With the advent of the smartphone and affordable high-speed mobile internet connection, more people worldwide are using mobile devices for web browsing and computing. As per estimates, mobile accounts for more than 50 per cent of internet traffic worldwide, making it a lucrative attack surface for cybercriminals.
Types ofMobile-based Malware
1. Adware -Mobile adware is unwanted software designed to serve advertisements on your device. Some Adware also tracks user behaviour.
2. Crypto currency Mining Malware - This type of malware uses device resources to perform complex calculations needed to generate cryptocurrency (crypto jacking).
3. Remote Access Tools - These tools are used to access the device remotely and have complete control of the device like installed applications, call history, address books, web browsing history, SMS etc.
4. Mobile Banking Trojan - These types of malware look like legitimate banking apps but aim to steal financial credentials and data on a targeted host.
5. SMS Trojan - These Trojans use the SMS of a mobile device to send and intercept messages. The user is usually unaware of the behaviour.
6. Mobile Spyware -A mobile spyware is a type of malware that records the action of users using mobile resources without the user's knowledge.
7. Mobile Ransomware- These types of malware lock your mobile devices, make files on the device in accessible or encrypts them unless a ransom is paid to the attacker.
Methods of Modern Mobile Malware
1. Fake applications: These are applications in a mobile app store or on websites that entice users into downloading them by using legitimate company names or popular references. Once installed on a mobile device, these fake apps can perform various malicious activities. They can persistently push ads, track and report location and other sensitive information or subscribe users to premium services without consent.
2. On-Device Fraud :On-Device Fraud (ODF) is a new technique in which fraudulent activities are initiated on the victim's device. Trojans like Octo, Tea Bot etc., have been found using ODF. In these cases, the Trojan utilises the device's genuine services; for example, Octo uses Media Projection and Accessibility Service in Android, which gives an attacker remote control over the device, which are then utilised for ODF.
3. Bypassing AppStore Detection : It has been observed that the malware developers have been successfully able to bypass security review protocols designed by Apple and Google to stop malicious apps from being published. "Crypto Rom" app on iOS and the "Color Font" app on Android are recent examples.
4. Fake Calls :Security researchers have recently detected a Trojan that masquerades as a banking app and imitates phone conversations with bank employees. The Trojan takes various permissions at its installation time, viz., access to contacts, microphone & camera, geolocation, call handling, etc. The Trojan uses its own interface to initiate and receive phone calls. Instead of connecting to the actual bank, it connects to the attackers who, under the guise of a bank employee, can try to coax payment data or other confidential information out of the victim.
5. Notification Direct Reply Abuse : Mobile malware like Flu Bot, Shark Bot, Medusa etc., have been found abusing the Direct Notification Feature of Android that allows intercepting and direct reply to push notifications. It could be used to sign fraudulent financial transactions, intercept two-factor authentication codes, and modify push notifications.
6. Domain Generation Algorithm : Like conventional malware, mobile-based malware are also found to use a domain generation algorithm (DGA), which makes detection difficult.
7. Miscellaneous Methods : Mobile-based malware are also using design practices like accessibility engines, infrastructure and C2 protocols that enable them to update their capabilities.
Countermeasures and Best practices for users
1. Keep OS and Apps updated - Users should always check and ensure their mobile devices are running on the latest operating system (Android, iOS etc.). Users should enable auto-updating features for the operating system and mobile applications to get the latest security, privacy and flaw fixes.
2. Use Strong Authentication - Users should use strong login passwords and PINs and use biometric authentication (on supported devices). Also, users recommended to use two-factor authentication for apps that support them.
3. Apply Mobile Application Security Measures - Users are advised below measures for mobile application security.
i. Use only curated app stores (Apple Store, Google Play Store) for downloading mobile applications.
ii. Disable third-party app stores as they can be vectors for spreading malware.
iii. Avoid installing apps from unknown sources
iv. Periodically review mobile apps and delete applications which are not used or not needed.
v. Minimise personally identifiable information (PII) data stored in apps.
vi. Review Permissions required by each application critically and grant only those permissions which are utmost required.
vii. Review location settings and grant location access only when the app is in use.
4. Disable Unneeded Network Radios - Disable radio services like Bluetooth, Wi-Fi, GPS, and NFC when not required. Also, avoid connecting to public Wi-Fi, which is often not secured and can be an attack vector.
5. Install Security Software - Security software (mobile antivirus etc.) protects against malware infection and should be installed from verified vendors/sources.
6. Use Trusted Chargers or PC Cables - A malicious charger or PC can load malware to the smartphone and may take control of them. Users are advised to use the genuine charger and connect cables only to a trusted PC/Laptop for charging or data transfer. Avoid charging your mobile phones at public charging stations (juice jacking).
7. Safe Browsing Practices - Users are advised to follow following safe browsing practices.
i. Never click on links with promises that are too good to be true.
ii. Avoid clicking on web links from unknown sources. Stay away from suspicious websites when browsing because it may lead to malicious websites that can affect the smartphone severely.
iii. Be Careful About Hyperlinks and Ads.
iv. Blocks Pop-up by default and allow them on a need basis carefully. They can be dangerous for your browsing experience because they may contain ads, harmful links, and inappropriate content
8. Avoid jail breaking or rooting your phone- Users should not jailbreak or root their phone to gain access to some applications or services. It makes the phone highly vulnerable to cyber-attacks as all the security of the phone strips away while jail breaking the phone.
9. Backup Data -Users are advised to back up their phone data regularly manually or using automated services. Mobile devices have the option to back up device data to the cloud automatically.
10. Delete Data Before Discarding the Device - Before discarding a device, to ensure data is not misused; it is advised to delete all the data from the mobile device.
11. Use Bot Removal Tool - Users who suspect their smartphones to be infected are advised to visit the "Cyber Swachhta Kendra” websitehttps://www.csk.gov.in/security-tools.html and download free bot removal tools. Users can scan and remove bots from their devices using these tools.