Security Blog

Smartphones as mobile vulnerabilities: known threats

Smartphones and mobile devices are increasingly being targeted by attackers - and for good reason.

With all its features, the smartphone is a real treasure trove for personal data: It offers everything you need to take over the virtual identity of its potential victims. It is often online and often unprotected. And it is still underestimated.

No blind trust in "trustworthy sources"

Malware expert Sebastian Bachmann has been observing the Android malware market for years: "Malware developers have recognized their opportunities and accordingly invested development work. The malicious functions of the malware haven’t become only more efficient and perfidious, but their propagation and obfuscation tactics have also been optimized.

The traditional tip to install only apps from official stores is still recommendable, but not enough. More and more malware developers managed in recent years to add infected apps on Google Bouncer, the antimalware program of the Google Play Store. So even in legitimate app markets, it's important to keep your eyes open.

Downloads and stars: appearances are deceptive

The fact that high download numbers and many stars are no longer reliable has been known at least since GhostPush. The Trojan made it into the PlayStore in 2016 via several infected apps and founded an advertising botnet with the infected devices: after obtaining root rights, he downloaded further harmful apps - and gave them good ratings on the PlayStore.

Infected apps such as Brain Test, Monkey Test or Time Service, for example, wrongly made a good first impression on potential users. After downloading the apps (and thus a backdoor), the devices were hardly usable due to the large number of downloaded apps, adware and pop-ups and in the worst case, the malware could no longer be eliminated.

Rootkits: deinstallation failed

A particularly unpleasant "side effect" of some sophisticated malware for mobile devices - rootkits on the devices that prevent the complete removal of the malware. "In some cases, resetting the device to factory defaults and, if possible, reinstalling the original firmware will help. Sometimes, however, only a new device can help against the malware," says Sebastian Bachmann.

Recently, there has been a trend towards minimalism in adware. In order for click fraud to remain undetected for as long as possible (and to generate as much money as possible for malware developers), the malicious program Andr/Clickr-ad, which became famous at the end of 2018, interacts with the requested ads only in a hidden browser window. The apps otherwise functioned as described in PlayStore, the only noticeable feature being increased battery and data consumption. The best-known example was Sparkle with more than 1 million downloads.

Interesting detail: Only the Android versions of the apps were affected, but not the iOS versions. Since iPhone clicks often bring more money, however, the Android malware partly pretended to be one of them.

Copycats, free rider apps and fake apps

Especially hyped and popular apps - once Angry Birds, later Pokémon Go, Minecraft or Fortnite - are often accompanied by free-rider apps that look like the original, but are peppered with malware or are used for espionage.

Many of the malware programs found in previous years remind of ransomware: blocking screens sometimes try to block access to the device, while in the background money is still being scammed with advertising clicks. In other cases, the malicious apps frighten users by reporting that the device is infected with malware and could allegedly be cleaned up for a cash payment. Some of the developments are predictable for Android malware expert Bachmann: "One of the reasons why the fake apps worked so well again was that Fortnite wasn't published in Playstore."[1] Of course they were still looking for it - but they found free riders.
Also not entirely new, yet successful enough to be profitable, are specially produced books or audio books published in the Playstore: fans are tempted to buy the rather useless files and possibly also install certain apps.

"Additional payments" for cheap devices

Other fake apps, on the other hand, work with the rights they receive as supposedly trusted applications and spy out user data. For example, those who have access to SMS messages can theoretically also access TANs. In addition to the name, logo and description of an app, the specified authorizations and the name of the developer company of the app should also be checked carefully before downloading it.

If you rely on cheap Android devices, you might get the spies already included: At the end of 2016, infected firmware on Android devices was reported for the first time. The group was still active in 2018: The malware Cosiloon was detected on more than 140 Android devices, although it is still unclear how exactly it got there. As a system app with root rights, the malware has almost every possibility - but apparently the downloaded apps are only used to play advertising.

Tips for safe mobile devices

In addition to the most important security tip - to be informed, attentive and suspicious - we strongly recommend that you secure your mobile devices as naturally as your desktops and laptops with professional antivirus software. IKARUS scans all downloads and updates for infections. In addition, the Security Advisor offers tips for securing the device based on the settings you have made and the Privacy Control feature shows apps that have potentially abusive permissions.

An Android-Test-Virus helps to check and get to know the functions and mode of operation of security apps.


© 2019 IKARUS Security Software GmbH