- August 17, 2020
- Tags:
Mobile devices have become a rapidly growing threat vector for cyberattacks due to the ever-increasing dependency of users, thus making mobile devices a path of least resistance. Malware (ransomware, spyware, adware, and Trojans) can enter devices through several means, and must be tackled using both technical and administrative countermeasures.
Mobile malware is any malicious software (‘Mal’ icious + soft ‘ware’) that infects a mobile device. Mobile devices still have a high chance of being affected by different kinds of malware, even as traditional viruses can generally not be found on them.
As people shift to using more mobile devices than desktop operating systems, adversaries are increasingly focusing their attention on them too. For example, around 3.5 million malicious mobile app packages were installed by users in 2019. The year also saw the creation of 69,777 brand-new mobile banking trojans and 68,362 mobile ransomware Trojans.
How Does Malware Enter Mobile Devices?
Mobile malware tends to pose a high amount of threats because users often do not pay enough attention to Mobile Security. The threat of mobile malware is even more severe to organizations that have a Bring Your Own Device (BYOD) Policy.
Malware can infect a mobile system in several ways, including:
-
- Malicious App Downloads – Some developers may be using compromised development tools, and some apps such as InstaAgent may be outright malware. Pirated content can also introduce malware.
- Operating System Vulnerabilities – Mobile devices that are not updated regularly can become victims of attacks that OS exploit vulnerabilities. Compromised browsers with exploits can also lead to the installation of malware.
- Malicious Emails – Clicking on malicious email links or attachments can automatically download and install malware on a mobile device
- Compromised Wi-Fi/URLs – Accessing Insecure websites can expose a user’s information and make them susceptible to different man-in-the-middle attacks.
- Vishing and SMShing – Voice messages or SMS that appear to be from legitimate sources can compromise user data if the user provides the data to the adversary.
Android or iOS Mobile Device – Which is More Secure?
Generally, Android devices are more targeted by malware due to their widespread usage and a large number of manufacturers. Android also relies on open source code which allows owners to experiment with the software. This act of experimentation then leaves them open to vulnerabilities.
As iOS is a closed operating system, owners of Apple devices cannot modify the code on them. This when considered makes it more secure than Android.
Tips to protect your mobile device from malware
Users can follow these simple steps to secure their mobile devices from malware:
- Avoid Jailbreaking/Rooting: while gaining root access may offer greater functionality, doing so nulls warranty and removes built-in security measures.
- Use a VPN: VPNs help users share information securely when connected to public Wi-Fi networks.
- Download Apps from Official App Store: apps from unofficial sources are more likely to introduce malware to devices.
- Encrypt Your Data: users who store sensitive data on their mobile devices must encrypt it.
- Update Regularly: it is prudent to perform regular updates on mobile devices to make use of patches to bugs and vulnerabilities
Emerging Threats: Chip Flaw Detected on Android Devices
Very recently, a new mobile chip vulnerability that adversaries could exploit to plant malware on the handsets and steal private information was discovered in Android Devices.
This vulnerability targets a device chip model manufactured by the semiconductor giant – Qualcomm – a major supplier in the mobile industry.
Although this supply chain method of attack is prevalent amongst mobile device chip manufacturers, mobile device hardware and software makers roll out patches and updates on a regular basis to help users counteract the effects of malwares.
Therefore, it is imperative for users to remain up-to-date with released patches as much as possible.
Conclusion
As adversaries increasingly target mobile devices with malware, individuals and organizations need to take mobile devices security as seriously as that of any other platform. GoldSky Security has best-in-class anti-malware solutions to help protect your sensitive and confidential information.