Mobile Malware Definition
Mobile malware is malicious software specifically designed to target mobile devices, such as smartphones and tablets, with the goal of gaining access to private data.
Although mobile malware is not currently as pervasive as malware that attacks traditional workstations, it’s a growing threat because many companies now allow employees to access corporate networks using their personal devices, potentially bringing unknown threats into the environment.
Types of Mobile Malware
Cybercriminals use various tactics to infect mobile devices. If you’re focused on improving your mobile malware protection, it’s important to understand the different types of mobile malware threats. Here are some of the most common types:
- Remote Access Tools (RATs) offer extensive access to data from infected victim devices and are often used for intelligence collection. RATs can typically access information such as installed applications, call history, address books, web browsing history, and sms data. RATs may also be used to send SMS messages, enable device cameras, and log GPS data.
- Bank trojans are often disguised as legitimate applications and seek to compromise users who conduct their banking business — including money transfers and bill payments — from their mobile devices. This type of trojan aims to steal financial login and password details.
- Ransomware is a type of malware used to lock out a user from their device and demand a “ransom” payment — usually in untraceable Bitcoin. Once the victim pays the ransom, access codes are provided to allow them to unlock their mobile device.
- Cryptomining Malware enables attackers to covertly execute calculations on a victim’s device – allowing them to generate cryptocurrency. Cryptomining is often conducted through Trojan code that is hidden in legitimate-looking apps.
- Advertising Click Fraud is a type of malware that allows an attacker to hijack a device to generate income through fake ad clicks.
Mobile Malware Distribution Methods
The personal devices that employees use for work create unguarded endpoints in the corporate environment. While employees using their own devices can lower costs and improve efficiency and effectiveness, it also creates security concerns for the company network and the data stored on it. One breach through a personal device can potentially lead to widespread infection and a catastrophic large-scale data loss.
There are a few common ways that attackers rely on to distribute to distribute their malicious code:
1. Mobile Phishing and Spoofing
Phishing is the practice of tricking someone into providing their valuable account or personal information – often through spoofing. Spoofing is the practice of disguising electronic communication or websites as a trusted entity of the victim. While spoofing and phishing often go hand in hand, spoofing can be used for other nefarious goals beyond phishing for account information. For example, a spoofed email may try to convince the recipient to click a malicious.
While phishing has traditionally focused on acquiring credentials through email, phishing via sms messages (smshishing) and messaging apps have become much more prevalent. In fact, 57% of organizations have specifically experienced a mobile phishing attack. This shouldn’t be too surprising when you consider the fact that people are 18 times more likely to click a suspicious link on a mobile device then they are on desktop.
One popular method for tricking victims into installing malware is to send them links via an SMS spoof to Android Package (APK) files hosted on attacker-controlled websites. For example, victims might be prompted to click an sms link to a spoofed banking site designed to look trustworthy and convince the victim to “update your banking app”. The update would then install the malicious code, thereby allowing the attacker to gain access and collect credentials.
2. Jailbroken/Rooted Devices
Rooting or jailbreaking a device simply means that you have bypassed the internal protections and have unrestricted control of the operating system. Those who jailbreak their phones often do so to download third-party apps that are not approved by their operating system, or make customizations to their phones that are not possible with the default protections.
While jailbreaking and rooting may open up a world of freedoms and customizations, it also puts devices at a greater risk of a malicious attack. For organizations that operate in a Bring-Your-Own-Device (BYOD) environment, an employee’s jailbroken or rooted device could leave its network unknowingly exposed to a breach.
Visibility into Distribution Methods is Key
Your ability to protect your network from mobile malware relies heavily on your visibility into the distribution methods above. If you can detect jailbroken or rooted devices, and identify devices encountering mobile phishing attempts, you’ll be much more effective at cutting off opportunities for attackers distribute mobile malware.