User Education Key in Fighting Mobile Malware
Train users to read and heed mobile application permissions, says McAfee Labs.
Hackers employ some pretty sophisticated strategies when it comes to mobile malware. For example, McAfee Labs recently discovered a suspicious Android app on the Google Play app store that automatically downloads, installs and launches other apps without user permission.
Such sophistication is not necessary, however, when so many users continue to expose themselves to compromised applications.
Noting that "some of the most simple steps can go a long way" in preventing mobile malware, Carlos Castillo, senior research architect for McAfee Labs, said many users still do not have an anti-virus solution on their mobile devices even though there are a number of free solutions such as MMS from Intel Security Group.
Beyond anti-virus, Castillo said it is important for IT organizations to educate users on how to read application permissions. Advise users to "treat them like the FDA labeling on food or medicine to better understand the consequences," he suggested.
Mobile malware shows no signs of abating. In its latest Threat Report, McAfee Labs found an increase in new mobile malware for the fifth straight quarter, with growth of 167 percent in the past year
McAfee is not the only organization to note an increase. In daily samples taken during the last six months of 2013, security solutions provider Cyren Ltd. found an average of 5,768 types of Android malware. "… The bad guys are continuing to target under-protected mobile devices," said Cyren CTO Lior Kohavi.
One trend highlighted in McAfee's threat report was malware designed to take advantage of the popularity of the Flappy Bird game and hundreds of Flappy Bird clones released after creator Dong Nguyen pulled the game from the App Store earlier this year. McAfee found that 79 percent of the clones it sampled were malicious.
Because malicious cloned games are generally distributed via third-party markets, Castillo said the best strategy is to disable the installation of applications from unknown sources. An enterprise mobility management strategy that allows security administrators to apply policies to specific apps can be helpful.
Again, admins should educate their users on the importance of having a security solution for their mobile device, Castillo said. "Users should understand how their 5-to-9 life can affect their 9-to-5 life."
Photo courtesy of Shutterstock.
Ann All is the editor of Enterprise Apps Today and eSecurity Planet. She has covered business and technology for more than a decade, writing about everything from business intelligence to virtualization.
By Jeff Goldman
June 25, 2014
Columbia University's Jason Nieh and Nicolas Viennot found thousands of secret keys being stored in app software.