Underestimated threat: Mobile malware

23. January, 2020

Eight out of ten people use smartphones regularly, and the trend is rising. Unfortunately, there is a growing trend in the development and distribution of “mobile malware” as well.

Mobile malware is malicious software specifically designed for mobile devices. Statistics on cybercrime now distinguish between different types of malware: phishing, social engineering, drive-by infection, downloading infected apps or exploiting security holes in mobile platforms are among the typical crimes. Most valuable are often bank and payment data that are either misused themselves or resold. Other variants focus on mobile end devices as simpler gateways to later infect or spy on company networks.

Not without reason the good advice is not to install apps from unofficial or unknown sources. Without independent testing or control, the risk is high. In the official Google or Apple App Stores, applications are subjected to various checks and tests before release. But even these checks are not 100% reliable. Apps with malware repeatedly manage to get into the official stores and sometimes spread widely.

Different strategies to deceive users

In order to deceive users after the automatic security checks, various strategies have been developed. According to an analysis by security researcher Lukas Stefanko from September 2019[1] on identified malware, these variants are most often found in the Google Play Store:

  • Adware

    Unwanted pop-up ads earn the attacker commission.

  • Subscription Scam / Fleeceware

    Apps that without permission charge much too high amounts, also as recurring subscription fees, via the PlayStore.

  • SMS Premium Abo

    Malware that unintentionally takes out a paid SMS subscription.

  • Hidden Apps

    After installation, the app hides itself to avoid uninstallation.

  • Fake App

    Imitated and fake apps that look the same as the original application but contain malware.

In addition to these “Top 5” there are of course other variants. What they all have in common is a significant increase in pests over the last few months – unfortunately despite the increasing countermeasures taken by App Store operators.

Watch out for possible mobile threats

Besides the well-known tips such as regular updates and exclusive use of the official App-Stores, further precautions are highly recommended. Pay attention to which apps you install – especially fake apps look very similar to the originals, but sometimes (sufficient) ratings and downloads are missing. Observe the requested rights of the apps and – just like on the PC – do not open any suspicious emails on your smartphone or tablet. But also SMS and messengers like WhatsApp, Telegram, Snapchat and Co. are misused to send links, malware, spam, phishing or similar.

Additionally, security apps help to protect your data and devices. Also, pay attention to name and logo and a well-known developer! A test virus can help to test the functionality of your security app.

Link:

Mobile Security: Keep the control of your data on the smartphone


[1] https://lukasstefanko.com/2019/10/android-security-monthly-recap-9.html

Bedrohung
Indicators of Attack
Gefahren durch vertrauenswürdige Services
Threat Intelligence
SQL Injection
SMTP Smuggling
Cyber-Risiken in der Ferienzeit
passkey
Dynamische Cybersicherheit
NIS2
Harmony Mobile by Check Point
EU Machinery Regulation
Sergejs Harlamovs, Malware-Analyst bei IKARUS

Plugin IdaClu accelerates malware analysis

IdaClu: IKARUS malware analyst Sergejs Harlamovs wins Hex-Rays plugin contest
NIS2
Infostealer
Cybercrime

WE ARE LOOKING FORWARD TO HEARING FROM YOU!

IKARUS Security Software GmbH Blechturmgasse 11
1050 Vienna

Phone: +43 (0) 1 58995-0
Sales Hotline:
+43 (0) 1 58995-500

SUPPORT HOTLINE

Support hotline:
+43 (0) 1 58995-400

Support hours:
Mon – Thu: 8am – 5pm
Fri: 8am – 3pm

Remote maintenance software:
AnyDesk Download