Blog

Our mobile devices are now the keys to our communication, finances, and social lives, making them lucrative targets for cybercriminals. Whether you use a Google Android or Apple iOS smartphone, threat actors are constantly evolving their tactics to break into them. 

This includes everything from basic spam and malicious links sent over social media to malware capable of spying on you, compromising your banking apps, or deploying ransomware on your device. Your handset is always at risk of being exploited. Here’s what to look out for:

Phishing and Smishing

Phishing occurs when attackers send you fake and fraudulent messages. Cybercriminals attempt to lure you into sharing personal information, clicking malicious links, downloading and unwittingly executing malware on your device, or handing over your account details for a bank, PayPal, social network, email, and more.

Mobile devices are subject to phishing through every avenue PCs are, including email and social network messages. However, mobile devices are also vulnerable to smishing, which are phishing attempts sent over SMS texts. It doesn’t matter if you are using an Android or an iOS device, to cybercriminals, all mobile devices are created equally. 

Your best defense: Don’t click on links or attachments in emails or text messages unless you can be 100% they’re legit. Verify the senders, rotate passwords regularly, and use anti-phishing protection add ons.

Physical Security

Many of us forget an essential security measure: physically securing our mobile devices. It’s important to use a PIN, pattern, authentication app, security key, or a biometric check such as a fingerprint or retina scan to protect your device so it’s not vulnerable to tampering. 

Your best defense: At the minimum, lock down your phone with a strong password or PIN number, so if it ends up in the wrong hands, your data and accounts can’t be accessed. We also recommend using the other methods of protection listed above for the best defences.

SIM Hijacking

SIM hijacking, also known as SIM swapping or SIM porting, is the abuse of a legitimate service offered by telecom firms when customers need to switch their SIM and telephone numbers between operators or handsets.

Usually, a customer would call their telecom provider and request a switch. An attacker, however, will use social engineering and the personal details they discover about you, including your name, physical address, and contact details, to assume your identity and dupe customer service representatives into giving them control of your number. 

In successful attacks, a cybercriminal will be able to redirect your phone calls and texts to a handset they own. Importantly, this also means any two-factor authentication (2FA) codes used to protect your email, social media, and banking accounts, among others, will also end up in their hands. 

SIM hijacking usually is a targeted attack as it takes data collection and physical effort to pull off. However, when successful, they can be disastrous for your privacy and the security of your online accounts. 

Your best defense: Protect your data through an array of cybersecurity best practices so it can’t be used against you via social engineering. Consider asking your telecom provider to add a “Do not port” note to your file.

Nuisanceware and Cryptocurrency Miners

Your mobile device is also at risk of nuisanceware,malware found in apps (more commonly in the Android ecosystem in comparison to iOS) which makes your handset act annoyingly. This malicious software will force the device to either make calls or send messages to premium numbers. 

This is usually not dangerous but still irritating and a drain on your power, nuisanceware may show you pop-up adverts, interrupt your tasks with promotions or survey requests, or open up pages in your mobile browser without permission. 

Nuisanceware apps may contain hidden functions that will covertly sign you up to premium, paid services, send texts, or make calls and while you end up paying for these ‘services,’ the attacker gets paid. Some apps may quietly steal your device’s computing resources to mine for cryptocurrency as well. 

Your best defense: Only download apps from legitimate app stores, read the app reviews, and carefully evaluate what permissions you’re allowing them to have. 

Open Wi-Fi

Open and unsecured Wi-Fi hotspots are everywhere, from hotel rooms to coffee shops. They are intended to be a customer service, but their open nature also opens them up to attack.

Specifically, your handset or PC could become susceptible to Man-in-The-Middle (MiTM) attacks through open Wi-Fi connections. An attacker will intercept the communication flow between your handset and browser, stealing your information, pushing malware payloads, and potentially allowing your device to be hijacked.

You also come across ‘honeypot’ Wi-Fi hotspots every so often. These are open Wi-Fi hotspots created by cybercriminals, disguised as legitimate and free spots, for the sole purpose of performing MiTM.

