As users have increasingly moved from desktop operating systems to mobile devices as their primary form of computing, cyber attackers have taken notice and malware has followed. While the total volume of mobile malware is a fraction of that created for desktops, it is nonetheless a growing security concern, as more and more high-value and sensitive tasks are performed on mobile devices.
Mobile malware statistics
According to the Intel Security/McAfee April 2017 trends report, at the end of 2016 there were more than 600 million malware variants in total. There were approximately 15 million different mobile malware variants at the end of 2016, up from just under 8 million. Globally, approximately 8 percent of mobile users had been infected by mobile malware at the end of 2016.
Types of mobile malware
There are several different forms of mobile malware, not all of which are the same as those affecting desktop operating systems.
- Trojans: As is the case on the desktop, trojans provide a backdoor, enabling an attacker to remotely execute code or control a device.
- Keyloggers: Keyloggers, which also sometimes include screenscrapers, sit on a user's device, logging all keystrokes in an attempt to find valuable information.
- Bank trojans: This type of malware is particularly attractive to mobile attackers, as it combines a trojan with a keylogger. Attackers either intercept a user's legitimate banking app information or trick users into downloading fraudulent banking apps.
- Ransomware: Though not nearly as common as it is on the desktop, ransomware is a type of malware that will encrypt a user's data and hold it for "ransom" until a payment is made to the attacker.
- Ghost push: A malware form that can target Android devices, getting root access and then pushing software updates or malicious ads onto a user device.
- Adware/spyware: Though not always defined or identified as malware, ads can sometimes be laced with tracking components (sometimes called Spyware) that will collect information on user activity.
How mobile malware infects users
There are a variety of mechanisms by which different forms of mobile malware are able to infect and exploit mobile devices.
- Attacking known vulnerabilities: This is perhaps the most obvious form of attack, when attackers simply go after known issues. The challenge is that not all users are able to update their mobile operating systems as quickly as attackers put out mobile malware.
- Permissions abuse: Different forms of malware (often adware) can get on mobile devices when applications ask for more permissions than what are needed and users grant those permissions.
- Jailbroken phones: Though it is possible that malware can find its way into the official Google and Apple mobile app stores, it isn't common. The vast majority of malware and malware-integrated apps are found in third-party app stores.
Mobile attacks beyond malware
While malware can often be a payload in a mobile attack, there are also non-malware based attacks that often hit mobile users.
- Authentication attacks: There are many different types of authentication attacks that aim to steal user credentials or trick users into inputting their credentials into a fraudulent web page or app.
- Man-in-the-middle (MiTM): In an MiTM attack, the data stream from the app to the back-end web service is not properly configured for encryption, enabling an attacker to potentially intercept mobile traffic. This type of attack can occur in a mobile WiFi hotspot, for example.
Creating a mobile device policy
There are several different ways to keep mobile devices and users safe from mobile malware. For organizations, the best approaches often involve the implementation of a formal Bring Your Own Device (BYOD) or Enterprise Mobility Management (EMM) system. Learn more about BYOD and EMM in the eSecurityPlanet guide to EMM.
Educating employees on mobile threats
For employees, there are a few key things that need to be understood when it comes to mobile malware.
While it is possible to get mobile malware via the authorized, official Apple AppStore or Google Play, it is significantly less likely. Jailbroken or rooted phones and getting software from unknown third-party sources is typically how most mobile malware is able to exploit users.
As part of a formal BYOD policy and just basic common sense, the perils of non-official software app store use is something that mobile users should understand.
Keeping your network safe from mobile malware
Mobile trojans can be used in some cases to create a zombie botnet that will attack a local network. For network administrators, mobile devices, just like any other device connected to the network, should always be monitored and logged for potentially malicious activities.
Beyond just monitoring, the implementation of a Network Access Control (NAC) solution that provides both pre-admission and post-admission monitoring of activity is recommended.
Mobile malware solutions
It's important to note that unlike desktop software, which can come from any source, the default (and recommended) method to acquire mobile software is via an authorized app store. Both Apple and Google scan all applications in their respective app stores in an effort to detect any potentially malicious apps. Going a step further, Google also provides a service called "Verify Apps" that also helps detect malicious applications that have been installed from third-party app stores.
Mobile malware solutions, much like their desktop counterparts, do anti-virus and anti-spyware/adware scanning. Some provide additional scanning to prevent or limit the risk of phishing, and some provide permissions warnings when an app is attempting to do something that requires more permissions that it should.
These are some of the vendors offering mobile security software and solutions:
- AVG Antivirus
- Norton Security
- McAfee Mobile Security
Sean Michael Kerner is a senior editor at eSecurityPlanet and InternetNews.com. Follow him on Twitter @TechJournalist.