Mobile Malware: When Your Phone Becomes Their Prey

Mobile Malware: When Your Phone Becomes Their Prey

You’ve been online long enough to know the deal: viruses are serious business. It’s been ages since you opened a sketchy email attachment, but malware still pervades your life. You had to help Mom remove a nasty Trojan last week, and your city’s government is still reeling from that ransomware attack earlier this year.

“Thank goodness,” you think, “I’ve got my computer on lockdown. Daily antivirus scans, always-on firewall, high-powered ad-blockers… I’ve got nothing to worry about.”

Then you pull your phone out of your pocket and fire up your web browser. It’s painfully slow, even though you just got this phone a few months ago. And your notification bar is, once again, filled with spammy ads.

You’ve been annoyed by these things for a while now, but they’ve been easy enough to deal with. You just swipe away the ads and reboot when things get too sluggish. But you’ve yet to address the root cause: mobile malware.

Yes, malware developers are now capitalizing on the proliferation of mobile devices. They go everywhere with you, and they’re filled with valuable data. Basically, they’re a dream come true for data thieves and cybercriminals.

The most alarming part? Because mobile antivirus programs are still relatively uncommon, you could be infected without even knowing it.

So what, exactly, is bogging down your phone and putting your data at risk? And what can you do to make it stop?

We’ve got the answers to all your mobile malware questions. Read on and learn how to protect your portable devices from the newest generation of digital threats.

What Is Mobile Malware?

What is mobile malware?

If you’ve ever used a computer, you’re probably familiar with malicious software, or malware for short. The name really says it all: malware is software that harms you instead of helping you. There are many subtypes of malware, including worms, Trojans, adware, spyware and cryptocurrency miners.

The potential effects of malware range from irritating to devastating. You could be bombarded with ads or unwanted browser toolbars. Or your entire hard drive could be encrypted until you pay a large ransom to retrieve your data.

Mobile malware is malware that’s aimed at phones and tablets rather than computers. The different hardware and OSes inherent to these devices necessitate specialized attacks. These often utilize apps as their means of deployment, though they may also use emails, websites and networks.

Cybersecurity firm Kaspersky found that mobile malware attacks doubled from 2017 to 2018. Despite this, the number of unique malware files decreased over the same time period. This indicates that mobile malware is becoming much more sophisticated – and thus, much more dangerous.

Is Mobile Malware Legal?

With so many malware developers out there, one can’t help but wonder: is mobile malware legal?

The answer is a resounding “no!” In the USA, the federal Computer Fraud and Abuse Act prohibits the transmission of code with “intent to cause damage.” This includes code intended for mobile devices as well as traditional computers, servers and networks.

Though mobile malware is illegal, its creators are rarely prosecuted. They tend to hide behind many layers of protection and anonymity, including proxies and encryption, and frequently reside internationally. This makes it difficult to identify and locate them, much less bring them to justice.

Where Can You Find Mobile Malware?

Mobile malware has so many vectors of transmission that it’s nearly impossible to avoid them all. Your everyday browsing activity could be dangerous in and of itself. But awareness of the ways that mobile malware spreads is key to protecting yourself from it.

Apps

iOS app store

The iOS App Store and Google Play Store are godsends for malware developers. It’s all too easy for a user to blindly trust any and all apps on these stores. After all, why would Google or Apple approve them if they were dangerous?

But approval doesn’t mean endorsement, and it’s surprisingly common for malicious apps to slip through the cracks. Apps that are downloaded from outside the official stores are even riskier to install. Without any vetting, these apps could contain just about anything.

Some malicious apps may have obvious detrimental effects. They could slow your phone down, cause it to overheat, or spam you with ads. But others are far more subtle in their mechanisms.

Apps laden with spyware, for instance, may monitor your taps and swipes to steal login credentials. Or they could steal your contacts, texts, and location logs to sell for profit. Others may enlist your computer in a botnet to spread the malware or mine cryptocurrency.

