Stay informed about cyber awareness training topics and mitigate risk in your organisation.

A Quick Guide to Mobile Malware

title 2

about the author

Gone are the days of using our phones for a simple phone call! Mobiles are now rapidly replacing computers as the go-to method for heading online. We use our phones for pretty much everything, whether it’s online shopping, banking, socialising, working or storing precious photos. They’ve become an extension of us and hold a wealth of personal information that could prove costly if it fell into the wrong hands.

According to recent statistics, there are 5.11 billion unique mobile phone users in the world today, up 100 million in the last year. This is driven by the increasing popularity of smartphone usage which is expected to reach 2.87 billion next year. This means that over half of all mobile users will be smartphone users for the first time, reflecting our growing reliance on smartphones for everything internet related.

Our phones are basically mini-computers and should be protected in the same way as our PCs and laptops. But that’s the problem. We don’t protect them in the same way.

Our security protocols seem to go out in the window when we’re on our phones. We’ll download apps from random app stores, check our bank balance on public wi-fi networks, click on a dodgy link within a text message, the list is endless!

And these lapses in security haven’t gone unnoticed. Cybercriminals have been quick to exploit these devices with limited security, which has resulted in a sharp rise in the growth of mobile malware. Researchers at Kaspersky have seen the number of attacks using malicious mobile software nearly double in just a year. In 2018 there were 116.5 million attacks, compared to just 66.4 million in 2017.

What is mobile malware?

A Quick Guide to Mobile Malware

Malware is a type of malicious software designed specifically to target smartphones and tablets. It can be weaponised with traditional computer malware if the target has a mobile interface.

There are lots of different types of mobile malware available, some more harmful than others. The most common types are:

  • Spyware – Spyware is often loaded as a program on your device and secretly monitors your activity, location, and login details before relaying this confidential information back to a third party.
  • Trojans – Trojans infect devices by attaching themselves to seemingly harmless or legitimate programs that are installed within the app, then carry out malicious actions.
  • Ransomware – Ransomware is a type of malware that will encrypt a user’s data and then hold it for “ransom” until a payment is made to the attacker.
  • Viruses – Viruses are closely related to Trojans and can be installed on a device in a number of ways. They are often highly destructive and often irreparable.
  • Keyloggers – Keyloggers sit on a user’s device and log all keystrokes in an attempt to find valuable information.
  • Bank Trojans – This type of malware combines a trojan and keylogger attack and is a favoured method of hackers. It often intercepts a user’s legitimate banking app or tricks users into downloading fraudulent banking apps.

Signs your phone may be infected with malware

A Quick Guide to Mobile Malware

There are often some tell-tell signs that may indicate your phone has been infected with malware. These include:

  • Notable decrease in battery life – This could indicate that your phone has a virus that is rapidly draining the battery.
  • Unexpected data usage and large phone bills – This could be a sign that malware is accessing your data or phoning premium services without your knowledge.
  • Increase in pop-up ads – If your phone is infected with adware or malware, it can cause an increase in advertisements and pop-ups. Do not click on any ads that appear on your device.
  • Your device shuts off unexpectedly – A virus may cause your phone to turn off and on by itself.
  • New apps appear – If new apps appear on your phone that you know you haven’t downloaded, it could be a sign that malware is slipping malicious apps onto your device.
  • Contacts receive strange messages – Malware can use your device to send spam texts and emails to all your contacts. This may result in their devices becoming infected too. 
  • Poor performance and overheating – Malware and viruses can put enormous strain on the phone’s performance causing it to overheat quickly.

What to do if your phone is infected with malware

A Quick Guide to Mobile Malware

If your phone has been infected with malware, you will need to take immediate steps to stop any malicious activity. The first step is to switch your phone to safe mode to cut your device off from any networks. This will prevent any malicious apps from receiving and sending any data.

The next step is to go to your device settings and look for a list of all your current apps. Check to see if there are any suspicious apps that you’re not familiar with. Select the app and then delete it immediately.

You should then consider installing and running a security program to make sure all threats are eradicated from your device.

How to protect your device from becoming infected

A Quick Guide to Mobile Malware

Despite the growth of mobile malware, there are some steps you can take to prevent your device from being infected.

1. Install Anti-Virus software

One of the best ways to prevent your device from being infected by malware is by installing an up to date anti-virus software. Anti-virus software will detect threats on your phone and block unauthorised users from gaining access.

2. Regularly check your apps

If you see any suspicious apps running on your phone, you should delete these immediately. It’s also important to keep your apps and device up to date as cybercriminals will exploit any vulnerabilities to hack into your phone.

3. Only install apps from trusted sources

Only download verified apps from official sources like the Google Play Store or the Apple App Store. Take the time to research both the app and its publishers and read reviews from other users to make sure the app is legitimate and worth downloading.

4. Check permissions

Permissions are used by apps to access specific functions and data within the device. If an app has a long list of permissions that are unnecessary to the functioning of an app this should act as a red flag and raise suspicions about the intent of its use. The fewer permissions an app requests, the more likely it is to be safe.

5. Check and update your phone settings

Phone settings can be changed to prevent the installation of content that isn’t from trusted sources. Your phone should notify you before downloading any app to ensure you are restricted from unwanted activity. Make sure you auto-lock your phone and have a strong password in case it’s lost or stolen. This can help keep your personal data private. Another good practice is disabling the “Wi-Fi auto-connect” feature so your phone will only connect to previously known Wi-Fi networks.

6. Don’t click on suspicious links or open attachments

The device may have changed, but the threat remains the exact same. Phishing scams trick people into opening emails or clicking on a link that may appear to come from a legitimate business or reputable source. The link may direct you to a fake website where you are prompted to enter your personal details or take you to a website that directly infects your computer with ransomware. If in doubt, don’t click the link.

MetaPhish provides a powerful defence against phishing and ransomware attacks by training employees to identify and respond appropriately to these threats. Get in touch for further information on how we can help protect your business.

you might enjoy reading these