Meet Mobile Malware
Mobile malware is a malicious kind of software that hackers use to specifically target and collapse operating systems on smartphones, tablets, and smartwatches in order to steal confidential data.
Generally speaking, mobile devices aren’t as secure as computers. So, it’s not a stretch that the same security measures organizations have in place for workstations and servers don’t extend to mobile devices too. Because of this, mobile devices are often left vulnerable as they’re not protected by tools like firewalls, encryption, or antivirus software.
However, today more than ever, employees may be using BYOD (bring your own device) mobile devices to gain access to sensitive information – putting a company at risk for data theft.
Why Are Mobile Devices So Dangerous?
To many organizations, the rise of mobile devices is a great thing as business can be done quicker, more efficiently, and with less manual paperwork. The downside, however, is malware as hackers are constantly working to steal data from mobile phones, tablets, and more. Similar to malware developed for traditional desktop computing platforms, mobile malware can take a variety of forms depending on capabilities and motivations of the developer and those deploying the malware.
According to the 2021 Mobile Security Report, nearly 97 percent of organizations in 2020 faced mobile threats that used multiple attack vendors. While 46 percent of organizations had at least one employee download a malicious mobile application. The report also revealed that at least 40 percent of the world’s mobile devices today are inherently vulnerable to cyberattacks.
The mobile threat landscape is also not going to be slowing down anytime soon, as according to a new forecast by the International Data Corporation (IDC), the United States mobile worker population will continue to grow at a steady rate over the next four years, increasing from 78.5 million mobile workers in 2020 to 93.5 million in 2024. Furthermore, the report forecasted that mobile workers will account for nearly 60 percent of the total U.S. workforce by the end of 2024.
Types of Mobile Malware
Despite the wide variety of mobile malware, most can be categorized into one of five major types:
1. Remote Access Tools (RATs)
Remote Access Tools (RATs) are the most comprehensive threat to mobile devices due to their broad functionality and extensibility. They typically enable extensive access to data from infected victim devices and are often used for intelligence collection. RATs can typically access information such as installed applications, call history, address books, web browsing history, and SMS data. RATs may also be used to send SMS messages, enable device cameras, and log GPS data.
2. Banking Trojans
Banking trojans are a popular subset of mobile malware that specifically target mobile banking services for financial gain. Bank trojans are often disguised as legitimate applications and seek to compromise users who conduct their banking business — including money transfers and bill payments — from their mobile devices. This type of trojan aims to steal financial login and password details.
3. Mobile Ransomware
Ransomware is a type of malware used to lock out a user from their device and demand a “ransom” payment — typically using an untraceable digital currency. Once the victim pays the ransom, access codes are provided to allow them to unlock their mobile device.
Related Reading: The Evolution of Ransomware
4. Cryptomining Malware
Cryptomining malware enables attackers to covertly execute calculations on a victim’s device – allowing them to generate cryptocurrency. Cryptomining is often conducted through Trojan code that is hidden in legitimate-looking apps.
5. Advertising Click Fraud
Advertising click fraud is a type of malware that allows an attacker to hijack a device to generate income through fake click ads.
How to Protect Against Mobile Malware
While mobile devices are vulnerable to various malware attacks, there are certain security measures you and your organization can take to help avoid them. These include best practices such as:
- Use a virtual private network (VPN). A VPN is a secure “tunnel” that lets you access and share sensitive information securely over a public Wi-Fi network.
- Create a mobile device policy. Whether an employee uses company-owned or a personal mobile device, an organization should commit to a mobile-use policy.
- Download apps from only legitimate sources. Unofficial app stores are more likely to be sources of malware-infected apps.
- Train employees. Employees should know about malware and what steps to take to avoid it.
- Encrypt your data. Make sure to encrypt any sensitive data on a mobile device, therefore your valuable information will remain secure – even if malware gets its hands on it.
- Use a mobile vulnerability scanning device to identify unknown vulnerabilities. You can’t prevent what you aren’t aware of – a vulnerability scanner can make all the difference.
- Regularly update the mobile software and applications to avoid potential vulnerabilities. As companies often release updates on mobile devices that address possible issues, it’s a good idea to update software and hardware regularly.
