Though it was relatively harmless in terms of the devastation that its modern cousins can wreak, the Cabir worm is regarded as the forerunner of malware in mobile devices. Given its name by Kapersky, the worm spread on mobile devices running the Symbian OS systems via Bluetooth. The worm caused the battery of the phone to drain, due to the constant Bluetooth scanning of the device for other host devices.
Cut to the present day, when mobile malware has dramatically increased, with several malware campaigns causing havoc with mobile devices. These include the 2016 ‘Gooligan’ malware campaign which spread via infected apps and resulted in over a million users’ Google account credentials being stolen. In the same year, the Hummingbad malware campaign infected an estimated 10 million users Android devices to fraudulently generate advertisement revenue via infected apps. The devastation peaked in 2019 when the Agent Smith malware surreptitiously replaced legitimate apps on Android devices with infected versions, without the knowledge of the users, thereby exfiltrating personal data and generating revenue for the attackers.
What it is
Mobile malware is malicious software that is written to specifically target mobile devices like smart phone, tablets and smartwatches. The malware starts mostly by infecting the device before gaining access to connected computer systems, making it potentially more devastating than what the attack initially seems. Arguably however, it is not considered in the same league as malware created for traditional workstations. Yet it is a growing concern considering that the use of handheld devices has grown manifold in the recent decades and is targeted to grow even further. Telenor (1) says that by 2025, the number of cellular IoT subscribers is forecast to grow to 3.74 billion, with GSMA putting the number of 5G connections alone at 1.2 billion by the same year.
Though mobile malware is written specifically for various mobile operating systems and technology, it is observed that 97% (2) of all mobile malware resides on android systems.
Its increasing by the day
Attacks on mobile devices have increased manifold in recent times. A Kapersky study (3) reveals that in just one quarter of 2022, there were no fewer than 5 million cyber attacks on devices protected by their antivirus solutions, via malware, adware and spyware. The study further indicated that mobile banking trojans constituted a large number of mobile device attacks. Cryptomining scams also ranked high on the list of mobile malware attacks, with McAfee putting the number of attacks on mobile devices at 100,000 in the same year. Studies reveal that Android devices are more susceptible than iOS devices. Amongst countries affected by moble malware India tops the list with 28% of the total attacks, with USA a close second with 27%.
Types of mobile malware
The following are the more common types of mobile malware:
Remote Access Trojans (RATs) – intel-gathering malware that gathers sensitive information like call and browsing history, SMS data and the applications that have been installed on the device. Some are known to initiate further damage by enabling the camera on the device and sending messages.
Bank Trojans – financial malware that masquerades as genuine online financial institutional apps accessed by the user. When connected to the computer, the malware gains access to the system files and exfiltrates sensitive data on financial transactions
Ransomware – malware that gains access to the data on the device as a precursor to a ransom demand for the encrypted files. Many of these attacks are known to have been followed by ransom demands in bitcoin
Cryptomining – a highly resource-intensive malware that uses a user’s device to mine cryptocurrency by gaining further access to the victim’s computer with the purpose of using its processing abilities to compute and mine cryptocurrencies freely. The malware is known to usurp the processing power of the device and computer as well, resulting in a drastic draining of battery and slowing down in the computer’s performance.
Mobile Spyware – information-stealing malware that lies concealed in innocuous-looking applications, but once accessed run undetected while stealing account log in information and user activity
Mobile Adware – brute force malware that infects the device via malicious advertising campaigns. The malware is known to infect the core of the device, compelling it download malicious adware
Drive-By Downloads – malware that is hosted by attackers on pre-infected websites that automatically get downloaded to the device when these sites are visited by the user
How does infection take place
It is often said that safe cyber practices can prevent most mobile malware attacks. Having said that, the most common ways in which infection takes place are:
- Downloading infected apps advertently or inadvertently
- Downloading malicious apps that are hidden on genuine apps by attackers lying in wait for unsuspecting victims
- Visiting malicious websites that are infected with malware that downloads on to the device automatically
- Opening spurious email attachments often in the nature of pdf or MS Word files
- Using infected USB drives that carry malware
Two situations known to cause infections are worth mentioning. The first concerns the aggressive role played by the attacker in spoofing sites, and embedding malicious links in mails, SMS, documents etc. The second is the indiscriminate jailbreaking indulged in by users in order as to have unrestricted control over the device’s operating system. This ‘rooting’ of the device bypasses many of the robust protections that the device comes with, leaving it open to malicious attacks by hackers. In a scenario where BOYD devices are encouraged or prevalent, jailbreaking can seriously impact the organization network, leaving it open to data breach.
Best practices to prevent infection
Most of the precautions taken to prevent mobile malware are similar to those exercised in the course of safe cyber hygiene. These include not clicking on attachments, not opening emails from unknown sources, updating applications on a regular basis, using secure wifi connections, and installing a good mobile antivirus solution. To this list, must be added jailbreaking of devices, a common practice especially for Android device users, intent on gaining control over the operating system of devices.
Final words
With mobile devices and apps proliferating, attack vectors for mobile malware are expectedly on the rise. But an alarming thought must be articulated. Unlike most data breaches on computer systems which are carried out on a single victim (and its many stakeholders), mobile malware attacks take the form of campaigns targeting handheld devices, very often insidiously spreading to connected systems, thereby impacting a greater number of victims and causing widespread data breaches.
Clearly not something to be taken lightly.
References:
- https://www.aurorait.com/2023/01/21/5g-and-iot-symbiotically-changing-the-world/
- https://www.forbes.com/sites/gordonkelly/2014/03/24/report-97-of-mobile-malware-is-on-android-this-is-the-easy-way-you-stay-safe/
- https://www.techtarget.com/searchmobilecomputing/definition/mobile-malware
