Smartphone and mobile device users are a big target for hackers, skanksters and cyber villains of all shades. It’s not surprising. The growth of high-speed mobile networks and seriously powerful mobile devices have seen smartphones become many people’s most important computing tool.
Back in the mists of 2016 mobile device usage overtook fixed computing internet usage, according to Statcounter, a research company that tracks internet use across 2.5m websites. In short, more web pages were accessed by mobile devices than fixed computers.
Hackers tend to be on top of these trends. They are attracted to the largest targets and this is certainly the case with mobile computing devices.
- More than 500 Android mobile apps were recently removed from Google Play after it was discovered that a software development kit (SDK) embedded in the apps could be leveraged to install spyware on devices.
- The SDK was developed by a Chinese company and may have been used to install malware
To illustrate the scale of the problem further:
- Last year in a two month period, malware known as CopyCat infected 14 million devices around the world and rooted more than half of them, about eight million devices.
- The malware spread via popular apps, which were repackaged with CopyCat and available for download on third-party app stores.
- It installed a component to the device’s system directory and targeted Android core process that launches apps, basically giving attackers admin privileges.
Rooting means gaining root access to your device. When you take your phone out of the box you can only alter what the manufacturer allows you to. By gaining root access you can modify the device's software on the deepest level. Malware that roots device is fairly common and essentially gives hackers remote control over your device.
Android is by far the most targeted mobile operating system but Apple’s iOS certainly gets it fair share of malicious activity aimed at it.
By far the most dangerous threat is from apps that masquerade as the real deal. These fake apps can be used to root devices as mentioned above or to implant trojans onto your device that can for instance be used to steal banking credentials, spyware and adware.
For instance last year two new types of mobile malware were discovered that planted adware and spyware:
- LevelDropper - discovered in the Google Play Store it first rooted devices and then went on to install applications on the victim’s device such as adware and malicious spyware.
- Shedun - masqueraded as legitimate apps such as Facebook, Twitter and WhatsApp and then planted adware
Here are some simple tips on how to spot fake apps:
- Many fake apps are clones of popular established apps. If in doubt as to the legitimacy of an app you are about to download back pedal a little bit and do a bit of research.
- Read reviews about the app. If they are short and a bit bland it could well be a scam. Also look out for reviews from users who have been duped; they’ll let you know in no uncertain terms if it’s a scam.
- However, also keep in mind that an app with few reviews or few downloads might be from a developer who is just starting out.
- To establish a developer’s legitimacy see if they have a website. If they are genuine they will likely have website that showcases their apps.
- You can also check the app details. If it’s genuine it will likely be well designed with lots of clear instructions. If it’s a scam its likely to be poorly designed so much so it could be actually quite jarring.
You can protect yourself from malware laden apps with BullGuard’s free Mobile Security.
It keeps you safe.
Beyond fake apps SMS phishing is one of the most other type of common threats. SMS may seem old fashioned given the widespread use of instant messaging apps like WhatsApp.
But cyber fraudsters still make extensive use of it. Smishing or SMS phishing is about sending fake text messages claiming that the mobile user has won a free product.
Within the text message, there is a fake URL link. If the recipient clicks the link, malware is unknowingly downloaded onto the device.
Here are some simple tips to help you identify and stop smishing attacks:
- Avoid clicking on messages from unknown sources that contain links.
- Don’t reply to text messages that ask you about your personal finances.
- If a text message urges a quick reply – ignore it, it’s more than likely a smishing attempt
- Don’t’ call back a phone number that is associated with a text that was sent to you ‘out of the blue’ and you have had no previous contact with the source
- If the message says something like ‘Dear user, congratulations, you have won...’ it’s a smishing attempt
If a message claims to be from a long lost friend or someone you haven’t seen in a long time and it contains a link… it’s a smishing attempt.