Your best defense: Avoid using public Wi-Fi altogether and use mobile networks instead. If you must connect to them, at least consider using a virtual private network (VPN). 

Surveillance, Spyware, and Stalkerware

Surveillanceware, spyware, and stalkerware come in various forms. Spyware is often generic and will be used by cyber attackers to steal sensitive information like credentials and financial details. However, surveillanceware and stalkerware are normally more personal and targeted. For example, in the case of domestic abuse, a partner may install surveillance software on the device to keep track of contacts, phone calls, GPS location, etc. 

Your best defense: An antivirus scan should take care of generic spyware, and while there’s no magic bullet for surveillanceware or stalkerware, you should watch out for any suspicious or unusual behavior on your device. If you think you are being monitored, put your physical safety above all else. Check out this guide for how to find and remove stalkerware from your phone.

Ransomware

Ransomware can impact mobile devices as well as PCs. Ransomware encrypts files and directories, locking you out of your device. Cybercriminals then demand a ransom payment for decryption, commonly in cryptocurrency, through a blackmail landing page, but even then decryption is not guaranteed. Cryptolocker and Koler are prime examples. 

Ransomware is often found in third-party apps, malicious links, or deployed as a payload on malicious websites. For example, you may see a pop-up request to download an app disguised as legitimate, if downloaded your handset can be encrypted in minutes. 

Your best defense: Keep your phone up-to-date with the latest firmware, your Android or iOS handset’s fundamental security protections on, and don’t download anything from sources outside official repositories. Click here to learn more about the growing threat of ransomware.

Trojans, Financial Malware

There are countless mobile malware variants, but Google and Apple’s fundamental protections stop many in their tracks. However, out of the malware families, you should be aware of, trojans top the list. Trojans are forms of malware that are developed with data theft and financial gains in mind. Mobile variants include EventBot, MaliBot,XCodeGhost, and Drinik.

Most of the time, users download the malware themselves, since it seems like an innocent and legitimate app or service. Once the trojan landed on your handset, attackers overlay a banking app’s window and steal the credentials you submit, allowing an attacker to pillage your bank account. Some variants may also intercept 2FA verification codes.

Your best defense: Keep your phone up-to-date with the latest firmware, your Android or iOS handset’s fundamental security protections on, and don’t download apps from sources outside official repositories. If you suspect your phone has been compromised, stop using financial apps, cut off your internet connection, and both run a personal check and antivirus scan.

Mobile Device Management Exploits

Mobile Device Management (MDM) solutions are enterprise-grade tools suited for the workforce. MDM features can include secure channels for employees to access corporate resources and software, spreading a company’s network security solutions and scans to each endpoint device, and blocking malicious links and websites. 

However, if the central MDM solution is infiltrated or otherwise compromised, each mobile endpoint device is also at risk of data left, surveillance, or hijacking.

Your best defense: The nature of MDM solutions takes control out of the hands of end users. Therefore, you can’t protect against MDM compromise. What you can do, however, is maintain basic security hygiene on your device, make sure it is up-to-date, and keep your personal apps and information off work devices.

How To Physically Protect Your Device

Your lock screen is the gateway to your device, data, photos, private documents, and apps. Keeping it secure is paramount. 

On Android, consider these settings:

• Screen lock type: Swipe, pattern, PIN, password, and biometric checks using fingerprints or your face
• Smart lock: Keeps your phone unlocked when it is with you, and you can decide what situations are considered safe
• Auto factory resets: Automatically wipes your phone after 15 incorrect attempts to unlock
• Notifications: Select what notifications show up and what content is displayed, even when your phone is locked
• Lockdown mode: From Android 9.0, lockdown mode can be enabled 
• Find my Device: Find, lock, or erase your lost device

On iOS devices, check out: 

• Passcode: set a passcode to unlock your device
• Face ID, Touch ID: Biometrics can be used to unlock your device, use apps, and make payments
• Find my iPhone: Find, track, and block your lost iPhone
• Lockdown mode: Apple previewed its own version of lockdown mode in July. Dubbed “extreme” protection for a small pool of users, the upcoming feature will provide improved security for malicious links and connections, as well as wired connections when an iPhone is locked. 

