Mobile Malware: Threats and Solutions
As users have increasingly moved from desktop operating systems to mobile devices as their primary form of computing, cyber attackers have taken notice and malware has followed. While the total volume of mobile malware is a fraction of that created for desktops, it is nonetheless a growing security concern, as more and more high-value and sensitive tasks are performed on mobile devices.
Mobile malware statistics
McAfee recently published a report stating that mobile malware infections in the fourth quarter of 2020 surpassed 40 million after steadily climbing earlier in the year. More than 3 million of those attacks represented new types of malware.
Check Point published mobile security research showing that 46% of respondents experienced employees downloading at least one malicious app during 2020. Another finding was that 97% of organizations dealt with mobile threats that used various attack vectors.
Types of mobile malware
There are several different forms of mobile malware, including some that specifically target handheld gadgets.
- Adware: Though not all security professionals consider adware malicious, this threat category presents users with unwanted advertisements and may track their activities without consent. Security researchers at Kaspersky determined that it accounted for 61.43% of mobile malware detected in Q1 2021.
- Trojans: As is the case on desktop, trojans provide a backdoor, enabling an attacker to execute code or control a device remotely. One such Android malware type identified in early 2021 can gather and exfiltrate data ranging from phone contacts to text messages and browser data while remaining hidden from users.
- Keyloggers: Keyloggers, which also sometimes include screenscrapers, sit on a user’s device, logging all keystrokes in an attempt to find valuable information.
- Bank trojans: This type of malware is particularly attractive to mobile attackers, as it combines a trojan with a keylogger. In March 2021, security researchers detected a new bank trojan they named Vultur. The team confirmed it has keylogging and screen-recording capabilities.
- Ransomware: Though not nearly as common as it is on the desktop, ransomware is a type of malware that will encrypt a user’s data and hold it for “ransom” until the attacker is paid.
How mobile malware infects users
There are a variety of mechanisms by which different forms of mobile malware infect and exploit mobile devices.
- Attacking known vulnerabilities: This is perhaps the most obvious form of attack, when attackers simply go after known issues. The challenge is that not all users can update their mobile operating systems as quickly as attackers put out mobile malware.
- Permissions abuse: Different forms of malware (often adware) can get on mobile devices when applications are granted unnecessarily high permission levels. One recent investigation of the top 1,020 Google Play Store apps found that many asked for potentially dangerous permissions. For example, 77% wanted to read external storage.
- Malware preinstalled on phones: Some mobile malware comes on phones out of the box. One report warned how this problem often affects developing nations and residents who use low-end devices. It also recently cropped up in the German market when new phones included mobile malware that could send malicious WhatsApp messages.
- Distribution through app stores: The vast majority of malware and malware-integrated apps come from third-party app stores. A 2020 report found that the Xiaomi app store was the most likely place to come across dangerous mobile apps. More well-known sites — such as Apple’s App Store and the Google Play Store — have stringent quality controls, and are less frequently impacted.
Mobile attacks beyond malware
While malware can often be a payload in a mobile attack, non-malware-based attacks often hit mobile users.
- Authentication attacks: Many different types of authentication attacks aim to steal user credentials or trick users into inputting their credentials into a fraudulent web page or app.
- Man-in-the-middle (MiTM): In a MiTM attack, the data stream from the app to the back-end web service is not properly configured for encryption, enabling an attacker to potentially intercept mobile traffic. This type of attack can occur in a Wi-Fi hotspot, for example.
Creating a mobile device policy
There are several different ways to keep mobile devices and users safe from mobile malware. For organizations, the best approaches often involve implementing a formal Bring Your Own Device (BYOD) or Enterprise Mobility Management (EMM) system.
When employers review BYOD device policies with their workforces, the coverage should explain how these devices and their content could pose dangers to a workplace network. Employee awareness helps minimize possible malware infections, whether workers clock in from an employer’s office or at home.
Educating employees on mobile threats
There are a few key things employees need to be understood when it comes to mobile malware. Following cybersecurity best practices is a business necessity since it reflects positively on companies and could lead to new customers.
Additionally, while it is possible to become infected with malware via the authorized, official Apple App Store or Google Play, it is significantly less likely. Users can also take precautionary measures to further reduce the risk. Jailbroken or rooted phones and getting software from unknown third-party sources is typically how most mobile malware exploits users.
It’s also useful to tell employees how certain industries may be more at risk for mobile malware than others. A 2020 report showed how three out of four phishing attempts targeting pharmaceutical employees also delivered malware to victims. Additionally, of those attacks, 35% tried to steal credentials.
Keeping your network safe from mobile malware
Mobile trojans can be used in some cases to create a zombie botnet that will attack a local network. Just like any other device connected to the network, mobile devices should always be monitored and logged for potentially malicious activities.
Beyond just monitoring, the implementation of a Network Access Control (NAC) solution that provides both pre-admission and post-admission monitoring of activity is recommended.
Mobile malware solutions
Unlike desktop software, which can come from any source, the default (and recommended) method to acquire mobile software is via an authorized app store. Both Apple and Google scan all applications in their respective app stores to detect any potentially malicious apps. Going a step further, Google Play Protect is a feature that periodically checks users’ phones for malware and alerts them.
Mobile malware solutions, much like their desktop counterparts, do anti-virus and anti-spyware/adware scanning. Some provide additional scanning to prevent or limit the risk of phishing, and some provide permissions warnings when an app is attempting to do something that requires more permissions than it should.
Article adapted from: Mobile Malware: Threats and Solutions | eSecurityPlanet