Malware attacks against mobile devices — and Android handsets in particular — have rocketed this year, with hackers increasingly turning their attention to attacking smartphones with credential-theft, surveillance, and malicious advertising.
Researchers at Check Point examined cyberattacks in the first half of 2019 and found that those targeting smartphones and other mobile devices have risen by 50% compared with last year. The findings have been outlined in the Cyber Attack Trends: 2019 Mid-Year Report.
The report suggests one of the key reasons for the sharp rise is increased use of mobile banking applications. This has seen cybercriminals following the money and increasingly distributing malware designed to steal payment data, login credentials, and ultimately funds from victims’ bank accounts.
“The sharp rise in mobile banking malware correlates to the growing use of mobile banking applications,” Maya Horowitz, director of threat intelligence and research at Check Point, told ZDNet.
“The methodology used to distribute the malware has also been borrowed from the wider threat landscape — malware builders available for purchase in underground forums,” she added.
In many cases, the malware attacks follow similar distribution strategies to those targeting desktop users, with the applications silently running in the background without the victim being any the wiser.
Some forms of Android malware have even been developed with advanced evasion techniques in order to remain undetected on infected devices.
For example, the Anubis banking trojan will only begin operating after motion sensors detect that the device has been moved — a strategy to avoid it being detected and analysed in sandbox environments.
Meanwhile, other forms of malware have been known to turn off Android’s Google Protect security to help steal data from banking customers.
The most widely-distributed mobile malware is Triada, with the analysis of malicious software distributed across the globe this year finding it accounts for 30 percent of known attacks.
Triada is considered one of the most advanced forms of Android malware, granting attackers super-user privileges that allow them to take control of the device. The malware has also been found pre-installed on over 20,000 low-end smartphones.
The two other most common mobile threats are Lotoor, a hacking tool that exploits vulnerabilities in the Android operating system in order to gain root privileges on compromised mobile devices, and Hiddad, malware which repackages legitimate apps for distribution in third-party stores and is used to bombard the victim with adverts.
Researchers warn that as users move towards using mobile devices over laptops and computers, attackers will continue to increasingly target smartphone users. Not only do the devices contain vast amounts of data, users will often regard security as more of an afterthought than they do with their home or office computer.
“Users need to protect their devices with a holistic solution that blocks malware and network attacks, and prevents data leakage and credentials theft, without affecting the user experience,” said Horowitz.