How to Protect Yourself From Mobile Malware
By: Donovan Tan, Cybersecurity Researcher
In the earlier parts of the series, we shared about the numerous types of mobile malware (Part 1) and their lifecycle (delivery, installation (Part 2), and exploitation (Part3)).
Up until this point, you might be seriously questioning the security of mobile devices and why these mobile threat actors are not being stopped. However, the matter of fact is that mobile OS developers like Google ARE putting in the effort to combat such threats. Vulnerability fixes are constantly being rolled out, plugging security loopholes in their systems.
Then why do we still see reports of new or modified malware being distributed on the app store? The simple explanation would be the principle of easiest penetration. Many vulnerabilities, both known and unknown, exist in each system and bad actors can exploit any of these vulnerabilities to launch his attack. When mobile OS developers become aware of a vulnerability, they fix it immediately. However, when that happens, malicious actors will simply proceed to find the next vulnerability to exploit, leading to what can be a never-ending cat and mouse game.
Despite the presence of constant and evolving threats, however, mobile users can drastically reduce the chance of becoming victim to mobile malware via good cyber hygiene and operational security practices. Below are some tips that will help keep you and your device safe.
Download apps only from Official App Stores
Downloading cracked or modified applications from third-party stores might be enticing to some. However, due to the absence of stringent security checks, the chance of downloading a trojanized app or malware from these third-party stores is much higher than that of official app stores. Keep yourself safe by only downloading applications from official app stores such as Google Play for Android and Apple App Store for iOS.
Do not click on links sent by unknown or suspicious sources
As discussed earlier, social engineering and phishing attacks through social media or messenger apps is a common delivery technique used by malicious actors. As our parents warn us: “do not accept candies from strangers”. Likewise, we should never open links, especially suspicious or enticing looking ones, from people we do not know.
Religiously install OS updates
OS updates rolled out by mobile OS developers can contain security patches that resolve vulnerabilities and help protect your device against the latest threats. A simple act such as updating your OS can go a long way in ensuring the safety of your device.
Understand and check permissions requested by apps
When installing new applications, it is good practice to check the permissions requested by the app developer. A rule of thumb would be to always compare the promoted functionality of the application against its requested permissions. Is that game application you downloaded requesting for permission to read and write text messages? Or is that currency convertor app you downloaded asking for permission to access your microphone? If applications are requesting critical permissions that, based on the service they provide, make you clueless as to why it would require them, it would be best to deny these permissions, or better still, steer clear of these apps.
Interested to join Uppsala Security in security discussions? Speak to us here — https://forum.sentinelprotocol.io
