Most people are aware that computer viruses are bad news. We install antivirus software, update operating systems, download patches and do everything we can to avoid inadvertently downloading harmful code that can do everything from steal our passwords to gain access to our bank accounts to rendering the hard drive useless.
Yet few people take the same precautions with their mobile devices. They download apps from wherever without considering security, use unsecured networks to send sensitive data and fail to secure devices properly when not in use. Given that the threat of mobile malware has increased exponentially over the last two years, and cyber criminals are becoming highly adept at hiding malware in apps that appear to be harmless, it seems that users need to begin paying attention to this very real threat.
And perhaps it is the newest type of mobile malware that could finally convince consumers that they need to protect their mobile devices with the same level of care that they put into their PCs.
Somebody’s Watching Me
Cyber security experts have long known that the malware that infects PCs can be passed on to mobile devices, especially Windows-based mobile devices. Since as far back as 2006, researchers have known of Trojans that could pass from a PC to a mobile device when the device was connected via USB to the computer. In another more recent discovery, PC-based malware was designed to install on mobile devices and launch a sequence designed to trick users into downloading a fake banking application so hackers could steal login credentials.
However, until recently, it seemed that mobile-specific malware was limited to infecting mobile devices. Even if the infected device was connected to a PC, the malware stayed where it was and did not have any effect on the computer.
That appears to be changing though, and there is now evidence of malicious applications that have the ability to infect PCs — and in fact appear to be designed to do just that. In early 2013, researchers discovered an application that promised to improve the performance of mobile devices by cleaning up memory. In fact, though, the SuperClean app, contained a Trojan that not only stole data from the phone and send premium SMS messages, it also installed malware on any PC that the device was connected to. That malware launched the computer’s microphones, essentially turning it into a listening device that allowed the hackers to capture all conversations taking place near the computer. This information could then be used to launch sophisticated spearphishing attacks to gather more sensitive data.
The SuperClean app was discovered and contained before it infected devices on a large scale, but it did bring to light a potentially serious issue in the world of cyber security. If hackers were able to develop such malware once, it’s reasonable to expect that they can do it again.
Protecting Your Devices
The good news is that mobile apps designed to infect PCs are still rare, and employing best practices for protecting your devices will go a long way toward protecting you from data breaches. More specifically:
- Install virus protection on every computer, especially your work PC and keep it up-to-date to block infections in real time.
- Install mobile malware protection to block malicious applications.
- Disable AutoRun on your PC to avoid launching malware as soon as your mobile device is connected to the PC.
- Update your operating system regularly. It might be inconvenient to close your programs and reboot the computer while you are in the middle of working, but it will be more inconvenient to recover from a malware infection. Cyber criminals try to exploit vulnerabilities in operating systems, so keeping yours up-to-date helps keep you protected against such attacks.
- Follow best practices when downloading new applications. Learn the signs of potentially harmful apps — few reviews, updates or installs, unfamiliar developer, no developer contact information — and skip apps that aren’t up to snuff. Only download apps from trusted sources, like the Google Play Store or iTunes, or directly from a company, like your bank.
- Learn to recognize phishing attacks, and never respond to emails or text messages purporting to be your bank that direct you to download a new app or share your log-in credentials.
As the problem of mobile malware grows, and cyber criminals become more sophisticated, it’s becoming more important than ever for users to be vigilant and understand the new threats. Understand that all of your devices are connected, and that you need to protect everything, and you should be able to avoid a serious breach.
This information has been provided as a guest post.