August 9, 2023

Mobile malware is malicious software that targets mobile phones or wireless-enabled personal digital assistants, by causing the collapse of the system and loss or leakage of confidential information. As mobile devices have become more widely used, mobile malware has emerged as a growing threat. Mobile malware masquerading as legitimate and harmless applications such as QR code readers, flashlights, and games have grown more common on official and unofficial application (app) stores. These attempts to infect users’ mobile devices have expanded from fake apps to cracked and customized versions of legitimate apps. Cybercriminals are offering unofficial versions of apps as malicious APKs via direct downloads and third-party app stores. These apps are designed to take advantage of name recognition to slip malware onto employee devices.

Different forms of malware

• Viruses: A virus is malware that attaches to another program or app and, when triggered, replicates itself by modifying other computer programs and infecting them with its own code. This may cause a device to crash and allow cybercriminals to steal or destroy data. At the very least, it can create performance issues that hinder effective use of the device.
• Computer worm: A worm is like a virus, but it does not require user interaction to trigger.
• Trojan horse: A trojan horse is popular malware that can harm a digital device and its data by crashing the device, deleting files, and stealing confidential information.
• Ransomware: Ransomware is a type of malware that can lock a device and deny access to its files and stored data.
• Spyware: Spyware often appears as pop-up advertisements to deceive users and share their information with third-party entities.
• Adware: Adware is advertising-supported software that generates ads automatically for creating revenue. Adware typically is bundled with software installed and then identifies the websites visited to present select advertisements to the viewer.
• Scareware: Scareware is a malicious computer program designed to trick the user into buying and downloading unnecessary and potentially dangerous software, such as fake antivirus protection.

Risks

1. Financial loss
2. Loss of data & sensitive information
3. Threat to privacy

Tips to Prevent Mobile Malware

1. Keep applications updated: By running the newest version of every application on your mobile phone, you can ensure that you are running the version with the latest security patches and updates. Application developers will often release a new update or version if their software is compromised in any way.
2. Install mobile security software: Just like antivirus software protects a computer from viruses and malware, a mobile security application will do the same thing.
3. Only download apps from official stores: All vets available on the Apple App Store and Google Play have been vetted to ensure they are safe. That doesn't mean that no app will slip through the net, but you have a much better chance of installing a legitimate app through office sources.
4. Use screen lock protection: Many mobile devices are compromised when they are lost and stolen. Ensure at the very least that a passcode is used to lock the screen. Even better, use facial recognition or fingerprint recognition technology.

Remember to report all information security incidents and anything suspicious or cybersecurity related to Sharekhan CSIRT / Information Security Task Force:
E-mail ID: skcsirt@sharekhan.com | istf@sharekhan.com

Mobile malware attacks prevent kar, Sharekhan kar.