica,” the virus sent mass SMS messages to GSM mobile phones and was designed to publicly criticize the Spanish telecom operator, Telefonica.
In 2004, a worm known as “Cabir” spread via Bluetooth targeted the Symbian operations system that was used on most mobile phones at the time. And while the first variations of the Cabir were relatively benign, later variants had the ability to pilfer device data.
The first mobile spyware arrived on the scene in 2007 in the form of FlexiSpy, which could record phone calls and collect SMS messages to be sent back to the attacker.
In 2013, the first major mobile ransomware arrived on the scene. FakeDefender targeted Android devices and displayed fake security alerts in an effort to get the victim to buy an app to remove the fake threats.
The Biggest Mobile Malware Threats of 2019
1) Backdoor Families
Distributed through the Google Play store as trojanized apps hidden within games or customization tools, this Android-based collection of malware targets North American users. Attacks begin with an SMS notification about incoming voicemail, and the message includes a link to a voice-player app; clicking the link installs a fake application. Upon realizing that the app does not function, users then attempt to remove the app. However, even when the icon disappears the app continues to run in the background, redirecting network traffic through an encrypted tunnel to a third-party server (most likely to use the traffic for ad click fraud, distributed denial of service attacks, or to send phishing emails).
2) Mobile Miners
Mobile devices are easy to infect, ubiquitous, and equipped with ever more powerful processing powers, making them an effective tool for cryptocurrency mining. And while miners are typically easy to detect (the load they generate is easily detectable by the user), many of these new attacks are equipped with sophisticated anti-removal mechanisms. Distribution occurs via the usual spam email or SMS message.
Kaspersky Labs noted a 5x increase in attacks using mobile miner trojans in 2018.
3) Fake Applications
Statista estimates that there will be 258.2 billion app downloads per year by 2022; and faking those apps has become big business. Fake Apps is a general category of malware that convincingly mimics popular apps, often using the same images, music and load screens as the legitimate app. However, once installed the fake app asks the user for mobile verification and directs them to a link with instructions on how to unlock features. The provided link will either:
- Redirect the user back to the Google Play store to get the user to attempt another install (boosting download revenue), or;
- Download other malicious apps like spyware or mobile miners.
Fake Apps are and will be one of the most effective methods to trick users into installing suspicious and malicious applications in Android.
Vice President & Generam Manager, Mobile & ISP Solutions, McAfee
4) Banking Trojans
As consumers embrace the convenience of mobile banking and mobile payments, threats targeting finance applications are increasing. Often, banking trojans are disguised as Fake Apps and use an overlay to capture user credentials or hidden code to log keystrokes and obtain username/password information. And while security for banking apps is usually the most advanced, the revenue that can be generated is so substantial that cybercriminals will continue searching for exploits.
Best Practices for Avoiding Mobile Malware
The simplest recommendation for avoiding mobile malware is to just maintain diligence when installing apps or clicking on links, but there are a few other suggestions that IT can provide to worker to help them be smarter about securing mobile devices:
- Always use secure WiFi.
- Install antivirus protection.
- Don’t jailbreak or root devices.
- Connect to corporate servers using a reliable mobile VPN (like NetMotion Mobility).