February 23, 2015 By Jaikumar Vijayan 3 min read

It is not just custom mobile malware tools that pose a threat to corporate data on smartphones, tablets and other mobile devices. Commercially available mobile surveillance kits are also giving cybercriminals new ways to perform targeted attacks on mobile devices in the workplace.

Mobile Malware Threat

The kits, many of which are sold for child-monitoring and other surveillance purposes, let attackers take complete remote control of mobile devices and steal sensitive information, log keystrokes, snoop on calls and perform other malicious actions, Lacoon Mobile Security warned in a report released this week.

Lacoon researchers, working in collaboration with their Check Point counterparts, collected data from more than 500,000 Android devices and some 400,000 iOS devices connected to corporate Wi-Fi access points through Check Point firewalls.

The researchers looked specifically for devices connected to corporate Wi-Fi that tried to communicate with remote command-and-control servers. Devices that did so, or attempted to do so, were considered to be infected with a mobile remote-access Trojan (mRAT). To determine the prevalence of mRATs on mobile systems used within enterprises, the security researchers observed traffic through corporate Wi-Fi access points over a period of several months.

Low Infection Rate, High Risk

The study showed about 1,000 mobile devices, or about 0.12 percent of all devices, were observed to be infected with a mRAT. The infection rate for large enterprises in the United States was marginally higher, at 0.21 percent. The countries with the highest rate of mobile malware were Australia, the United States and Mexico. The researchers discovered 18 mobile commercially available surveillance tools that fit the description of a mRAT.

While the number of devices infected with mobile malware was smaller than expected, companies that were infected appear to have been targeted based on the relatively high number of infections within their organizations, the researchers noted. On a global basis, an average of 0.15 percent of mobile devices were found to be infected with a mRAT. However, the number of compromised devices in organizations that were actually infected was 0.31 percent, or double the average rate.

Targeted Attacks

The fact that mobile infections are often clustered and focused on small groups suggests both corporate employees and corporations themselves are being targeted, the Lacoon report said.

What the report showed was that commercial mobile surveillance tools are being used to steal enterprise data. Because these tools enable remote administrative control, they also let intruders track device locations, install keyloggers, take screenshots and gain access to calendar data, corporate email and other content.

In some cases, attackers may need physical access to a device in order to install the malware; in other cases, the malware is delivered via free mobile apps or as embedded links in SMS or email messages.

Enterprise Mobility Concerns

Concerns about malware targeting mobile devices have grown sharply in recent times, fueled largely by threats such as the xSSER mRAT, Masque and WireLurker. While Android continues to be the most targeted mobile operating system environment, attackers have now started to go after iOS devices with malware such as Masque and WireLurker.

The trend is worrisome for enterprises because it shows attackers have started to target mobile devices in a major way. In recent years, a growing number of enterprises have encouraged mobile device use at work because of perceived productivity and operational efficiency benefits.

In many cases, companies that have allowed employees to bring personal devices to work have little control over the devices. Gartner believes such bring-your-own-device (BYOD) work programs greatly exacerbate security risks for companies that don’t manage them well.

“However, in general, IT is catching up to the phenomenon of BYOD,” Gartner notes. The new confidence is a reflection of the growing availability of mature tools and processes for handing the myriad security issues raised by BYOD, the analyst firm says.

Image Source: iStock

More from

What is the Open-Source Software Security Initiative (OS3I)?

3 min read - The Open-Source Software Security Initiative (OS3I) recently released Securing the Open-Source Software Ecosystem report, which details the members’ current priorities and recommended cybersecurity solutions. The accompanying fact sheet also provides the highlights of the report. The OS3I includes both federal departments and agencies working together to deliver policy solutions to secure and defend the ecosystem. The new initiative is part of the overall National Cybersecurity Strategy.After the Log4Shell vulnerability in 2021, the Biden-Harris administration committed to improving the security of…

Widespread exploitation of recently disclosed Ivanti vulnerabilities

6 min read - IBM X-Force has assisted several organizations in responding to successful compromises involving the Ivanti appliance vulnerabilities disclosed in January 2024. Analysis of these incidents has identified several Ivanti file modifications that align with current public reporting. Additionally, IBM researchers have observed specific attack techniques involving the theft of authentication token data not readily noted in current public sources. The blog details the results of this research to assist organizations in protecting against these threats. Key Findings: IBM research teams have…

X-Force Threat Intelligence Index 2024 reveals stolen credentials as top risk, with AI attacks on the horizon

4 min read - Every year, IBM X-Force analysts assess the data collected across all our security disciplines to create the IBM X-Force Threat Intelligence Index, our annual report that plots changes in the cyber threat landscape to reveal trends and help clients proactively put security measures in place. Among the many noteworthy findings in the 2024 edition of the X-Force report, three major trends stand out that we’re advising security professionals and CISOs to observe: A sharp increase in abuse of valid accounts…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today