We live in an age in which mobile technology has forever altered ways of interacting and doing business. In most ways, it has helped open up a new and truly global economy – and made business within that global economy easier and more convenient. However, the emergence of the mobile economy has also opened up new opportunities for the creation and distribution of Malware – and thus new vulnerabilities for mobile business. With the right understanding of these new threats, you and your business can easily avoid these pitfalls.
Mobile malware is software designed to disrupt, damage, or destroy the software and operating systems of mobile devices such as tablets, Smartphone, and others. Mobile malware software is much like the viruses and malware associated with the desktop PC generation – and continuously adapting to a global and mobile world of technology. A lot of malware is designed to disable a device, collect valuable information from the device, or allow a user to control the device remotely for malicious purposes. In this article, we will get knowledge about different types of malware and prevention against them.
Spyware, Adware, and Phishing
There are several types of mobile malware involve in mobile threats like spyware, adware, and phishing. Spyware’s function is to gather personal, sometimes confidential information about a user – often for a third party to use for targeted advertising purposes (hence the term, adware.) This kind of malware will frequently piggyback on an infected app or program the user knowingly or unknowingly installs. They can send information such as browser history, preferences, downloads location, and other habits of the user to deliver ads based on users’ information.
Phishing relates to sending fake emails and lures users to click on the given link in an email. There are other phishing apps out there for the mobile device. Phishing apps feed off the growing popularity of browsing the internet using a mobile device. These sites will fake some kind of service in order to steal user information or to install a “trojanized” app. The phishing technique can be even more successful on the smaller screens of less sophisticated mobile devices than they ever were on desktop computers.
Trojans and Viruses
Another well-known sort of mobile malware is that of Trojans and viruses. Often, these will also attach themselves to legitimate apps, and use the app to install them and do harm to the user device. This can include sending unauthorized texts, hijacking the browser, capturing login information – even for things like banking.
On other end, viruses can install on a device in a variety of ways, and cause various kinds of behavior that can be merely annoying, or very destructive. Recently, security researchers have discovered a sophisticated virus, with a multi-phase attack called Trojan.Droidpack. This virus infects android devices which are connected to previously infected PCs. Researchers at Symantec have noted that this is now a sophisticated threat aimed at Android users. Specifically, they note that they have seen viruses infect a computer by way of a mobile device, but until now, not the other way around. The app has the capability of posing as a Google app and redirecting information and data into the hands of cyber criminals. This is a prime example of the ever-evolving levels of complexity and sophistication present in the world of malware. Security measures must rise to face this challenge.
Other known Trojans include:
- DroidDream: DroidDream was discovered in early 2011, hidden in Android’s own App Market, infecting more than 50 apps plus third party apps – uploaded by cyber criminals along with the DroidDream malware. Once installed DroidDream collects information about SIM cards (IMEI, IMSI, Device model, SDK version)and sends sensitive information to command and control server.
- DroidKungFu: This Trojan was found in the Chinese app market. The Trojan steals and sells data (IMEI, device model, network operator, OS, SD card information and phone memory information) by finding vulnerabilities in the phone, tablet. It is sneakier than DroidDream in that it asks the user for less permission, arousing less suspicion.
- Fakeneflic: is a malware version of the Netflix app for Android – and of course, steals login data for Netflix accounts. This malware asks for permissions similar as to Netflix app at the time of installation. This fake app is a login screen that captures users’ login information and sends to the server. This malware would crash systems when the user logs in, stealing any account login data in the process.
- GGTrackerMalware: This fake app fools users by enticing them to click on “Battery Saver” app. This app specifically targeted American users, signing them up for a premium SMS subscription that contributes extra charges on users’ phone bill– without consent – the web criminals pocketing any charges.
- Nickispy steals location information from infected Android phones, and also records phone calls and text messages and sends the data to a remote site. The app allows an attacker to snoop on innocent victims; some Chinese app stores market this as an ‘adultery trackers’.
Protecting Against Attack
A number of simple steps can be taken to a secure your mobile device.
- Check into what apps and processes are running and delete anything suspicious. If you are unsure, look for information. If this is happening, you may first notice decreased battery life because of running extra processes, or possibly an increase in data use depending on the behavior of the background process. Deleting unnecessary or suspicious apps, keeps device in sound condition. Moreover, updating apps can also help to keep your apps advanced and secured, since much of this malware takes advantage of vulnerabilities in the software.
- Keep a close watch on the bill for the device, as the spike in the bill shows indication about malware presence. Some malware will use your phone to send premium rate texts, which can charge a significant amount of money.
- In the case of Android devices, install anti-virus application. Just like a desktop computer, anti-virus software is a good place to start. Nonetheless, because of the evolving nature of malware, no software like this will ever be a 100 percent guarantee. MacAfee is a popular choice for Android devices. Apple users do not have this option and must rely on Apple’s in-house security measures.
- Check the settings on your tablet or Smartphone. Make sure your device is auto-lock and password protected. There should be a setting that allows your device to filter downloads from non-trusted sources. Additionally, your phone should already let you know of any downloads at all, so you will be aware of suspicious activity.
- Click only trusted links when browsing the web on your device. A malicious website can install malware on your device. Even more importantly, only download from trusted sources. Read the ratings, and reviews that may be available.
- Enable data encryption in security settings. SSL makes it much tougher to capture data from your device. SSL certificate can be helpful in encrypting your data.
- Use secure Wi-Fi networks for things like banking or shopping online. Free public Wi-Fi seems danger as hackers can take advantage of unsecured hotspot. Use VPN that can encrypt outgoing data. A Wi-Fi protector can also help with these types of networks.
- Create back-ups: Hackers are always trying to alter your data so always create backup of your restrain the event that it is stolen, interfered with, or destroyed by malware.
- Do not save passwords or use apps that save passwords on an Android device. Especially when using banking, shopping, or other payment applications. Many browsers pop up screen to save password for future use when you browse any banking or online shopping sites. In that case, do not click on “save password”.
The advent of convenient mobile computing has certainly opened up new vulnerabilities for users – but with knowledge and preparation, those vulnerabilities can be at least guarded, if not entirely protected. Some of these security measures are basic and easy to implement. Many involve simply not doing the wrong thing, like clicking on suspicious links when using your mobile device. However, as malware evolves to be even harder to detect and avoid, property security practices require a degree of research and preparation. When these steps are taken, mobile computing has the potential to be as secure as desktop computing ever was.