Pinterest Stumbleupon Whatsapp
Ads by Google

Malware can affect mobile as well as desktop devices. But don’t be afraid: a bit of knowledge and the right precautions can protect you from threats like ransomware and sextortion scams.

What is Malware?

Malware is software with malicious intent Viruses, Spyware, Malware, etc. Explained: Understanding Online Threats Viruses, Spyware, Malware, etc. Explained: Understanding Online Threats When you start to think about all the things that could go wrong when browsing the Internet, the web starts to look like a pretty scary place. Read More . There are lots of different kinds, such as viruses, worms, trojans, spyware, adware and more.

The point of nearly all malware is to make money. – Sophos, “Exposing the Money Behind the Malware”

Depending on the type of malware, if you have it, the performance of your device could suffer, your personal information could be stolen, or intruders could gain access to your accounts. Those are just some of the potential consequences.

Ransomware: Holding Your Device Hostage

Ransomware Avoid Falling Victim To These Three Ransomware Scams Avoid Falling Victim To These Three Ransomware Scams Several prominent ransomware scams are in circulation at the moment; let's go over three of the most devastating, so you can recognise them. Read More is a type of malware that ‘holds your device to ransom’ by locking it down so it can’t be used until you pay the hostage-takers, and it hit Android in 2014 FBI Ransomware Hits Android: How To Avoid Getting It, And Remove It FBI Ransomware Hits Android: How To Avoid Getting It, And Remove It Learn how to keep your Android device safe from FBI Ransomware with these tips. Read More .

Svpeng is one type which combined ransomware and payment-card theft. For Russians (whom Svpeng was originally created to target) Svpeng would present a screen to input credit card details every time a user went to Google Play, which it would then send to the cybercriminal gang that created it.

For people in the US and UK it would present itself as the FBI, locking down the infected device for supposedly having child pornography on it. The user would then have to pay a ‘fine’ in order to have the device released.

Ads by Google

svpeng-1

Svpeng also checked to see if a banking app was installed, though it is unclear what it did with that information.

Russian Police arrested Svpeng’s 25 year old creator earlier in April, after having stolen over 50 million rubles ($930,000) and having infected over 350,000 Android devices.

Apps Installing Without Your Consent

Do you have any apps that let you open links inside them without having to go to your browser app? The component that renders the page for you in that situation is called Webview – and if you are one of the 950 million people who are running Android 4.3 Jellybean or lower, you need to know about this vulnerability.

android-jellybean

While browsing in Webview, you’re vulnerable to a Universal Cross-Site Scripting (UXSS) attack. This means that if you happen to click on a malicious link, an attacker can execute any malicious code he or she wants through JavaScript – completely bypassing the security mechanisms that usually protect you. The attacker can use this vulnerability to automatically install any app they want onto your device.

Google has no plans to patch this vulnerability in Android 4.3 or lower. The best way to avoid being a target is to upgrade to the latest version of Android Android 5.0 Lollipop: What It Is And When You'll Get It Android 5.0 Lollipop: What It Is And When You'll Get It Android 5.0 Lollipop is here, but only on Nexus devices. What exactly is new about this operating system, and when can you expect it to arrive on your device? Read More  as soon as you can, or to avoid surfing through Webview by opening up links in a secure browser like Chrome, Firefox, or Dolphin.

Your Phone Is Off… Right?

Android/PowerOffHijack is malware that hijacks the shutdown process of your device so that it appears to be off, but remains functional. That way it can secretly make calls, take pictures, and more – all without you having a clue.

Unlike the first type of malware discussed in this article, Android/PowerOffHijack affects Android 5.0 and higher, and requires root access to work.

As of February 18th, about 10,000 devices were infected. So, do you need to worry? Unless you download apps from Chinese app stores, you’re probably safe from this threat, at least.

Innocent Apps Hiding Dormant Malware

In February we learned that certain Android apps were giving their users more than they bargained for. A patience/solitaire game, an IQ test, and a history app all sound innocent enough, don’t they? And you would never expect they had a problem if they behaved as intended for a month before doing anything dubious, wouldn’t you? However, each of these apps, which were downloaded more than five million times, had code in them that would trigger popups that, if clicked on, would lead to fake webpages, run illicit processes, or start unwanted app installs and downloads.

Filip Chytry of Avast Antivirus sheds light on the clue that tells you if you have this kind of malware:

Each time you unlock your device an ad is presented to you, warning you about a problem, e.g. that your device is infected, out of date or full of porn. This, of course, is a complete lie.

Google has suspended these apps from the Google Play Store, so as long as you don’t download them from another source, you’ll be okay.

