February 23, 2015 By Jaikumar Vijayan 3 min read

It is not just custom mobile malware tools that pose a threat to corporate data on smartphones, tablets and other mobile devices. Commercially available mobile surveillance kits are also giving cybercriminals new ways to perform targeted attacks on mobile devices in the workplace.

Mobile Malware Threat

The kits, many of which are sold for child-monitoring and other surveillance purposes, let attackers take complete remote control of mobile devices and steal sensitive information, log keystrokes, snoop on calls and perform other malicious actions, Lacoon Mobile Security warned in a report released this week.

Lacoon researchers, working in collaboration with their Check Point counterparts, collected data from more than 500,000 Android devices and some 400,000 iOS devices connected to corporate Wi-Fi access points through Check Point firewalls.

The researchers looked specifically for devices connected to corporate Wi-Fi that tried to communicate with remote command-and-control servers. Devices that did so, or attempted to do so, were considered to be infected with a mobile remote-access Trojan (mRAT). To determine the prevalence of mRATs on mobile systems used within enterprises, the security researchers observed traffic through corporate Wi-Fi access points over a period of several months.

Low Infection Rate, High Risk

The study showed about 1,000 mobile devices, or about 0.12 percent of all devices, were observed to be infected with a mRAT. The infection rate for large enterprises in the United States was marginally higher, at 0.21 percent. The countries with the highest rate of mobile malware were Australia, the United States and Mexico. The researchers discovered 18 mobile commercially available surveillance tools that fit the description of a mRAT.

While the number of devices infected with mobile malware was smaller than expected, companies that were infected appear to have been targeted based on the relatively high number of infections within their organizations, the researchers noted. On a global basis, an average of 0.15 percent of mobile devices were found to be infected with a mRAT. However, the number of compromised devices in organizations that were actually infected was 0.31 percent, or double the average rate.

Targeted Attacks

The fact that mobile infections are often clustered and focused on small groups suggests both corporate employees and corporations themselves are being targeted, the Lacoon report said.

What the report showed was that commercial mobile surveillance tools are being used to steal enterprise data. Because these tools enable remote administrative control, they also let intruders track device locations, install keyloggers, take screenshots and gain access to calendar data, corporate email and other content.

In some cases, attackers may need physical access to a device in order to install the malware; in other cases, the malware is delivered via free mobile apps or as embedded links in SMS or email messages.

Enterprise Mobility Concerns

Concerns about malware targeting mobile devices have grown sharply in recent times, fueled largely by threats such as the xSSER mRAT, Masque and WireLurker. While Android continues to be the most targeted mobile operating system environment, attackers have now started to go after iOS devices with malware such as Masque and WireLurker.

The trend is worrisome for enterprises because it shows attackers have started to target mobile devices in a major way. In recent years, a growing number of enterprises have encouraged mobile device use at work because of perceived productivity and operational efficiency benefits.

In many cases, companies that have allowed employees to bring personal devices to work have little control over the devices. Gartner believes such bring-your-own-device (BYOD) work programs greatly exacerbate security risks for companies that don’t manage them well.

“However, in general, IT is catching up to the phenomenon of BYOD,” Gartner notes. The new confidence is a reflection of the growing availability of mature tools and processes for handing the myriad security issues raised by BYOD, the analyst firm says.

Image Source: iStock

More from

What’s behind unchecked CVE proliferation, and what to do about it

4 min read - The volume of Common Vulnerabilities and Exposures (CVEs) has reached staggering levels, placing immense pressure on organizations' cyber defenses. According to SecurityScorecard, there were 29,000 vulnerabilities recorded in 2023, and by mid-2024, nearly 27,500 had already been identified.Meanwhile, Coalition's 2024 Cyber Threat Index forecasts that the total number of CVEs for 2024 will hit 34,888—a 25% increase compared to the previous year. This upward trend presents a significant challenge for organizations trying to manage vulnerabilities and mitigate potential exploits.What’s behind…

Quishing: A growing threat hiding in plain sight

4 min read - Our mobile devices go everywhere we go, and we can use them for almost anything. For businesses, the accessibility of mobile devices has also made it easier to create more interactive ways to introduce new products and services while improving user experiences across different industries. Quick-response (QR) codes are a good example of this in action and help mobile devices quickly navigate to web pages or install new software by simply scanning an image.However, legitimate organizations aren’t the only ones…

Cybersecurity Awareness Month: 5 new AI skills cyber pros need

4 min read - The rapid integration of artificial intelligence (AI) across industries, including cybersecurity, has sparked a sense of urgency among professionals. As organizations increasingly adopt AI tools to bolster security defenses, cyber professionals now face a pivotal question: What new skills do I need to stay relevant?October is Cybersecurity Awareness Month, which makes it the perfect time to address this pressing issue. With AI transforming threat detection, prevention and response, what better moment to explore the essential skills professionals might require?Whether you're…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today