Websites and Ads

You don’t have to download an app to be vulnerable to mobile malware. Sometimes, merely opening your web browser will do the trick. As with traditional computers, mobile devices can be infected with malware from websites and ads.

Some websites are designed to distribute malware right from the get-go. But even trusted websites can be hacked and laden with malware via vulnerabilities in CMS platforms like WordPress. Malicious ads can also appear on trusted sites through no fault of the site owner.

Websites can run many types of code that can be used for malicious purposes. Malware can be executed in Javascript or installed via codecs or other plugins. Amazingly, it can even be embedded in JPG images.

Much of the malware found on websites and in ads relies on browser exploits. These security vulnerabilities are common with mobile browsers as well as desktop browsers. By taking advantage of these holes, malware can easily make its way from a website to your private data.

Text Messages

Text messages

Phishing is nothing new, but you may be surprised at how much it’s evolved over the years. For starters, phishers have switched their focus from emails to text messages. Phony texts purporting to be from your bank or phone provider are everywhere these days.

But even if you know not to reply to these messages, you could still be at risk. SMS and MMS messages can contain malicious code that automatically executes itself as soon as the message is received. You don’t necessarily even need to open the message to become infected.

Other malware plays dirty by sending texts to everyone in your contacts. These texts contain links to an app or site that appears to be recommended by you. The link actually leads to more malware, which then propagates itself with your friends’ contacts.

Which OSes Are Vulnerable to Mobile Malware?

People like to think that some OSes are immune to malware. For years, you’d hear Apple fans rave about how “Macs don’t get viruses.” And even today, many people still believe that mobile OSes can’t be infected.

But the truth is, no OS is safe. Windows may be the most targeted OS, but macOS and even Linux have their own vulnerabilities. And just about every mobile OS is at risk in one way or another.

However, there is a sharp discrepancy between Android and iOS malware infection rates. Why is that – and who comes out on top?

Android

Android

Android is the world’s most popular mobile OS, running on over 76% of mobile devices worldwide. In some countries, it’s almost got a monopoly: nearly 94% of smartphones in Indonesia run Android. In India, 92.5% of smartphones run Android; in China, the world’s most populated country, that figure sits at 79.4%.

With over 2.5 billion active Android devices around the world, it’s no wonder that malware developers have taken interest. 47% of all mobile malware attacks are directed at Android, with a total of over 20 million different variants.

Using Android is far more dangerous in some countries than in others. A Kaspersky analysis found that in Pakistan, 37.5% of Android users were attacked by mobile malware in the first three months of 2019. Other at-risk countries included Indonesia (17%) and India (21.5%), the two countries with the highest Android market share.

Why is Android so vulnerable to malware? It’s largely due to the inconsistency of Android updates.

Google releases new Android updates fairly regularly, but it’s up to device manufacturers to roll them out. Some manufacturers release new updates in a timely manner, but others drag their feet. And since Android updates are necessary to patch exploits, users are vulnerable until they get each new update.

Though Google requires manufacturers to update all devices for at least two years, that rule wasn’t always in place. And many phones remain perfectly functional after the updates stop coming, so they’ll never be patched. Only 32% of Android devices run the latest version of the OS; the remaining 68% are at a much higher risk of being infected.

iOS

iOS

Apple’s mobile OS runs on around 22.5% of devices worldwide. While that’s significantly lower than Android’s market share, iOS has the upper hand in many of the world’s wealthier countries.

In the USA, iOS runs on 59.5% of all mobile devices, the highest percentage in the world. Japan comes in second with 59%, Australia third with nearly 57% and Denmark fourth with just over 54.5%.

But despite its smaller market share, iOS appears to have the upper hand when it comes to avoiding malware. Less than 1% of all mobile malware attacks are targeted at iOS. And over the years, hackers have found far fewer exploits in iOS than in Android.

