It is not just custom mobile malware tools that pose a threat to corporate data on smartphones, tablets and other mobile devices. Commercially available mobile surveillance kits are also giving cybercriminals new ways to perform targeted attacks on mobile devices in the workplace.

Mobile Malware Threat

The kits, many of which are sold for child-monitoring and other surveillance purposes, let attackers take complete remote control of mobile devices and steal sensitive information, log keystrokes, snoop on calls and perform other malicious actions, Lacoon Mobile Security warned in a report released this week.

Lacoon researchers, working in collaboration with their Check Point counterparts, collected data from more than 500,000 Android devices and some 400,000 iOS devices connected to corporate Wi-Fi access points through Check Point firewalls.

The researchers looked specifically for devices connected to corporate Wi-Fi that tried to communicate with remote command-and-control servers. Devices that did so, or attempted to do so, were considered to be infected with a mobile remote-access Trojan (mRAT). To determine the prevalence of mRATs on mobile systems used within enterprises, the security researchers observed traffic through corporate Wi-Fi access points over a period of several months.

Low Infection Rate, High Risk

The study showed about 1,000 mobile devices, or about 0.12 percent of all devices, were observed to be infected with a mRAT. The infection rate for large enterprises in the United States was marginally higher, at 0.21 percent. The countries with the highest rate of mobile malware were Australia, the United States and Mexico. The researchers discovered 18 mobile commercially available surveillance tools that fit the description of a mRAT.

While the number of devices infected with mobile malware was smaller than expected, companies that were infected appear to have been targeted based on the relatively high number of infections within their organizations, the researchers noted. On a global basis, an average of 0.15 percent of mobile devices were found to be infected with a mRAT. However, the number of compromised devices in organizations that were actually infected was 0.31 percent, or double the average rate.

Targeted Attacks

The fact that mobile infections are often clustered and focused on small groups suggests both corporate employees and corporations themselves are being targeted, the Lacoon report said.

What the report showed was that commercial mobile surveillance tools are being used to steal enterprise data. Because these tools enable remote administrative control, they also let intruders track device locations, install keyloggers, take screenshots and gain access to calendar data, corporate email and other content.

In some cases, attackers may need physical access to a device in order to install the malware; in other cases, the malware is delivered via free mobile apps or as embedded links in SMS or email messages.

Enterprise Mobility Concerns

Concerns about malware targeting mobile devices have grown sharply in recent times, fueled largely by threats such as the xSSER mRAT, Masque and WireLurker. While Android continues to be the most targeted mobile operating system environment, attackers have now started to go after iOS devices with malware such as Masque and WireLurker.

The trend is worrisome for enterprises because it shows attackers have started to target mobile devices in a major way. In recent years, a growing number of enterprises have encouraged mobile device use at work because of perceived productivity and operational efficiency benefits.

In many cases, companies that have allowed employees to bring personal devices to work have little control over the devices. Gartner believes such bring-your-own-device (BYOD) work programs greatly exacerbate security risks for companies that don’t manage them well.

“However, in general, IT is catching up to the phenomenon of BYOD,” Gartner notes. The new confidence is a reflection of the growing availability of mature tools and processes for handing the myriad security issues raised by BYOD, the analyst firm says.

Image Source: iStock

more from

Controlling the Source: Abusing Source Code Management Systems

For full details on this research, see the X-Force Red whitepaper “Controlling the Source: Abusing Source Code Management Systems”. This material is also being presented at Black Hat USA 2022. Source Code Management (SCM) systems play a vital role within organizations and have been an afterthought in terms of defenses compared to other critical enterprise systems such as Active Directory.…