Data from ESET on malicious mobile applications shows that only 7% of reported incidents on mobile applications are caused by straightforward malware. A whopping 93% of mobile applications, based on reported incidents, contain hidden malicious activities which are less apparent to users. These could be applications that are heavily supported with pop-up ads, those that tweak the system without the user ‘s knowledge, or applications that track and monitor activities.
Juraj Malcho , chief research officer at ESET commented: “Mobile devices are very personal and consumers are using mobile for more sensitive tasks such as banking. As consumers spend more time on their connected devices, these are becoming a veritable goldmine of information that is very attractive for attackers. Not all malicious activity is obvious, and it is important for consumers to know how to protect their mobile devices and be vigilant as well. Remember that the biggest threat could be from a seemingly innocuous app working in the background.”
Mobile malware is software built for attacks on mobile devices and operating systems. There are various types of mobile malware and they are usually grouped according to their attack methods. Some of the more common ones include spyware, adware, trojans, viruses, phishing apps and botnets. Mobile malware can also be built for specific operating systems such as iOS or Android.
Malcho added: “Despite the common belief that the Apple iOS is more secure than Android, operating systems are largely similar in terms of security. The larger issue around centers around the security of apps downloaded from third-party stores, built-in security features, and the proper implementation of ongoing security processes.”
A large proportion of mobile security breaches occur as the result of misconfiguration and misuse of an app rather than technical attacks on mobile devices. In some cases, apps that we have downloaded can also retrieve private data from our devices without our knowledge.
A good example of this is WireLurker, a malware that affects Apple devices. WireLurker attacks Apple computers and detects iOS devices connected with a USB. It infects Apple mobile devices by downloading third-party applications onto the device and then stealing information.
There are many steps that can be taken including choosing strong passwords, using anti-virus programs, firewalls and anti-spyware programs.
Ensure that all programs, operating systems, and applications are kept up-to-date. This applies even to applications that you rarely use as it makes sure that all the latest security features and fixes are available on your device.
Strong passwords are your first line of defence. Use a mix of letters, numbers and symbols and don’t include personal information like birthdays or common words such as ‘password.’ In addition, change your password regularly so there is a limit to how long an attacker can use a stolen password.
Commenting on how users can enhance safety on mobile, Malcho added: “A second layer of protection can also be added on top of passwords using Two Factor Authentication (2FA). 2FA uses a separate device to generate an access token that acts as a one-time only password. By requiring access to a separate password, this makes an attack less feasible. While 2FA is a best practice amongst many industries, such as consumer banking, and has proven its value, it isn’t a fool proof system. So remember to stay vigilant even if you’re using a second layer of protection.”
Malcho also highlighted that security software can be an inexpensive option when it comes to securing your mobile devices. While it can be daunting to choose an effective product, there are some basic things that you should look out for such as ensuring the software is compatible with your operating system, and buying software with features that support the tasks for which the device is used.
It is also worth looking at test scores and/or certificates from testing agencies such as Virus Bulletin and AV-Comparatives. Any good security software should have been listed by most testing agencies. If you still can’t decide, remember that most programs provide a free trial for their products.
“While it may be time intensive to review each product, it will help you ensure that you’re making the most suitable choice,” said Malcho. “Cyberattacks are getting more and more sophisticated every day especially as technology becomes more complex. I can guarantee that no one will ever regret the effort made to put in place a robust security system for their connected devices.”