Malware for Sextortion

Cybercriminals in South Korea have created fake social media profiles of attractive women to lure people into cybersex, whom they then blackmail by threatening to release the video on YouTube.

Here’s where the malware comes in. The perpetrators are now pretending that they experience audio problems with the chosen software (like Skype) and persuade their victim to download an chat app of their preference. In truth, the chat app steals the victims contacts to send to the blackmailer. The criminal uses the contact information to extort money more effectively by threatening to share the video with the victim’s close friends and family.

Android Installer Hijacking Vulnerability

Nearly 50% of all Android devices are at risk of a vulnerability called “Android Installer Hijacking”. Put simply, when you go to download a legitimate app, the installer can be hijacked allowing an app you didn’t want to be installed in its place. This happens in the background while you are reviewing the permissions of the app you want to install, either by setting up the benign app to install malware later, or by masking the true permissions it requires.

This vulnerability affects third party app stores, such as the Amazon App Store Google Play vs. Amazon Appstore: Which Is Better? Google Play vs. Amazon Appstore: Which Is Better? Android comes with Google Play, but that isn't the only app store you can use on Android. Android allows users to use third-party app stores, and Amazon has stepped up with a competitor of its... Read More . Android devices 4.4 and higher are safe from this.

According to Palo Alto Networks, who discovered this vulnerability, if you have an affected device, the best way to avoid inadvertently downloading malware is by only installing apps from the Google Play Store.

Is Malware a Big Deal?

Alcatel-Lucent conducted a study that revealed 16 million mobile devices were hit with malware in 2014.

The Motive Security Labs malware report – H2 2014, which looked at all popular mobile device platforms, found that Android devices have caught up with Windows laptops in terms of malware attack numbers, with infection rates between Android and Windows devices split 50/50.

alcatel-lucent-infographic

According to Verizon, mobile malware is hardly a problem at all. From Verizon’s 2015 Data Breach Investigations Report section titled, “I Got 99 Problems and Mobile Malware Isn’t Even 1% of Them”:

“An average of 0.03% of smartphones per week—out of tens of millions of mobile devices on the Verizon network—were infected with “higher-grade” malicious code.”

Verizon considers most of the malware infecting Android devices to be trivial “adnoyance-ware”, and other types that waste resources but don’t cause significantly more harm. Think that means we don’t need to worry about malware on our mobile devices? Not at all.

We are not saying that we can ignore mobile devices; far from it. Mobile devices have clearly demonstrated their ability to be vulnerable. What we are saying is that we know the threat actors are already using a variety of other methods to break into our systems, and we should prioritize our resources to focus on the methods that they’re using now.

So, you should still pay attention to the risks out there so that you stay safe. Malware may be a small problem today, but research from Lookout (a mobile security firm with an Android app that we reviewed previously Safeguard Your Device With Lookout Mobile Security [Android] Safeguard Your Device With Lookout Mobile Security [Android] Lookout Mobile Security is one of the top antivirus and device tracking solutions for Android. It has a proud spot on our Best Android Apps page, and we’ve given it some coverage as part of... Read More ) shows that mobile malware is on the rise, particularly ransomware FBI Ransomware Hits Android: How To Avoid Getting It, And Remove It FBI Ransomware Hits Android: How To Avoid Getting It, And Remove It Learn how to keep your Android device safe from FBI Ransomware with these tips. Read More .

Staying Safe

When you hear that 97% of the mobile malware out there is on Android (as reported by F-Secure), it certainly sounds like Android must be insecure for that to be the case. Just remember that as long as you stick to apps from the official Google Play Store, you are unlikely to encounter any of the dangerous malware out there. As we’ve shown here, malware lives and thrives in unofficial app stores, which are largely unregulated.

I only side-load apps How to Download an APK from Google Play to Bypass Restrictions How to Download an APK from Google Play to Bypass Restrictions Need to get your hands on the installable APK file for an app from Google Play? We got you covered. Read More when I have a good reason to believe they are safe, such as if I know the developer, or if it’s a mirror of an official app hosted by a trustworthy source.

Malware-Scanning & Removal

Malwarebytes Anti-Malware have released a version of their tool for Android that can help you scan for and remove malware on your Android device.

Had Problems with Malware?

As much as there are other threats to worry about which are more likely to affect us, it’s important not to let your guard down. Fortunately, not letting your guard down is pretty easy:

Have you ever been plagued with malware on your smartphone? Do you worry about malware? And how do you feel about ‘adnoyance-ware’: nuisance, or security threat?

Image Credit: Android and Windows PC biggest offenders via Alcatel-Lucent (PDF), Installing Jellybean via Flickr (Creative Commons 2.0), Svpeng via Forbes

Leave a Reply

Your email address will not be published. Required fields are marked *