How to Address Mobile Threats
In our last post “October is Cybersecurity Awareness Month, and You Need to Be Aware of the Threats to Your Mobile Device”, we informed you that October is Cybersecurity Awareness Month and we discussed five cyber threats to your mobile device. To that end, we will continue to make you aware of threats to your mobile devices and how to address those threats over the next two posts to discuss considerations specifically for Android users. For information on other mobile devices, click here.
Android Users Dominate Worldwide
Why are we focusing specifically on Android users with these next two posts? It’s simple – nearly three out of four mobile device users worldwide are using Android devices. According to Statista, as of June 2021, Android maintained its position as the leading mobile operating system worldwide in June 2021, controlling the mobile OS market with a 72.84 percent share, while Apple’s iOS is a distant second with 26.34 percent of the market. So, there are almost three times as many Android users as there are iOS users in the world.
If you’re an Android user, that’s good for you, right? Well, not necessarily. If you recall our Willie Sutton bank robbery analogy from the last post, cyber criminals direct their attention where the traffic is and, more and more, that is through mobile devices – and most of those devices are Android devices, so your devices are targeted probably more than any other type of device there is (mobile or otherwise).
This article indicates that Android is also more “interesting” to cybercriminals than iOS and Android’s malware problems are more prevalent than iOS due to its open platform, making it considerably easier for hackers to target victims.
Five Recent Android Malware Attacks You Need to Know
With that in mind, let’s take a look at five recent Android malware attacks you need to be aware of:
Tanglebot: This new form of Android malware is being spread via text messages with the aim of luring victims into clicking a malicious link, and inadvertently allowing cyber criminals to gain full control of the device to steal personal information and bank details. The initial lures came in the form of Short Message Services (SMS) messages masquerading as information about Covid-19 vaccination appointments and regulations, more recent efforts have falsely claimed local power outages are about to occur.
Flubot: This malware is currently trying to trick its victims into infecting themselves with the help of fake security updates warning them of Flubot infections, actually telling users “Your device is infected with the FluBot® malware.” Yes, they actually added a registered trademark symbol to the message.
GriftHorse: This malware was delivered using over 200 trojanized Android applications delivered through Google’s official Play Store and third-party app stores. It has reportedly infected more than 10 million Android devices from over 70 countries and likely stole hundreds of millions of dollars from its victims by tricking them into subscribing to paid services without their knowledge.
Drinik: Sends an SMS containing a link to a phishing website, which is used to capture a user’s mobile banking credentials, as well as their SMS and call logs to identify other users to attack. Customers of more than 27 Indian banks including major public and private sector banks have already been targeted by the attackers using this malware.
SOVA: Meaning “owl” in Russian, SOVA is under active development, and it’s looking to incorporate distributed denial of service (DDoS), man in the middle (MiTM) and ransomware functionality into its arsenal – on top of existing banking overlay, notification manipulation and keylogging services. Believe it or not, the malware’s roadmap is actually laid out in underground forum posts advertising its availability for testing!
While these five malware instances are recent, new malware is being created all the time, so there is a never-ending influx of new threats to be aware of. In addition, many existing malware applications are continually changing how they are deployed and how they trick users into providing information to maximize their success to either avoid detection or evolve as the use of the devices evolve. As a result, there are literally thousands of cyber threats out there to Android devices! How’s that for additional awareness?
Next time, we’ll discuss considerations for determining whether your Android device has already been compromised. Many Android users are walking around every day with compromised devices, and they don’t even realize it.
For more information about Forensic Discovery’s Mobile Compromise Assessment service, click here.