February 23, 2015 By Jaikumar Vijayan 3 min read

It is not just custom mobile malware tools that pose a threat to corporate data on smartphones, tablets and other mobile devices. Commercially available mobile surveillance kits are also giving cybercriminals new ways to perform targeted attacks on mobile devices in the workplace.

Mobile Malware Threat

The kits, many of which are sold for child-monitoring and other surveillance purposes, let attackers take complete remote control of mobile devices and steal sensitive information, log keystrokes, snoop on calls and perform other malicious actions, Lacoon Mobile Security warned in a report released this week.

Lacoon researchers, working in collaboration with their Check Point counterparts, collected data from more than 500,000 Android devices and some 400,000 iOS devices connected to corporate Wi-Fi access points through Check Point firewalls.

The researchers looked specifically for devices connected to corporate Wi-Fi that tried to communicate with remote command-and-control servers. Devices that did so, or attempted to do so, were considered to be infected with a mobile remote-access Trojan (mRAT). To determine the prevalence of mRATs on mobile systems used within enterprises, the security researchers observed traffic through corporate Wi-Fi access points over a period of several months.

Low Infection Rate, High Risk

The study showed about 1,000 mobile devices, or about 0.12 percent of all devices, were observed to be infected with a mRAT. The infection rate for large enterprises in the United States was marginally higher, at 0.21 percent. The countries with the highest rate of mobile malware were Australia, the United States and Mexico. The researchers discovered 18 mobile commercially available surveillance tools that fit the description of a mRAT.

While the number of devices infected with mobile malware was smaller than expected, companies that were infected appear to have been targeted based on the relatively high number of infections within their organizations, the researchers noted. On a global basis, an average of 0.15 percent of mobile devices were found to be infected with a mRAT. However, the number of compromised devices in organizations that were actually infected was 0.31 percent, or double the average rate.

Targeted Attacks

The fact that mobile infections are often clustered and focused on small groups suggests both corporate employees and corporations themselves are being targeted, the Lacoon report said.

What the report showed was that commercial mobile surveillance tools are being used to steal enterprise data. Because these tools enable remote administrative control, they also let intruders track device locations, install keyloggers, take screenshots and gain access to calendar data, corporate email and other content.

In some cases, attackers may need physical access to a device in order to install the malware; in other cases, the malware is delivered via free mobile apps or as embedded links in SMS or email messages.

Enterprise Mobility Concerns

Concerns about malware targeting mobile devices have grown sharply in recent times, fueled largely by threats such as the xSSER mRAT, Masque and WireLurker. While Android continues to be the most targeted mobile operating system environment, attackers have now started to go after iOS devices with malware such as Masque and WireLurker.

The trend is worrisome for enterprises because it shows attackers have started to target mobile devices in a major way. In recent years, a growing number of enterprises have encouraged mobile device use at work because of perceived productivity and operational efficiency benefits.

In many cases, companies that have allowed employees to bring personal devices to work have little control over the devices. Gartner believes such bring-your-own-device (BYOD) work programs greatly exacerbate security risks for companies that don’t manage them well.

“However, in general, IT is catching up to the phenomenon of BYOD,” Gartner notes. The new confidence is a reflection of the growing availability of mature tools and processes for handing the myriad security issues raised by BYOD, the analyst firm says.

Image Source: iStock

More from

When you shouldn’t patch: Managing your risk factors

4 min read - Look at any article with advice about best practices for cybersecurity, and about third or fourth on that list, you’ll find something about applying patches and updates quickly and regularly. Patching for known vulnerabilities is about as standard as it gets for good cybersecurity hygiene, right up there with using multi-factor authentication and thinking before you click on links in emails from unknown senders.So imagine my surprise when attending Qualys QSC24 in San Diego to hear a number of conference…

The straight and narrow — How to keep ML and AI training on track

3 min read - Artificial intelligence (AI) and machine learning (ML) have entered the enterprise environment.According to the IBM AI in Action 2024 Report, two broad groups are onboarding AI: Leaders and learners. Leaders are seeing quantifiable results, with two-thirds reporting 25% (or greater) boosts to revenue growth. Learners, meanwhile, say they're following an AI roadmap (72%), but just 40% say their C-suite fully understands the value of AI investment.One thing they have in common? Challenges with data security. Despite their success with AI…

Reducing ransomware recovery costs in education

4 min read - 2024 continued the trend of ransomware attacks in the education sector making headlines. The year opened with Freehold Township School District in New Jersey canceling classes due to a ransomware attack. Students at New Mexico Highlands University missed classes for several days while employees experienced disruption of their paychecks after a ransomware attack. The attack on the Alabama Department of Education served as a reminder that all school systems are vulnerable.Ransomware attacks in education decreasingThe year closes with some positive news…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today