There are three main reasons for iOS’s low malware infection rate. The first is Apple’s thorough and strict app vetting process, which prevents most malicious apps from reaching the App Store. Second is the locked-down architecture of iOS, which is much more difficult to hack or exploit.

The third reason is, of course, updates.

Apple has been criticized for how pushy it is with its iOS updates, but that pushiness serves a purpose. By updating iOS devices so forcefully, Apple ensures that as many devices as possible receive the latest patches. And since Apple is the only manufacturer of iOS devices, there’s no middleman to slow the updates down.

An analysis conducted by Android Police revealed that iPhones and iPads receive updates for an average of 50 months after release. Android Nexus devices, which receive updates directly from Google, are supported for an average of 31 months.

That’s over a year and a half less protection for Android. And a year and a half is more than enough time for new mobile malware and other exploits to surface. As frustrating as iOS’s update process can be, it’s a very good thing for security.

What Are the Different Types of Mobile Malware?

Mobile malware comes in many different flavors. From in-your-face threats to behind-the-scenes danger, here’s a breakdown of the most common malware varieties.

Trojans

Trojans

You know the deal with the original Trojan horse: a gift that’s actually a threat in disguise. Modern folks probably wouldn’t fall for a big wooden horse, but they fall for digital Trojans every day.

A Trojan is defined as a piece of malware that requires activation by the victim. Since nobody would do so if they knew what it was, the Trojan must assume a disguise. It can take the form of an app, a link or even a downloaded PDF or DOC file.

Once you activate a Trojan, its malicious code is unleashed. Depending on the nature of the attack, the effects could be immediately obvious or completely unnoticeable.

Some Trojans target device functionality, inducing overheating or causing your phone to crash. Others seek out various pieces of data, such as passwords or banking information. Many also utilize your contacts list to ensnare new victims.

Mobile banking Trojans are especially prevalent on Android devices. These often mimic real mobile banking apps by stealing names, logos, and descriptions. But once you enter your login credentials, the app stops functioning – it’s already gotten what it wanted.

Spyware

Spyware spreads in the same ways as Trojans do: it hides in files, apps and links. Once you allow it onto your device, it begins conducting its dirty deeds.

But spyware takes a more passive approach to cyber attacks than Trojans do. Rather than performing undesired tasks, it lurks in the background and silently steals your data.

Some spyware works as a keylogger, recording your taps in order to obtain the characters you type. Everything from text messages to passwords is sent to the hacker. Your personal communications, as well as your online accounts, are thus put at risk.

Other types of spyware comb through your phone for valuable data. This includes your contacts, emails, texts, notes, calendars, photos, and even location data. The data can then be used to extort you or simply sold to advertisers or other data brokers.

Ransomware

Mobile ransomware, unlike other types of mobile malware, impacts American users disproportionately. 1.5% of mobile users in the USA were impacted by ransomware in Q1 2019. And it’s only fitting that the world’s richest nation is the target of the most financially-focused malware.

Ransomware spreads through many means. Some use SMS links or ads, while others use legitimate-looking apps. However you catch it, the end result is the same: your phone becomes unusable until you pay the malware creator.

The requested amount varies but is generally between $100 and $1,000. Often, the monetary demands are accompanied by warnings that your data will be permanently deleted unless you pay. Sometimes this is an empty threat, but other times your data can never be decrypted even if you do pay up.

Many ransomware variants present you with fake notices from government agencies like the NSA or FBI. The fear that such threats instill can cause over 10% of victims to hand over the money.

Cryptocurrency Miners

Cryptocurrency miners

A relatively new breed of mobile malware, cryptocurrency miners can do real damage in unexpected ways. As phones become more powerful, they become more viable targets for crypto-mining malware. Once limited to desktops and laptops, crypto miners have officially made it to phones and tablets as well.

