Mobile malware

The most common types of mobile malware threats:

• “Advertising Click Fraud” is a type of malware that allows an attacker to hijack a device to generate income through fake ad clicks.

• Cryptomining malware enables attackers to covertly execute calculations on a another person’s device – allowing them to generate cryptocurrency. Cryptomining is often conducted through code hidden in squatted apps.

• Spyware and stalkerware offer access to data from infected victim devices and are often used for intelligence collection. These can typically access information such as installed applications, call history, address books, web browsing history, and SMS data. Some may also be used to send SMS messages, enable device cameras, and log GPS data.

• Bank trojans are often disguised as legitimate applications and seek to compromise users who conduct their banking business — including money transfers and bill payments — from their mobile devices. This type of trojan aims to steal financial login and password details.

• Ransomware is a type of malware used to lock out a user from their device and demand a “ransom” payment — usually in untraceable Bitcoin. Once the victim pays the ransom, access codes are provided to allow them to unlock their mobile device. Or not.

Lists

• Malware for iOS (iPhone wiki)

• Android malware apps master list (Phone arena)

Indicators

• Your battery is draining faster than normal

• Your phone is behaving abnormally

• Phone starts lagging

• You find strange apps being installed on your device, automatically

• Your device is getting heated up too quickly

• Your device may show you some kind of warning message

• Increase in data usage

• There may be calls you did not make or text messages you did not send

• Apps crash regularly

• You suddenly get pop-ups and ads banners in the notification area and the keyboard area

• Unexpected charges for SMS to premium numbers or purchases with your credit card you did not send or do

Detection and mitigation (general)

• Android

• iOS

Prevention (general)

• Keep applications updated so that you are running the version with the latest security patches and updates. Application developers will often release a new update or version if their software is compromised in any way.

• Install mobile security software (works like antivirus software on a workstation).

• The majority of mobile phones do not include firewall protection. Firewalls not only protect your online privacy when browsing, but can be used to only allow authorised apps to access the internet through a set of firewall rules.

• Many mobile devices are compromised when they are lost and stolen. Use a passcode to lock the screen.

• Only download apps from stores that vet applications: Apple App Store and Google Play have been vetted to ensure they are safe. This is not a guarantee that no app will slip through the vetting process. For example, attackers managed to distribute a fake “WhatsApp” app to millions of mobile users via the official Google Play Store by simply adding a Unicode-encoded space at the end of WhatsApp’s ID, and a fake app named Teligram sneaked into the Google Play, pretending to be a new version of the real Telegram app, but some vetting is better than the wild west without sherrif, and the vetting process is continuously being improved also.