February 15, 2016 By Shaked Vax
Kaushik Srinivas
3 min read

Many customers, IT managers and CIOs still do not recognize mobile malware as an imminent threat. According to a study from Duo Security, one-third of mobile Android users do not use any lock screen passcode on their device, and most do not take any security measures. Additionally, IT managers and CIOs deploy new apps to their customers and employees without building any security measures into them to allow the identification and mitigation of threats.

However, mobile malware has evolved throughout the past several years and now poses elaborate threats. Business Insider noted that it’s now equal in distribution and risk level to PC malware.

Attacking Customers

Cybercriminals utilize mobile malware to attack services customers use to steal their account credentials. This is achieved using malware that either attacks the mobile apps directly to steal information or by overlaying the legitimate mobile app with a fake login screen.

Another vector for attacking customers using mobile malware is by stealing a one-time password (OTP) or one-time codes sent to the customer’s mobile devices as part of two-factor authentication. This is achieved by gaining access to text message content using mobile malware and covertly forwarding it to the cybercriminal, who then uses it to log into the customer’s account and complete a takeover.

Mobile devices also provide a great hiding place for fraudsters. As mobile phones are generally very similar to each other as compared to PCs, fraudsters are using the added anonymity this creates to perform account takeover from mobile devices.

Attacking Employees

While all the aforementioned attack vectors against customers are also valid for stealing employees’ personal information, mobile malware poses a much wider attack threat to enterprises.

Mobile malware can be used to steal much more than employees’ credentials and access the organization’s network. By accessing and stealing the employee’s mobile contacts, emails, calendar information, messages and even location, the mobile malware enables the development of elaborate social engineering attacks against other, more senior employees in the organization. This, in turn, allows the attacker to escalate access gained to the organization’s intellectual property (IP) and resources.

Smartphones include high-sensitivity microphones and high-resolution cameras, and savvy attackers can turn them into advanced spying devices, Gizmodo noted. Mobile malware that provides remote control of a device’s microphone, for example, could lead to recording phone conversations and meetings that discuss sensitive IP, financial or sales information.

Similarly, remote control of the device’s camera gives attackers access to images of meetings, facilities, computer screens, content or even live video streams of sensitive meetings.

Attacking Individuals

Finally, mobile malware has been turned against each one of us as an individual. Individuals may suffer from mobile malware by simple means, such as the malware sending a premium-service SMS or making premium-service phone calls. These hidden malware actions result in inflated mobile bills for an unsuspecting user.

In other cases, individuals suffer much graver consequences. Mobile malware has been wired to take over devices and lock them, demanding a ransom from the device user to regain access to their own device.

Information stolen from personal devices is also used to extort individuals. Attackers threaten to divulge sensitive information or intimate pictures and then demand a ransom to stop the publication of the information.

Fighting Mobile Malware

Mobile threat management (MTM) solutions allow enterprises to detect mobile malware and take remediation actions on affected devices. Enterprise admins can view details of the malware through automatic alerts. Remediation actions could include blocking or selectively wiping a device, or changing policies to create a more restrictive security posture.

MTM integrated with a best-of-breed enterprise mobility management (EMM) suite can manage the entire life cycle of a mobile device, its apps and the data stored on it in order to protect an enterprise’s IP.

More from Endpoint

Unified endpoint management for purpose-based devices

4 min read - As purpose-built devices become increasingly common, the challenges associated with their unique management and security needs are becoming clear. What are purpose-built devices? Most fall under the category of rugged IoT devices typically used outside of an office environment and which often run on a different operating system than typical office devices. Examples include ruggedized tablets and smartphones, handheld scanners and kiosks. Many different industries are utilizing purpose-built devices, including travel and transportation, retail, warehouse and distribution, manufacturing (including automotive)…

Virtual credit card fraud: An old scam reinvented

3 min read - In today's rapidly evolving financial landscape, as banks continue to broaden their range of services and embrace innovative technologies, they find themselves at the forefront of a dual-edged sword. While these advancements promise greater convenience and accessibility for customers, they also inadvertently expose the financial industry to an ever-shifting spectrum of emerging fraud trends. This delicate balance between new offerings and security controls is a key part of the modern banking challenges. In this blog, we explore such an example.…

Endpoint security in the cloud: What you need to know

9 min read - Cloud security is a buzzword in the world of technology these days — but not without good reason. Endpoint security is now one of the major concerns for businesses across the world. With ever-increasing incidents of data thefts and security breaches, it has become essential for companies to use efficient endpoint security for all their endpoints to prevent any loss of data. Security breaches can lead to billions of dollars worth of loss, not to mention the negative press in…

Does your security program suffer from piecemeal detection and response?

4 min read - Piecemeal Detection and Response (PDR) can manifest in various ways. The most common symptoms of PDR include: Multiple security information and event management (SIEM) tools (e.g., one on-premise and one in the cloud) Spending too much time or energy on integrating detection systems An underperforming security orchestration, automation and response (SOAR) system Only capable of taking automated responses on the endpoint Anomaly detection in silos (e.g., network separate from identity) If any of these symptoms resonate with your organization, it's…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today