Cybercriminals looking to have a greater return focus their efforts on organizations and use a variety of tactics to infect the maximum number of corporate device with their malware variants.
1. Infected applications
Compromised applications are the most common delivery system used by hackers to transfer malware to users’ devices. Malware operators will usually choose popular apps to repackage or infect, increasing the likelihood that victims will download their rogue version. Sometimes, however, they will come up with brand new applications.
Infected applications are usually found on third-party app stores. These online stores tend to set their acceptance bars lower than, for instance, on Google Play or the App Store, making it simpler for cybercriminals to post malicious apps. However, there have been multiple instances of malicious apps being uncovered and removed from the official app stores, such as the purge of 250 fake iOS apps from the App Store in 2015, but not before they’ve been downloaded thousands (and sometimes millions) of times by innocent users.
2. Malvertising
Malvertising is the practice of inserting malware into legitimate online ad networks to target a broad spectrum of end users. The ads appear to be perfectly normal and appear on a wide range of apps and web pages.
Once the user clicks on the ad, his or her device is immediately infected with the malware. Some more aggressive malvertisements for example, take up the entire screen of the device while the user is browsing the web. Faced with this situation, many users’ first response will be to touch the screen, triggering the malicious download.
3. Scams
Scams are common tools used by hackers to infect mobile devices with malware. They rely on a user being redirected to a malicious web page, either through a web redirect or pop-up screen. In more targeted cases, a link to the infected page is sent directly to an individual in an email or text message.
Once the user is taken to the infected site, the code within the page automatically triggers the malicious software download. The website is usually disguised to look legitimate in order to get users to accept the file onto their devices.
4. Direct to device
Possibly the most James Bond-esque infection method, direct to device, dictates that the hacker must actually touch the phone in order to install the malware. Usually, this involves plugging the device into a computer and directly downloading the malicious software onto it (also known as sideloading).
As far-fetched as it may sound, many high profile attacks occur this way. Small groups of hackers have been known to carry out extremely targeted attacks on high profile individuals, infecting phones when they leave them unattended.
Types of mobile malware
While malware on Android hasn’t quite reached the same scale as desktop malware, more mobile-specific malware designed to attack smartphone features and vulnerabilities are emerging.
Mobile malware on Android phones, or any devices for that matter, can be broken out into no fewer than seven main types. The important thing to remember about these categories is that many malware variants don’t fall into just one of them. When referring to a category, experts are referring to the malware’s primary functionality.
As hackers get more intelligent, malware variants have started to advance, and many now perform more than one function.
A variant, for example, could be considered a trojan while also falling into the category of ransomware. A malware that roots a device (rooting malware) could also steal bank credentials (banker malware).
Here are some of the most popular types of mobile malware today:
Adware – shows frequent ads to a user in the form of pop-ups, sometimes leading to the unintended redirection of users to web pages or applications
Banker malware – attempts to steal users’ bank credentials without their knowledge
Ransomware – demands money from users and, in exchange, promises to release either the files or the functionality of the devices being ‘held hostage’
Rooting malware – ‘roots’ the device, essentially unlocking the operating system and obtaining escalated privileges
SMS malware – manipulates devices to send and intercept text messages resulting in SMS charges. The user is usually not aware of the activity
Spyware – monitors and records information about users’ actions on their devices without their knowledge or permission
Trojan – hides itself within a piece of seemingly innocent, legitimate software