Meet The Hackers: A Series On Mobile Malware

Over the past year, every company in the world has experienced a mobile malware attack.

Mobile malware has become a major concern for both consumers and organizations worldwide. Although much has been written about which mobile malwares are prevalent and how the different variants operate, it’s critical to understand why attackers choose to target mobile devices in the first place.

To answer this question, we must begin with reviewing the different actors who create and operate mobile malware.

Meet the Hackers

In general, there are four types of mobile malware creators.

The first, and most sophisticated, are the state-level developers who create malware with the purpose of reconnaissance, such as the CIA tools found in the Vault 7 leak.

Similar to the state-level developers, the second group is more focused on espionage, with developers who create malware with espionage capabilities for governments and organizations around the globe. The NSO Group – the cyberarms organization behind the Pegasus malware – is a prime example, with the Mexican government as an alleged client.

The third group focuses on personal spyware that masquerades as ‘parental control’ tools, usually private users seeking to monitor other personal devices.

And finally, but definitely not least, we have the “normal” cyber-criminals that develop “ordinary malware”, seeking to make a dishonest dollar.

The different groups aren’t necessarily mutually exclusive, and many connections can be drawn between similarities in their tactics, technologies, and even entire pieces of code.

The major distinctions between these groups lies in their motives, and we can infer that when we analyze their attacks. While state-level malware and other spyware are developed for reconnaissance and therefore must operate discretely in order to evade detection, revenue-generating malware (such as ransomware) often announce their presence.

So Why Go Mobile?

The mobile platform offers a particularly ripe opportunity for malware developers seeking espionage and/or profits.

The simplest reason that draws threat actors to mobile devices is ease. Most mobile users do not protect their mobile device or upgrade their operating system to apply security patches. Most people lock their doors at night and buy anti-virus for their computers, but it’s not as common to apply those same habits to their smartphones. With such a simple target for the attacker, they often don’t need much more than primitive techniques in order to gain access to the device.

With 2.1 billion mobile device users, a quarter of which owning more than one device, the second advantage for targeting mobile devices is the wide attack surface. Whether it’s to generate fraudulent ad revenue or for a DDoS attack, mobile malware relies on large numbers of infected devices executing some form of mechanism. The sheer economy of scale offered by mobile devices is incredibly appealing to cybercriminals.

In addition, a phone number isn’t considered heavily confidential information, allowing espionage groups to easily track down a potential victim’s phone number. With this information, they can pinpoint the device in order conduct phishing scams against the user, allowing for incredibly efficient intelligence-gathering operations.

And finally, an infected mobile device has the potential to cause much more damage than an infected PC. For example, mobile banking malware can use their access to incoming calls and SMS messages to circumvent Two-Factor-Authentication security solutions. Another example: infected mobile devices are ultimate spying weapon, as users carry their cell phones – with an exploitable microphone and camera – everywhere they go, allowing threat actors to constantly record the victim without their knowledge.

Main Takeaways and Next Steps:

The mobile arena holds grave potential for professional hackers and criminals alike. They are easy to exploit, unprotected, provide the perfect surface for both surgical and mass attacks, and grant threat actors with capabilities they could only previously dream of. As a result, these characteristics make mobile malware not only very much a current problem but also threatens to become an even larger one in the future.

With the industry’s highest threat catch rate, SandBlast Mobile offers advanced threat protection against all types of mobile malware attacks.

This is the first part of a series on mobile malware – stay tuned next Monday for our piece on mobile crypto-miners.