Bitcoin and other cryptocurrencies can be “mined” using a device’s processor, graphics card, and other resources. The amount that one device can mine is minuscule, but with many machines working in tandem, the story changes. So crypto-mining malware attempts to infect as many devices as possible and puts them to work.

Any cryptocurrency that your device mines goes to the malware creator’s crypto wallet. You won’t see a penny of it, but you will see other effects of such intensive computing. The mining process will consume all your RAM, hog all your processing power and drain your battery.

Physical damage is possible as well. Running at full capacity for extended periods of time can cause your phone to overheat. This could melt internal components or even start a fire, destroying much more than just your phone.

Crypto-mining malware is most commonly found in innocuous-looking apps. These range from VPN apps to games to sports apps. However, infected apps are difficult to identify as the actual mining program is small and well-hidden.

What Are Examples of Recent Mobile Malware Threats?

ADB.Miner virus

Asacub

Perhaps the most prolific Android banking Trojan around, Asacub started out as spyware in 2015. But it’s gotten a facelift in recent years and now targets patrons of one of Russia’s largest banks.

Hundreds of thousands of users have had funds stolen by Asacub. Infection begins by downloading an “image” received via SMS that’s actually an executable app file. Once installed, Asacub demands administrator rights and exploits the banking app’s SMS money transfer feature.

The shadiest part? Asacub prevents the user from opening their banking app and checking their balances.

Over 1 million users were affected by Asacub in 2018; most were located in Russia. But users in other countries, including Germany and the USA, have also been targeted. Asacub has also targeted other banks in the past, and may do so again in the future.

ADB.Miner

This crypto-mining malware exploits the Android Debug Bridge (ADB), a command-line tool for developers. It enters your device via an open ADB port and analyzes your system. Then it downloads and installs the appropriate Monero mining program under your nose.

If possible, ADB.Miner spreads to other devices that connect to the infected phone via SSH. It then deletes all downloaded files from the original victim to avoid detection. All the while, it’s consuming your phone’s resources and converting them into cash for its creator.

It’s not yet clear how many people have been impacted by ADB.Miner, nor how much its creator has made. However, if this past summer’s Monero spike is any indication, ADB.Miner could be one of the most profitable exploits of 2019.

Svpeng

Svpeng has been around since 2013, but it’s still going strong in 2019. This ransomware locks your phone and, purporting to be the FBI, accuses you of possessing pornography. It then demands that you pay $200 in order to unlock your phone.

In its first 30 days of existence, Svpeng infected over 900,000 phones. Nearly 29% of mobile ransomware attacks in Q1 2019 were perpetrated by Svpeng. Though it’s not known how many users paid up, even a tiny fraction of the total would mean big money for the creator.

How Do You Know if You’re Infected with Mobile Malware?

Mobile malware can be sneaky, so how do you know if you’re infected with it? There’s no surefire way to catch every threat, but there are a few telltale signs to look out for.

Increased Data Usage

If you’ve been running out of data more quickly than normal, malware may be to blame. Constant ads eat up a lot of bandwidth, as does constant “phoning home” to the malware developer. The malware may be uploading your photos or even recording your screen as well.

Decreased Battery Life

Decreased battery life

Battery life can drop for many different reasons – age, heavy usage, high temperatures, and even out-of-date apps. But if you’ve noticed a sudden inexplicable drop, you could be infected with malware. Cryptocurrency miners, in particular, are notorious for killing your battery life due to high resource usage.

Strange Apps

Should you ever see an app on your phone that you didn’t install, don’t open it! Unexplained apps can install themselves alongside other apps or entirely behind your back. Opening them puts you at risk of activating a Trojan or other malware.

Unexplained Ads and Notifications

Getting weird pop-up ads and random spammy notifications? Chances are you’ve got some malware on your phone. The creator hopes to trick you into opening one and generating click revenue.

How Can You Protect Yourself from Mobile Malware?

The best way to protect yourself from malware is to never get it in the first place. A few simple preventative measures are all you need to avoid mobile malware.

