February 23, 2015 By Jaikumar Vijayan 3 min read

It is not just custom mobile malware tools that pose a threat to corporate data on smartphones, tablets and other mobile devices. Commercially available mobile surveillance kits are also giving cybercriminals new ways to perform targeted attacks on mobile devices in the workplace.

Mobile Malware Threat

The kits, many of which are sold for child-monitoring and other surveillance purposes, let attackers take complete remote control of mobile devices and steal sensitive information, log keystrokes, snoop on calls and perform other malicious actions, Lacoon Mobile Security warned in a report released this week.

Lacoon researchers, working in collaboration with their Check Point counterparts, collected data from more than 500,000 Android devices and some 400,000 iOS devices connected to corporate Wi-Fi access points through Check Point firewalls.

The researchers looked specifically for devices connected to corporate Wi-Fi that tried to communicate with remote command-and-control servers. Devices that did so, or attempted to do so, were considered to be infected with a mobile remote-access Trojan (mRAT). To determine the prevalence of mRATs on mobile systems used within enterprises, the security researchers observed traffic through corporate Wi-Fi access points over a period of several months.

Low Infection Rate, High Risk

The study showed about 1,000 mobile devices, or about 0.12 percent of all devices, were observed to be infected with a mRAT. The infection rate for large enterprises in the United States was marginally higher, at 0.21 percent. The countries with the highest rate of mobile malware were Australia, the United States and Mexico. The researchers discovered 18 mobile commercially available surveillance tools that fit the description of a mRAT.

While the number of devices infected with mobile malware was smaller than expected, companies that were infected appear to have been targeted based on the relatively high number of infections within their organizations, the researchers noted. On a global basis, an average of 0.15 percent of mobile devices were found to be infected with a mRAT. However, the number of compromised devices in organizations that were actually infected was 0.31 percent, or double the average rate.

Targeted Attacks

The fact that mobile infections are often clustered and focused on small groups suggests both corporate employees and corporations themselves are being targeted, the Lacoon report said.

What the report showed was that commercial mobile surveillance tools are being used to steal enterprise data. Because these tools enable remote administrative control, they also let intruders track device locations, install keyloggers, take screenshots and gain access to calendar data, corporate email and other content.

In some cases, attackers may need physical access to a device in order to install the malware; in other cases, the malware is delivered via free mobile apps or as embedded links in SMS or email messages.

Enterprise Mobility Concerns

Concerns about malware targeting mobile devices have grown sharply in recent times, fueled largely by threats such as the xSSER mRAT, Masque and WireLurker. While Android continues to be the most targeted mobile operating system environment, attackers have now started to go after iOS devices with malware such as Masque and WireLurker.

The trend is worrisome for enterprises because it shows attackers have started to target mobile devices in a major way. In recent years, a growing number of enterprises have encouraged mobile device use at work because of perceived productivity and operational efficiency benefits.

In many cases, companies that have allowed employees to bring personal devices to work have little control over the devices. Gartner believes such bring-your-own-device (BYOD) work programs greatly exacerbate security risks for companies that don’t manage them well.

“However, in general, IT is catching up to the phenomenon of BYOD,” Gartner notes. The new confidence is a reflection of the growing availability of mature tools and processes for handing the myriad security issues raised by BYOD, the analyst firm says.

Image Source: iStock

More from

What does resilience in the cyber world look like in 2025 and beyond?

6 min read -  Back in 2021, we ran a series called “A Journey in Organizational Resilience.” These issues of this series remain applicable today and, in many cases, are more important than ever, given the rapid changes of the last few years. But the term "resilience" can be difficult to define, and when we define it, we may limit its scope, missing the big picture.In the age of generative artificial intelligence (gen AI), the prevalence of breach data from infostealers and the near-constant…

Airplane cybersecurity: Past, present, future

4 min read - With most aviation processes now digitized, airlines and the aviation industry as a whole must prioritize cybersecurity. If a cyber criminal launches an attack that affects a system involved in aviation — either an airline’s system or a third-party vendor — the entire process, from safety to passenger comfort, may be impacted.To improve security in the aviation industry, the FAA recently proposed new rules to tighten cybersecurity on airplanes. These rules would “protect the equipment, systems and networks of transport…

Protecting your digital assets from non-human identity attacks

4 min read - Untethered data accessibility and workflow automation are now foundational elements of most digital infrastructures. With the right applications and protocols in place, businesses no longer need to feel restricted by their lack of manpower or technical capabilities — machines are now filling those gaps.The use of non-human identities (NHIs) to power business-critical applications — especially those used in cloud computing environments or when facilitating service-to-service connections — has opened the doors for seamless operational efficiency. Unfortunately, these doors aren’t the…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today