According to research conducted by Proofpoint in early 2022, reported cases of attempted delivery of various types of malware specifically designed for smartphones has seen a significant rise. While this resurgence has been primarily seen across Europe, the globalization of information and communication means that cases of this nature are not limited by borders or oceans.
The continuing development of smartphone technology and its capabilities has resulted in more advanced malware packages that, while still targeting personal information and credentials, now goes about stealing it in creative, new ways.
How malware gets onto a phone
Traditionally, smartphone malware is delivered via a link in an SMS — known as "smishing" — which then navigates the user to a website, where a malicious payload is automatically installed on the device. A common format for these messages is fake missed delivery notifications, COVID-19 alerts and ominous messages regarding bank accounts. Alternatively, the link navigates to the app store and forces the installation of an app available there.
The malicious apps in the app store can also be downloaded directly should a user come across them. They commonly mimic popular games or trending app types, such as fitness trackers. The additional concern surrounding this type of "willing" installation is that the user may actively permit the app access to whole reams of phone features — even other apps — in the process of the installation.
This latter method is more common among Android users. The more open-source nature of the operating system means it is more lenient with the installation of third-party apps, and it's an easier process to make an app available to download from the Google Play Store than Apple's App Store. Apple remains very scrupulous about what is permitted on its App Store, so directly downloading pernicious malware from there is less likely — though historically it isn't unheard of, according to Wired.
The dangers of smartphone malware
One of the greatest threats posed by smartphone viruses is that they are still relatively new, especially to the general public. The prevalence of touchscreens has meant that users move quickly and somewhat complacently from one thing to another on their phones, a behavior that is exploited by bad actors when embedding links in text messages, images or moving advertising banners.
The software and operating systems on smartphones are designed to allow background-running, so programs can run behind-the-scenes while other functions and features are being used. This means that once installed, malware can take advantage of the cover provided by the layered operations to go about its business while the user remains unaware. Additionally, some payloads remain dormant, waiting until a user opens a certain app — this has been most commonly seen in relation to banking apps.
While still largely focused on extracting account credentials and user data, smartphone malware is now exploring other aspects of phone technology, with some variants recording telephone conversations, infiltrating media files and recording audio or video.
Protecting against smartphone malware
Due to the infancy of smartphone malware as a significant threat to users and businesses, the first course of action in protecting yourself and your organization against attack is education. Learning more about the types of malware being used — such as FluBot or TangleBot — will give you a better idea of the delivery methods to watch out for, as well as the telltale signs of a possible infection.
A deeper knowledge of phone malware and how it works may not be necessary for the average user or employee, but providing some training and guidance on what to look out for is always strongly recommended. Provide visual examples and concise descriptions of the threats these viruses present to staff; always emphasize that if in doubt, any potentially suspicious message or link should be highlighted to the suitable technical professionals and never clicked or opened. A "better safe than sorry" message is definitely the best way of approaching it.
Encourage users to utilize multi-factor authentication (MFA) wherever possible, as this can provide a fallback line of defense should credentials stored on a phone be compromised. The use of MFA is becoming more common across public-access technologies, including for multi-platform accounts, such as Google. As this continues to spread into basic usage it will be far easier for users to adopt these methods comfortably.
Installing dedicated security software will add layers of protection to your smartphone, with the potential to block and flag dangerous links before it's too late. Most phone security packages also contain scanning capabilities to allow you to run regular checks of your phone for any active malicious content. These types of software operate very similarly to the antivirus programs familiar to PC users, making it user-friendly enough for you to encourage staff to install and operate it themselves.
Here at the Inventu Corporation, we equip organizations of all sizes with a revolutionary web terminal emulation tool called Inventu Viewer+, a high performance emulation solution that is built with C at its core. Inventu Viewer+ supports SAML 2.0 and other identity technologies to enable securing your critical mainframe applications. This allows deployment of reliable and safe software using clean HTML and JavaScript hosted on secure Windows servers. All in all, the Inventu Viewer+ web terminal emulation meets employer and staff expectations in a way that feels both familiar and simple. Contact us today and see how Inventu can help you integrate your active terminal emulation with the best web identity frameworks available.
