If you have a smartphone you’re probably thanking every technology pioneer out there who contributed to its development. We know we do. These tiny laptops are easy to carry around, enable you to call your contacts, bank, shop, socialize online, and give you something to do while you’re on a train, bus, or – why not? – in a boring lecture. You can simply download a fun app, and there you are: bored no more! But you have to keep in mind one thing, all the time: cyber-crooks know how to exploit this convenience to their own benefit, putting your mobile security at risk.
Time fillers or joy killers?
Online app stores are filled with engaging apps, some very useful, some plain fun, and some… plain evil. The last category is made up by those malware-carrying rogue apps, disguised as “free levels” to legitimate online games or mobile security tools. They are used by malware writers to trick you into downloading them, and then, once the piece of malware is conveniently settled onto your smartphone, it shakes up your mobile security. It allows cyber-criminals to make calls, send text and voice-mail messages, or read/listen to messages you send, and download online content. As you can imagine, cyber-crooks also gain access to your personal data (passwords, credit card details etc.), which they can either use to their benefit or sell to other criminals. How’s that for a joy killer?
In one particular mobile scam involving rogue apps, cyber-crooks send SMSs to their own premium-rate services (PRS) from the infected phone. These unauthorised messages are usually sent at a rate of one per minute, and a cost of £6 per message. The even more worrying fact is that the piece of malware works in the background of the phone’s infrastructure even while in use. So when you see your racked-up bill, you’re struck by the fact that you’ve fallen victim to some sort of mobile security scam.
How do SMS-sending apps work?
Usually, this type of rogue app is the result of malware writers altering the source code of a legitimate app to include a Trojan. Once this piece of malware gets to your smartphone, it starts exploiting the SMS permission settings to send SMSs to a string of PRS numbers. Some of these rogue Trojan apps may go as far as extracting important data from your smartphone (SMSs, e-mails, contacts, and calendar). In this phase of the scam, the Trojan app enables scammers to use the GPS location feature and gain remote access to your infected phone.
If you ever get a rogue app like that on your smartphone, you’ll face more than a mobile security problem, as your mobile privacy will be highly affected, as well.
How to spot rogue mobile apps and protect your mobile security?
- Before downloading a new app, always check its reviews and ratings, as well as its developer’s profile.
- Some of these apps come with well-written legal terms usually highlighting the fact that the app may charge you. Even if these legal terms make the app seem legit, it’s best you read them carefully.
- While doing its dirty deeds, the rogue app can drain your phone battery really fast. So battery running low might be a sign of infection with malware.
- Check your phone bill periodically – several times a month – and keep tabs on any suspicious activity. If you spot unusual activity in your phone or in your bill, contact your mobile network provider.
- Always have a mobile security app from a trusted vendor installed on your device, to spot any malware that wants to get to your phone. BullGuard Mobile Security 10 comes with an effective antivirus engine that protects your phone by real-time detection and removal of viruses and other malware. When it comes to mobile security and privacy, prevention is always better than cure!