Take Care when Rooting or Jailbreaking

Rooting an Android device or jailbreaking an iOS device gives you access to many useful features. But it also opens up many new ways for an attacker to invade your phone. With administrator privileges already enabled, it’s much easier for malware to infect you.

Don’t root or jailbreak your device unless you know what you’re doing. You’ll need to take extra security precautions if you choose to do so anyway. If you’re already rooted or jailbroken, be very careful when granting permissions to new apps.

Use a Mobile Antivirus App

Antivirus software is no longer just for computers. Mobile phones now have their own full-featured antivirus suites from the biggest cybersecurity companies. These apps scan files and sites for malware, with some providing extras like firewalls and anti-theft features.

On Android, try Avast Mobile Security, Sophos Free Antivirus or AhnLab V3 Mobile Security. If you’re using iOS, try Trend Micro Mobile Security or Avira Mobile Security.

Stay Away from Third-Party App Stores

Third-party app stores make all kinds of promises – apps you can’t find on the official store, paid apps for free, all that jazz. But very few of them perform any kind of vetting on the apps they offer. A 2016 study (PDF link) found malicious code in one in five apps on three third-party app stores.

You never know what you’re getting when you use a third-party app store. The Google Play Store isn’t perfect, either, but it does remove offending apps quickly. It also scans apps for certain types of malicious code before approving them for download.

Try a VPN

VPN works

A virtual private network, or VPN, allows you to easily boost your data security and privacy. It encrypts all of your web traffic, preventing hackers from stealing the data contained within. You can also mask your IP address with one from a new city or country, reducing your trackability.

Some VPNs even come with malware and ad blockers for an extra layer of protection. If that sounds up your alley, we recommend NordVPN, Private Internet Access and CyberGhost.

How Do You Remove Mobile Malware?

Prevention is nice, but what if you’ve already got mobile malware? Depending on the exact type you have (as well as your budget), you’ve got quite a few options. We recommend trying the free options first and then, if they fail, shelling out some cash for a fix.

Free Mobile Malware Removal

Reboot into Safe Mode

Putting your device into safe mode will help to limit the damage the malware can do. Every phone is different, but on most Android phones, you can hold the power button for a few seconds. Then tap and hold on “Power Off” and select “Reboot into Safe Mode.”

Uninstall Any Bad Apps

One bad app spoils the whole bunch, so head to your Settings and uninstall all non-trusted apps. But before doing this, do a quick web search and see if you can identify the malware. Some mobile malware, particularly ransomware, can cause even more damage if it’s uninstalled in the usual manner.

Install and Run a Free Antivirus App

If uninstalling apps doesn’t do the trick, try installing one – specifically, an antivirus app. Let it run a scan and see if it detects anything. If it does, let the program remove it, and you’re all set!

We recommended several free antivirus apps in the previous section. But be aware that some antivirus apps limit their full features to paid users. The free scan you get may not be as thorough or in-depth as it could be.

Get a Paid Antivirus App

Sometimes you really do get what you pay for. At least, that’s often the case with mobile antivirus apps. Upgrading from paid to free can net you some features that just might save your phone.

The most important feature is an in-depth malware scan. Mobile malware tends to sink its teeth in deep, affecting system files that aren’t covered by a quick scan. Removing the entire malware package is essential, so get an antivirus that scans absolutely everything on your device.

Go to a Professional

Professional mobile repair

If antivirus programs can’t remove your malware, you’ll need to seek professional help. Look for a repair shop or technician that specializes in virus removal, security or data recovery.

Before you hand your phone over, though, back up any important data – there’s a chance you may not get it back. Depending on the severity of the infection, the technician may have to wipe your data.

Summary: Mobile malware bombards you with ads, steals your data and even extorts you for money. Found in apps, websites and even texts, it’s more common than you think.

Privacy Angel Comment Policy

We welcome relevant, respectful comments.
Scroll to Top