As the world becomes increasingly mobile, criminals are prioritizing their scams to target smartphone and tablets users more than ever before. Our recent McAfee Labs Threats Report: Fourth Quarter 2013 identified 3.73 million total pieces of mobile malware in 2013, and an astounding 197% increase of total samples from the end of the previous year. While mobile malware is not new, there are some dangerous variations now targeting users on multiple operating systems. Mobile malware comes in all shapes and sizes, but some of the newer iterations are coming in the form of malicious mobile advertisements and sneaky, data collecting apps.
Below, we discuss some of the recent mobile malware trends targeting both Android and iOS device users.
Mobile malware in advertisements
Malware can find its way onto your mobile device through a variety of methods, but a new study revealed that advertisements were now the main conduit for malicious content. Mobile ads accompany a significant amount of content, and whether you find them annoying or amusing, cybercriminals have turned their attention toward using them to spread malware to unsuspecting users. What makes these “malvertisements” so dangerous is the fact that they are often delivered through legitimate ad networks and may not appear outright spammy, but can contain Trojans or lead to malicious websites when clicked on. An innocuous banner ad promoting vitamin supplements may seem harmless, but it could be luring you into unsuspectingly downloading malware onto your mobile device.
Malicious mobile ads behave just like other phishing schemes, setting a well-cloaked trap that tricks users into putting their devices and personal data in danger. While Android is still the most targeted by dangerous mobile ads, iOS devices are also susceptible to infection. To protect your smartphone and tablet from the perils of these so called “malvertisements,” always avoid clicking on ads when browsing the web or using apps, no matter how enticing the deal. Additionally, keep your browser and operating system up to date and always check for suspicious looking URLs in the event you do follow an ad to a suspicious appearing website.
While mobile devices running on iOS are still relatively safe from the majority of mobile threats, the risks to users are beginning to increase. One of the most recent incidents centered around a coding error in Apple’s iOS and OSX operating systems that weakened basic security features protecting user data from hackers. Apple issued a patch to fix the issue, served through the iOS version 7.0.6 and OS X version 10.9.2 updates.
However, a new possible ‘keylogger’ flaw has been discovered that could allow hackers to see everything you do on your iPhone. A keylogger, or keystroke logger, is software that tracks the keystrokes performed on your computer or mobile device—usually with the intent to steal account information, credit card numbers, and other private data. Security researchers claim that a flaw in the way certain apps run while in the background, can be utilized to monitor what you type onto the touchscreen. Conversely, while this flaw is definitely concerning, it would require advanced hacking skills to exploit and hasn’t been recorded in action yet.
In the meantime, the best way to protect your Apple devices and information from a potential keylogger threat is to frequently turn off any apps running in the background, in addition to avoiding public Wi-Fi networks and having security software installed on your device.
Choose your Android apps wisely
It is still early in 2014, but recent reports are already showing an alarming prevalence of threats targeting the Google operating system. Android devices still hold market share over competitors like iOS and Windows, which explains one reason criminals still favor these devices.
More often than not, these threats are delivered through bad mobile apps, masquerading as something authentic. The majority of these treacherous apps can be found on less-than-reputable third-party app stores, which reiterates the importance of sticking to legitimate providers like the Google Play and Amazon App stores. Aside from outright malicious apps, our recent McAfee Mobile Security Report: February 2014 also discovered that many normal apps are collecting and sharing too much user information. Not surprisingly, the link between the worst over-sharing offenders and malware was pretty clear, with malicious apps often tracking the most sensitive data.
It can seem like there is a never-ending stream of threats targeting mobile devices, but through user awareness and security, we can successfully weather the storm. Keep your mobile devices and personal information safe with tools like McAfee® Mobile Security, free for Android and iOS.