How Safe is Your Mobile Device?
By Donovan Tan, Cybersecurity Researcher
Psst… pssst… Half-awake, I reluctantly picked up my mobile phone, hitting the snooze button for the umpteenth time. I was never a morning person, and what’s more, we had a few rounds of drinks the previous night at my best friend’s bachelor party. He was getting hitched to his long-time girlfriend he met through the mobile dating app, Tinde — OH NO! IT’S ALREADY 9:30 AM! Realizing what time it was, I immediately jumped out of bed — I had to be at work by 10 AM for a meeting. I requested a GrabCar to my office in 10 minutes. While in the car, I paid my friend for last night’s drinks using PayNow (Singapore’s widely used peer-to-peer payment service), downloaded and sent a document I prepared for the meeting to my boss through iCloud and Slack, and placed a Food Panda order for a sandwich to be delivered after the meeting — all through my trusty(?) mobile phone.
With the advancement of mobile technology, along with the digitalization of economies and businesses, mobile phones today have become a gateway to a host of services integral to our modern life, both at work and play. The value of transactions made using mobile devices through existing and new services has been increasing. With mobile P2P payment systems for fiat and cryptocurrencies (albeit at a slower pace) gaining acceptance within mainstream society, it will only continue to rise.
This mobile phenomenon is worldwide and prevalent even in developing countries. In Kenya, mobile phone penetration stood at 80% in 2018, with 83% of these users utilizing revolutionary mobile payment services like MPesa[1]. According to Statista, the number of smartphone users stands at more than 3 billion in 2019 and is forecasted to continue rising by hundreds of millions over the next few years.
Undeniably, mobile phones bring more convenience to all of us, but it is precisely this increased reliance, value, and adoption that makes our phones an increasingly attractive target for cybercriminals. According to research done at Check Point, the number of cyberattacks targeting mobile devices has increased by 50% in the first half of 2019 as compared to the previous year, with a notable rise in the number of Android-related malware attacks.[2] In this four-part series, we will be exploring different types of mobile malware (Part 1), their lifecycle (delivery, installation (Part 2), and exploitation (Part 3)), and how to protect yourself against them (Part 4).
Part 1: Types of Mobile Malware
Malware is an umbrella term used to describe all malicious software in general. Malware comes in many different forms — spyware, adware, ransomware, trojans, and more. Different pieces of malware might share the same objectives, which, in many cases, involves financial gain. They may even use generic tricks and techniques (screen overlays, recordings, etc.), but what sets them apart would be the approach they use to achieve these objectives. In reality, malware can be packaged as a combination of its various forms. For example, a trojan might have spyware capabilities too. Let’s take a quick look at the more prevalent types of malware affecting the mobile landscape today.
Spyware
Spyware is a form of malware that can not only be used to secretly monitor a victim’s online cyber activity, but also steals personal information such as messages, passwords, and bank account numbers. Bad actors that might use them include cybercriminals looking to gain illegitimate access to bank accounts, state actors wanting to monitor persons of interest like dissidents, or even spouses trying to stalk their partner through spouse-ware, an increasingly popular variant of spyware.
An example of spyware would be Monokle, which was discovered by Lookout, a mobile security company[3]. According to them, Monokle targeted individuals residing in the Caucasus territory and those interested in the Syrian militant group Ahrar Al-Sham. It has capabilities to steal various types of data such as calendar information, passwords through screen recordings, and even record calls and environment audio.
Mobile Adware
Mobile Adware is malware that intrusively displays unwanted advertisements to generate ad revenue. Though not always malicious, these advertisements are nonetheless disruptive to users. Examples include full-screen advertisements upon starting up an application and layered advertisements as seen below. [4]
Source: https://news.sophos.com/en-us/2019/02/21/abusive-mobile-adware-aggressively-touts-more-adware/
Ransomware
In ransomware, malicious actors either prevent access to resources within a victim’s mobile device, or threaten their victims with fabricated evidence of their involvement in criminal activity. Thereafter, a demand will be made for ransom to be paid in exchange for returning access to such resources, or in the latter situation, the incriminating evidence to be destroyed. Partly due to its anonymity, the ransom is usually requested to be paid in cryptocurrency, wherein the bad actor will provide his unique cryptocurrency wallet address to the victim. After receiving the ransom, the actor will then need to convert the crypto to fiat through channels including crypto exchanges.
In most cases, victims of ransomware are advised to look for alternate solutions and professional help instead of paying the ransom, as there is no guarantee that the threat actor will uphold his side of the deal. However, in cases where victims do pay the ransom, solutions such as Uppsala Security’s Crypto Analysis Transaction Visualization (CATV) tool can be used by law enforcement agencies, victim organizations, or individuals to trace the paid ransom. If carried out in a timely fashion, this will provide the opportunity to freeze the criminal’s funds and recover the ransom when the criminal tries to cash out through crypto exchanges.
An example of mobile ransomware would be Rotexy. As seen below, a warning message from an organization identifying themselves as ‘FSB Internet Control’ is displayed by Rotexy. The message accuses the victim of watching prohibited videos and instructs the victim to pay a fine[5].
Source: Kaspersky (https://www.kaspersky.com/blog/rotexy-banker-blocker/24733/)
Trojans
Broadly speaking, trojans are malware packaged as pieces of legitimate-looking software. Trojans can come with various malware-capabilities hidden within them, resulting in its different forms such as spyware trojans, ransomware trojans, or banking trojans.
As we will read in Part 2, most mobile malware comes in the form of trojanized applications released on application stores.
Share with us your thoughts on the Uppsala Security Forum — https://forum.sentinelprotocol.io
— — — — — — — — — — — — — — — — — — — — — — — — — — — — — —
[1] https://www.pewresearch.org/global/2018/10/09/majorities-in-sub-saharan-africa-own-mobile-phones-but-smartphone-adoption-is-modest/
[2] https://www.zdnet.com/article/mobile-malware-attacks-are-booming-in-2019-these-are-the-most-common-threats/
[3] https://blog.lookout.com/monokle
[4] https://news.sophos.com/en-us/2019/02/21/abusive-mobile-adware-aggressively-touts-more-adware/
[5] https://www.kaspersky.com/blog/rotexy-banker-blocker/24733/