The Symptoms Of A Malware Infection

If you notice your Android or iOS device is not behaving normally, you may have been infected by malware or be otherwise compromised. 

Things to watch out for are:

• Battery life drain: Batteries degrade over time, especially if you don’t let your handset run flat every so often or you are constantly running high-power mobile apps. However, if your handset is suddenly hot and losing power exceptionally quickly, this could signify malicious apps and software burning up your resources. 
• Unexpected behavior: If your smartphone is behaving differently and you’ve recently installed new apps or services, this could indicate that all is not well. 
• Unknown apps: Software that suddenly appears on your device, especially if you have allowed the installation of apps from unidentified developers or have a jailbroken smartphone, could be malware or surveillance apps that have been installed without your knowledge or consent. 
• Browser changes: Browser hijacking, changes to a different search engine, web page pop-ups, and ending up on pages you didn’t mean to could all be a sign of malicious software tampering with your device and data.
• Unexpected bills: Premium number scams and services are operated by threat actors to generate fraudulent income. If you have unexpected charges, calls, or texts to premium numbers, this could mean you are a victim of these threats. 
• Service disruption: SIM hijacking is a severe threat. This is normally a targeted attack with a particular goal, such as stealing your cryptocurrency or accessing your online bank account. The first sign of attack is that your phone service suddenly cuts off, which indicates your telephone number has been transferred elsewhere. A lack of signal, no ability to call, or a warning that you are limited to emergency calls only can indicate a SIM swap has taken place. Furthermore, you may see account reset notifications on email or alerts that a new device has been added to your existing services.

What To Do If Your Device Is Compromised

If you suspect your Android or IOS device has been infected with malware or otherwise compromised, you should take urgent action to protect your privacy and security.

Consider these steps below:

• Run a malware scan: You should ensure your handset is up-to-date with the latest operating system and firmware, as updates usually include patches for security vulnerabilities that can be exploited in attacks or malware distribution. Google and Apple offer security protection for users, but it wouldn’t hurt to download a dedicated antivirus app. Options include Avast, Bitdefender, and Norton. Even if you stick to the free versions of these apps, it’s far better than nothing. 
• Delete suspicious apps: Deleting strange apps isn’t foolproof, but any apps you don’t recognize or use should be removed. In the cases of nuisanceware, for example, deleting the app can be enough to restore your handset to normal. You should also avoid downloading apps from third-party developers outside of Google Play and the Apple Store that you do not trust.
• Revisit permissions: From time to time, you should check the permission levels of apps on your mobile device. If they appear to be far too extensive for the app’s functions or utilities, consider revoking them or deleting the app entirely. Keep in mind that some developers, especially in the Android ecosystem, will offer helpful utilities and apps in Google Play only to turn them malicious down the line.
• Tighten up communication channels: You should never use open, public Wi-Fi networks. Instead, stick to mobile networks; if you don’t need them, turn off Bluetooth, GPS, and any other features that could broadcast your data. 
• Premium service dialers: If you’ve had unexpected bills, go through your apps and delete anything suspicious. You can also call your telecom provider and ask them to block premium numbers and SMS messages. 
• Ransomware: There are several options if you have unfortunately become the victim of mobile ransomware and cannot access your device. Click here to see our blog “9 Steps For Responding To A Ransomware Attack”

Depending on what ransomware variant is on your handset, you can try using a decryption tool listed by the No More Ransom project, they offer 136 free decryption tools for 165 variants of ransomware. You can also provide information to Crypto Sheriff, and researchers will try and find out what type of malware you’re dealing with for free.

Our cybersecurity services will help protect you from ransomware, malware, hackers, viruses and all other security threats. We true-up your security holes, make your systems more reliable, and secure all commercial and personal data. We share the same goal, ensuring your network is truly secure.

It’s so important that your businesses crucial cybersecurity expenses get the budget they deserve so you can stay up, stay running, and stay protected. Empower your IT with us today!