There are an estimate of five billion mobile users worldwide as of 2017. So far they proved to be a tempting target for malicious artists who recently have ramped up the number and the sophistication of their attacks.
Experts in the field such as giant cyber-security companies like McAafee and Kasperski consider 2018 to be the riskiest year so far for mobile users. Recent report by McAafee highlights that if mobile malwares continue on their current growth trajectory, their authors could easily reach revenues in the billion-dollar range by 2020.
So, here is what you need to know about the dark side of your phone and what you can do about it.
Mobile apps have a dirty little secret
Apps are among the most vulnerable spots for mobile users, giving a vast land of opportunity for malicious hackers to prove their talent.
According to McAafee’s research the number of threats in the Google Play store increased by an impressive 30% just last year, making even the official app store a risky marketplace. So, have that in mind next time you’re browsing for a cool game or step tracker. It is still much better though to always use the official stores than trusting third party providers.
Some malicious apps, for example, are intentionally disguised as existing legitimate apps, tricking nothing suspecting users to download the malware. Once installed, the malware loads its own interface which is specifically built to steal any credentials entered. This is why it is so important to always download apps from the official stores or access them for a first time from a link on the company’s official website, blog or social media channel.
Malicious apps can also lure you into installing them by sending you a fake update through targeted email and sms phishing. You should know that most legitimate apps, including the iCard digital wallet, will never send you an app update link or ask you for confirmation of personal information in an email or sms.
One malicious app that is gaining popularity these days and is worth knowing about is the Mobile Banking Trojan. This type of malware is specifically designed to mimic existing mobile banking apps and to steal money directly from people’s accounts.
Main target for the mobile banking trojan are the mobile apps of large and well known banks, as well as apps related to cryptocurrency.
One of the most sophisticated mobile banking trojan, to this day, is the LokiBot malware. It can encrypt files on your phone or even completely lock you out from your device. McAafee researchers report that the LokiBot has targeted more than 100 banks around the world and is estimated to has generated close to $2 million in revenue just from selling “do it yourself kits” on the dark web.
Loki is able to automatically send and reply to sms messages to all of the infected phone contacts. That’s a useful feature to spread and infect new users.
One of the trickiest functions of Loki is the ability to mimic and send notifications from other installed apps on the infected phone. You can receive a notification, for example, that you just got money to your bank account. When you tap on the notification, Loki loads its own phishing interface and is ready to collect that juicy bank login information.
On a side note — please don’t get the impression that these malwares could only affect your phone. Malicious hackers use the same phishing techniques to successfully break into your banking accounts through your desktop.
You should always be careful when installing a new app or desktop software, when receiving and following links in emails or sms messages. Of course you should always use a trusted malware protection program, including on your phone.
When it comes to apps you can add an additional layer of protection by spending an extra minute to examine the app before downloading it. Trust me, it’s worth it. Here is what to do to minimize the risk of app infections:
- Always install new applications from trusted sources such as the official app store. Search the store for the app or follow a link from the official website, blog or social media channel of the company.
- Check if the permissions requested by the app are adequate for the app tasks.
- Use a trusted malware protection program on your phone
- Avoid clicking on links from suspicious emails
- Always update your phone software and apps when a new version is available
- Avoid rooting or jailbreaking your device
So, what is rooting?
More than anything, rooting is a trend that is recklessly used by people in order to get their hands on some “added benefits”, otherwise restricted to average mobile users.
Here are some of the perks it gives you:
- an extreme customization of almost anything on your phone
- extended battery life and added performance
- Installation of any app you want
- and more…
It does sound tempting doesn’t it? Let’s see what exactly is rooting of your Аndroid phone though (or jailbreaking, as it’s called for iOS devices). Most importantly, let’s point out why it is so dangerous to do it.
In its essence, rooting is a process to give you root access to the Android operating system and make any modifications you wish through coding or installing third party apps with root access. Doing this to your phone is more accessible than ever. There are plenty of services and apps offering to do it for you. You can have your phone rooted in 15 minutes or less.
So, why is this a NO-NO?
Simple, it turns your phone to a giant, flashy, red light spot screaming to all sort of malware authors — “Hey, I am here, and I am naked!”
First of all, rooting intervenes with updating your software. I will speak more on why is that important in a minute. Second, if not protected by a robust malware program chances of worms, spyware or trojans taking over your system and acting behind your back grow exponentially! Not only that but you also become a target of malicious apps making system changes on the root level and you will never know!
Speaking of malicious apps brings me back to the previous topic of carefully examining anything before you allow it on your phone and here is one more example WHY.
In 2017, Kaspersky Lab discovered a new piece of rooting malware for Android. It was distributed on the Google Play Store as a cool puzzle game called “Colourblock” with over 50,000 downloads (before they shut it down). Once you download that “game” on your phone, it quickly does its job of rooting your device. Without you ever knowing it happened! Once it gains root access, the app connects your phone to the attacker’s own server, giving out full access and control of your phone and data.
As a financial institution, the iCard digital wallet has a built in security feature designed to protect you from such brutal attacks…or from your own ignorance.
Our system will detect if your phone is rooted/jailbreaked and when you open iCard on your phone, you will see a system message to call us instead of the login screen. This will protect you from exposing sensitive financial information to the attackers and will also make you aware (if your phone was rooted without your knowledge), so that you can take further action to protect yourself.
Update, update, update!
Not a good time to be lazy or reckless when it comes to operating system and even app updates. Don’t be fooled you don’t need to update because you are a Mac or iPhone user and that means you are safe by default. In fact, system updates fix serious security issues and are a big deal. For example, an iOS release in the summer of 2017 fixed a major vulnerability that used to let hackers remotely control phones having a Broadcom Wi-Fi chips inside — which is most of the phones.
Once the update is released, everyone in the entire world know that there is a hole and what exactly it is. If you haven’t updated and patched your system your device becomes a prime target for attackers.
Don’t underestimate how important it is to keep your apps up to date too. Anything that works online such as your apps could be vulnerable. Making sure you have the latest fixes installed is an important step of keeping your phone safe. Both Android and iOS devices have an “auto-update apps” setting, so you don’t have an excuse not to do it!
One important such security fix that iCard released was the “rooted phone block tool” that i mentioned above. This is a very important update as well, designed to protect our users’ financial information.
Hope you found this information useful and that you will incorporate some of the important points we made!
Check out our next story: How Fake Websites Can Trick Even The Savvy Online Shoppers
If you haven’t installed iCard yet, don’t wait any longer! Get it on the Google Play or the Apple store.
