Mobile Malware attacks are seeing an exponential increase as more people use their mobile phones for everything from shopping, banking, investing, and anything else that uses your personal financial information. There are over three billion cell phone users worldwide, and of those people, 70% use Android, which has been most vulnerable to these malware attacks.
Malware attacks on mobile devices are carried out by cybercriminals usually through phishing text messages and emails, disguised as legitimate businesses and services in order to coerce the owner of a mobile device to download the malware themselves. Malware can also be found on the Google Play Store disguised as legitimate applications that are in reality just facades for the malware that is downloaded. It is always beneficial to conduct extensive research before downloading any application.
Once the malware is downloaded the mobile device is completely compromised. The cybercriminal can now take full control of the device and all of its data and functions without the user ever knowing, utilizing a number of ways to steal their information including:
Overlays – Templates overlaid on your screen that mimics real websites, often in the form of login screens, to steal your login credentials, and are hard to identify from the real thing.
Key-logging – The act of recording the keys that are triggered on a person's device unbeknownst to the device owner.
Intercept messages – The ability to see messages sent and received from the device, including the ability to bypass two-factor authentication by obtaining the access codes sent by any program used on mobile devices.
Multi-factor authentication is an authentication method that requires the user to provide two or more verification factors to gain access to a resource. If the malware is sophisticated enough they can even duplicate biometrics (face scan, fingerprints, automated recognition)
“Banking Trojans” is a type of malware, acting as a trojan horse in a system, that can utilize these methods to steal financial credentials and potentially drain people's bank accounts if they are mobile banking. Often they will be downloaded through fraudulent financial sites masked as the real thing and can be difficult to tell the difference.
Developers of the malware usually sell the programs for cheap, allowing cybercriminals to utilize the illicit programs in any way they see fit. While there are possibilities for personal motivations, the majority of these criminals are financially motivated.
One of these malware schemes, known as “FluBot”, is a self-propagating information stealer, first discovered in Spain that has victimized tens of thousands of people. Used mainly to steal banking information and also the keys for crypto wallets to drain the cryptocurrency assets, the program takes the contact information of the mobile device and automatically spreads the malware link to those connected to the user. The system acts as a criminal service model where actors for the system are technical, staying behind the scenes while their buyers are the ones using the program for stealing. This makes it difficult to determine the developers of the program who are distributing it. Earlier this year in March, police in Spain arrested four hackers suspected to be behind the massive FluBot scheme who had sent 71,000 messages with malware links using the bank information to make fraudulent money transfers, yet they were only users of the program and not the originators of it.
There are thousands of variants of these mobile malware programs and the numbers of them and their victims only continue to increase.
What can you do to prevent Mobile Malware?
Keep mobile devices updated with the latest patches and firmware.
Don't open emails you don't recognize.
Don't click random links or download anything from sites you don't trust. Always do extensive research before using or downloading anything.
Don't trust pop-up windows that ask you to allow permissions or unexpectedly download files.
How can Rapid Strategy help?
Rapid Strategy aims to partner with you on your journey to provide fast and effective risk reduction strategies and controls in your environment. Rapid Strategy can quickly assess the state of your organization and provide you with strategic and targeted risk-based solutions. Contact us to accelerate your cybersecurity.