The amount and variety of mobile malware programs targeting smartphone and tablet users is significant and growing at an alarming rate. This blog post will explain the common types of malicious programs targeting mobile platforms, and provide a brief description of each.
Mobile malware first emerged as early as 2004 targeting the Symbian OS, but exploded in 2011 when computer security pros reported a new incident on the Android platform every few weeks. These nefarious programs either install themselves or are installed on the device by unwitting mobile users, and then perform functions without user knowledge or permission. Malicious mobile apps are often disguised as legitimate applications. They can be distributed through the internet via mobile browsers, downloaded from app stores or even installed via device messaging functions. The insidious objectives of mobile malware range from spying to keylogging, from text messaging to phishing, from unwanted marketing to outright fraud. There is malware out there targeting every mobile platform – from Apple iOS to WinMobile to Blackberry – yet the vast majority of mobile malware programs today target Google Android users. Some researchers report a rate of infection as high as 90 percent, due to Google’s open app development and distribution model. There are four broad classifications of mobile malware:
Spyware secretly gathers confidential information about the mobile user and then relays this data to a third party. In some cases these may be advertisers or marketing data firms, which is why spyware is sometimes referred to as “adware”. It is typically installed without user consent by disguising itself as a legitimate app (say, a simple game) or by infecting its payload on a legitimate app. Spyware uses the victim’s mobile connection to relay personal information such as contacts, location, messaging habits, browser history and user preferences or downloads. Spyware that gathers device information such as OS version, product ID, International Mobile Equipment Identitiy (IMEI) number, and International Mobile Subscriber Identity (IMSI) number can be used for future attacks.
Mobile Trojans infect user devices by attaching themselves to seemingly harmless or legitimate programs, are installed with the app and then carry out malicious actions. Such programs have been known to hijack the browser, cause the device to automatically send unauthorized premium rate texts, or capture user login information from other apps such as mobile banking. Trojans are closely related to mobile viruses, which can become installed on the device any number of ways and cause effects that range from simply annoying to highly-destructive and irreparable. Malicious parties can potentially use mobile viruses to root the device and gain access to files and flash memory.
Mobile browsing of the internet is growing with smartphone and tablet penetration. Just as with desktop computing, fraudsters are creating mobile phishing sites that may look like a legitimate service but may steal user credentials or worse. The smaller screen of mobile devices is making malicious phishing techniques easier to hide from users less sophisticated on mobile devices than PCs. Some phishing schemes use rogue mobile apps, programs which can be considered “trojanized”, disguising their true intent as a system update, marketing offer or game. Others infect legitimate apps with malicious code that’s only discovered by the user after installing.
Mobile malware is getting more sophisticated with programs can operate in the background on the user device, concealing themselves and lying in wait for certain behaviors like an online banking session to strike. Hidden processes can execute completely invisible to the user, run executables or contact botmasters for new instructions. The next wave is expected to be even more advanced, with botnet tendencies to actually hijack and control infected devices.
While these types of mobile malware differ greatly in how they spread and infect devices, they all can produce similar symptoms. Signs of a malware infection can include unwanted behaviors and degradation of device performance. Stability issues such as frozen apps, failure to reboot and difficulty connecting to the network are also common. Mobile malware can eat up battery or processing power, hijack the browser, send unauthorized SMS messages, freeze or brick the device entirely.
There are several best practices that all mobile users should follow to prevent mobile malware infections. These are detailed with facts and humor for the average mobile user in our free mobile security eBook. Some malware cases require special prevention and treatment methods, but following these recommendations will greatly increase a user’s protection from a wide range of mobile malware.
1: Download apps only from official app stores like Apple's App Store or Google Play. The vast majority of rogue apps are found on unofficial app stores or websites, many based in China or Russia. Staying loyal to official marketplaces dramatically decreases the amount of malware users will ever encounter.
2: When evaluating third party apps for purchase, do some research on the developer and their reputation. Read user ratings, paying special attention to reviews from disgruntled users, and seek out app recommendations from reputable sources. On the other hand, help other users by giving feedback both good and bad to apps you have experienced.
3: Rethink “permissions” when installing new apps for the first time. Malicious app developers are counting on that level of carelessness to sneak malware on to your device. Read the end user agreement before clicking to understand exactly what permissions the app is asking for.