Skip to content

Mobile malware

Mobile malware is a generic term for malicious software designed to target mobile devices (smartphones, tablets, and iOT devices) with the goal of gaining access to private data.

Apparently mobile malware is still not as pervasive as malware designed for workstations, and that may have to do with the fact that SOC teams and SIEM stacks have focused mostly on detecting workstation and corporate network threats, and that it was only a matter of time before hackers switched tactics.

It is definitely a recognised/growing threat, and needs to be addressed.

The most common types of mobile malware threats:

  • “Advertising Click Fraud” is a type of malware that allows an attacker to hijack a device to generate income through fake ad clicks.
  • Cryptomining malware enables attackers to covertly execute calculations on a another person’s device – allowing them to generate cryptocurrency. Cryptomining is often conducted through code hidden in squatted apps.
  • Spyware and stalkerware offer access to data from infected victim devices and are often used for intelligence collection. These can typically access information such as installed applications, call history, address books, web browsing history, and SMS data. Some may also be used to send SMS messages, enable device cameras, and log GPS data.
  • Bank trojans are often disguised as legitimate applications and seek to compromise users who conduct their banking business — including money transfers and bill payments — from their mobile devices. This type of trojan aims to steal financial login and password details.
  • Ransomware is a type of malware used to lock out a user from their device and demand a “ransom” payment — usually in untraceable Bitcoin. Once the victim pays the ransom, access codes are provided to allow them to unlock their mobile device. Or not.

Resources

Mitigations