Mobile malware is a term that some of you may not be familiar with yet, but it is a growing problem that you will be hearing more about. We often get questions like “do I really need to protect my mobile device” or “how would I know if my device has been compromised”. I highly recommend protecting your mobile device in large part because of all the sensitive information on it like photos, contact lists, passwords and bank account information. In fact it is thought that there are as many mobile devices infected as computers now. I’ll cover different ways that you might be able to identify if your device has been infected, other than seeing your bank account disappear!
To better understand how to identify and prevent mobile malware it is best to first understand the goals and objectives of cyber criminals. The vast majority of cyber criminals are financially motivated so they are looking for ways to make money. Some of the common forms of this are sending “premium” texts from your device, stealing data, collecting account passwords, and stealing from your bank accounts. They are also able to generate money by aggressively displaying ads on your device and launching malicious programs from it.stions like “do I really need to protect my mobile device” or “how would I know if my device has been compromised”. I highly recommend protecting your mobile device in large part because of all the sensitive information on it like photos, con tact lists, passwords and bank account information. In fact it is thought that there are as many mobile devices infected as computers now. I’ll cover different ways that you might be able to identify if your device has been infected, other than seeing your bank account disappear!
Of course the cyber criminals are trying to make money, but how are they attacking my smartphone? I’ll give you a brief description of the top mobile threats you might see: phishing, cross-site scripting (XSS), browser exploits, SMS malware and ransomware.
Phishing is the attempt to acquire sensitive information like usernames, passwords, and credit card details by masquerading as a trustworthy entity in an electronic communication (ex – you have a UPS package) and requesting personal info.
Cross-site scripting (XSS) is a vulnerability typically found in Web apps that enables attackers to inject client-side script into Web pages viewed by others and then allows them to bypass access controls.
A browser exploit is a form of malicious code that takes advantages of flaws or vulnerabilities in an operating system or piece of software with the intent to breach browser security and alter the user’s browser settings without their knowledge.
Short Message Service (SMS) malware appears as legit applications, often disguised as porn apps, that once downloaded will send SMS/texts to premium rate numbers.
Ransomware is a type of malware that limits or prevents the user from accessing their system. It requests the user to pay a ransom to gain access to their data and/or systems.
So now that you know what some of the common types of mobile malware are, how can you protect yourself and your customers from them? In addition to backing up the data on your mobile device you should also protect it with an antivirus solution. You should also only download apps from the official Google and Apple stores as the unofficial stores don’t have as rigorous approval procedures for reviewing apps in their stores. I also strongly suggest that people “think before they click”, meaning that if you don’t recognize the sender or something looks fishy just don’t open it.
Very few people have protected their mobile devices and with the amount of mobile malware growing exponentially each year, there is a big opportunity to make available solutions that help keep them safe. Contact us if you would like to hear about the different types of solutions that are available to protect your customers.
