On March 5 2019, Kaspersky Lab published an article discussing the top mobile malware attack methods in 2018. Much to their chagrin, they found the total number of attacks roughly double in the space of a year alone!
Let’s look at the most-used attack methods of 2018 and how to protect yourself from this new wave of digital threats.
1. Trojan Droppers
Trojan droppers are a strange beast, as they themselves don’t do any direct harm. Instead, they’re designed to be a payload for a nastier piece of kit. They masquerade as a beneficial app or program, then slip malware onto your phone after being installed.
Sometimes, they either download or unpack a piece malware, install it, then immediately delete themselves to avoid suspicion. They might also bury themselves deeper, continuing to infect the system after the user has deleted the main malware.
Either way, a Trojan dropper’s main goal is to be the transport for something far nastier. Malware authors like them because they add an extra layer of protection around the malware they want to spread.
How to Fight This Threat
Trojan droppers sound complicated, but they still follow the same rules as most malware; they have to be downloaded onto your system before they can infect anything. As such, the general rules for avoiding file-based malware applies here.
Don’t download any suspicious files from shady sites or emails. Be careful with what free apps you download, even ones from the official app store. Be sure to grab a good mobile antivirus to catch out a Trojan dropper when it tries to deliver its payload.
2. Banking SMS Malware
If a hacker has your bank account details, but you’ve set up an SMS two-factor authentication (2FA) guard on your phone, the hacker won’t be able to get in without the code. That’s why hackers are turning to malware that reads SMS messages on the victim’s phone.
When they go to log into the victim’s bank account, the malware reads the SMS code that is sent to their phone. This gives the hacker all the information they need to log into their account.
In order to do its job, this malware has to get permission to read SMS messages. As a result, they often masquerade as messenger apps like WhatsApp. When they ask for the SMS permissions, the user believes it’s simply part of the messaging services and gives it free rein.
Hackers have since upgraded their attacks to take advantage of the new accessibility services that Android provides. In order to help those who have trouble reading screens, the accessibility service can read out SMS 2FA codes to the user.
As such, malware can target this service and read what is sent. When the user receives a 2FA code, the malware reads the code and sends the information back to the malware author.
We talked about some reasons to ditch SMS 2FA authentication in our guide to why SMS 2FA is not as secure as most people think.
How to Fight This Threat
Be very careful with apps that ask for messaging or accessibility services permissions. Banking malware needs this to read SMS messages, and denying them this should keep your account safe.
When you’re installing a messenger app, always make sure it’s from a legitimate source. Scammers will often upload fake apps to try to catch people out, so always make sure you’re getting the real deal!
3. Malvertising and Adware
Unlike other strains of money-making malware, adware doesn’t target the user’s bank account. It instead tries to harvest advertisement revenue through ad interaction, and is usually delivers via an infected app.
Advertisements don’t pay a lot per click, however, so adware authors have to flood their victims with adverts to turn a good profit! This makes infection very obvious, as the user will have to fight past ads to use their phone.
Unfortunately, if the adware developer has been clever, they’ll ensure ads appear outside of the infected app. This can make it hard for a user to figure out which app is delivering ads to the user.
How to Fight This Threat
Be careful what apps you install and only download apps from official sources. If you do notice stray advertisements popping up on your phone, think back to any apps you’ve installed recently and delete them ASAP. Then, grab an antivirus to clean up anything that remains.
Some strains of adware can wait a bit before displaying advertisements. This is done to take heat off of the app that infected your phone in the first place. As such, it may not always be the most recent app you downloaded that’s infected with adware!
4. Miner Trojans
2018 was a very bad year for avoiding miner Trojans—it saw a five-fold spike in the year alone! This is a symptom of malware authors moving away from malware that simply bricks devices and moving more toward money-machine schemes.
Miner Trojans perform what’s called “cryptojacking,” where a malicious agent hijacks your device’s processor in order to mine cryptocurrency at your expense.
The current rate of development in smartphones makes miner Trojans a good choice for malware developers. Phones are getting increasingly more powerful, which in turn makes a mining attack more profitable.
Given the high adoption rate of phones in modern society, miner Trojan authors also have a swathe of potential zombies for their miner horde.
Fortunately, it’s very easy to spot when a miner Trojan is working away on your phone, as the entire system will slow down. As such, miner Trojan authors are working on making their software more resistant to removal.
How to Fight This Threat
If you notice your phone comes to a crawl when you’re using it, there’s a chance a miner Trojan is sapping your processing power. Be sure to run an antivirus scan to see if you can remove it.
Not all phone slowness is a symptom of a miner Trojan, though! It may be that you’re running too many apps, or your phone is low on memory. If the virus scan comes back clean, perhaps try cleaning up some apps to see if it helps.
5. Riskware
We also saw a rise in Riskware in 2018. Riskware is the odd one out in this collection of culprits, as it’s not specifically designed to be malicious. It’s the name given to apps that perform unsafe, exploitable practices, even if the developers have no intent of harming their users.
In 2018, we saw a rise of riskware that handled in-app purchases. Usually, when a user performs an in-app purchase on an Android or iOS device, the payment is handled by the official store service. This then passes through Google/Apple, who can keep track of every purchase made.
While this official store functionality is great for users, it can be tricky for developers to set up. Novice developers sometimes resort to using a riskware-based system which sends a confirmation SMS message to the developer when a user makes an in-app purchase. This is easier to code, as it skips the need to use the official store service.
Unfortunately, this SMS system means the developer is in total control of the purchase. They may decide against giving the user their paid content, and there’s not much the user can do in response. Google/Apple can’t help, as the purchase didn’t go through their system.
How to Fight This Threat
Be very cautious of software which doesn’t want to do things by the book. If an app doesn’t use the official means of billing you for in-app purchases, stay well away! Always perform purchases through the official channels, which gives you a proof of purchase if the developer fails to provide.
Ransomware Is on the Decline
Despite the fact that banking SMS attacks are on the rise, ransomware is on the decline. This is an odd trend, as ransomware is a good way for a malware author to make money. We talked about how ransomware authors can make a killing in our guide to ransomware-as-a-service.
So, why are malware authors shying away from this lucrative opportunity? It may be due to several reasons.
- Users are learning about the threat of ransomware and are opting to defeat it without paying. We’ve seen services and advice pop up over the years to help users get out of ransomware without paying the ransom.
- Infecting people at random means the malware authors will sometimes infect people who can’t pay the demands they ask for.
- Mobile phones typically store less important data on them, which makes unlocking the phone less of a concern.
Staying Safe From Malware
2018 saw a nasty spike in mobile malware. By keeping safe with your mobile usage, you can help defend yourself against these threats.
Fancy taking the fight to the malware? Read our guide to enhancing your mobile security.
Read the full article: 5 Mobile Security Risks That Could Spoil Your Fun in 2019
Read Full Article
No comments:
Post a Comment