The Growing Android Malware Threat
The use of mobile devices for business has grown rapidly in recent years. Companies have found that employees are more efficient and productive when permitted to work from the devices that they are most comfortable and familiar with. This has led to widespread adoption of bring your own device (BYOD) policies and corporate mobile devices.
The COVID-19 pandemic only accelerated the move to mobile devices. During the pandemic, keeping the business going meant allowing remote workers to access corporate resources from whatever devices they had available. As a result, mobile devices have access to enterprise assets and sensitive business data.
With this increased use of mobile devices comes greater interest from cybercriminals. The mobile endpoint has become a primary target for many advanced persistent threat (APT) groups that exploit the relatively lax security of mobile devices and their users to gain access to corporate resources. According to the 2021 Mobile Security Report, 97% of companies faced cyber threats targeting mobile devices.
Types of Android Malware
Most types of malware that target computers also can be applied to attacks against mobile devices. However, different types of malware are more common for attacks against mobile devices. According to the 2021 Mobile Security Report, some of the top mobile malware threats include:
- Banking Trojans: Banking trojans focus on access to bank accounts and other financial information. After gaining initial access to a mobile device, this malware will try to access and steal money from corporate or personal accounts.
- Remote Access Toolkits (RATs): RATs are designed to provide an attacker with remote control over an infected device. After installation, a RAT will allow a controller to send commands to the malware and receive responses back, enabling it to explore the information on the device and take further action based upon this information.
- Droppers: Dropper malware is designed to lay the groundwork for a follow-up attack. The dropper is designed to sneak past app approval processes and device security. Once installed, the dropper will install additional malware on the device, enabling more sophisticated and targeted attacks.
- Dialers: Premium dialer malware subscribes a mobile user to a premium telecommunications service. When the telco provider bills the user for this service, the money goes to the cybercriminal behind the malware.
- Clickers: Clickers are malware used in ad fraud. Once installed on a device, the malware browses to certain sites to create fake views of advertisements, which generates profit for the operator of these sites.
The Risks of Android Malware
Android malware can be used to achieve a variety of malicious purposes, including:
- Data Theft: Mobile devices contain a massive amount of sensitive information, including corporate data and personal photos, messages, videos, calls, etc. Malware installed on a mobile device can access and leak this data as well as potentially providing the attacker with real-time unauthorized access to the device’s microphone, camera, location, and other sensitive data.
- Financial Loss: Many Android malware variants target financial applications and websites accessed from mobile devices. If an attacker can gain access to a user’s financial data, they can drain money from their bank accounts or make purchases using their payment cards.
- Account Takeover: Android malware can be used to perform account takeover attacks in a few different ways. Compromised mobile applications could provide attackers access to users’ accounts, or a keylogger installed on a mobile device could capture usernames and passwords as a user authenticates to corporate or other online accounts.
- Spear Phishing: Access to a user’s mobile device and applications may allow an attacker to send messages on their behalf. This allows the attacker to target their contacts with realistic-looking spear-phishing attacks containing malicious content that originate from a legitimate and trusted user account.
- Ransomware: While most famous ransomware attacks have targeted traditional computers and industrial control systems (ICS), mobile devices can be infected and encrypted by ransomware as well. Once infected, the device and the data it contains may be inaccessible to the user unless the ransom is paid.
- Bot Activity: Mobile devices are a common target of malware designed to recruit compromised devices into an attacker’s botnet. Once infected, the compromised mobile device will be used to perform Distributed Denial of Service (DDoS) and other attacks.
How To Protect Against Android Malware
For many organizations, mobile device security has lagged behind that of traditional IT infrastructure. However, as mobile devices become a vital part of business operations, securing them, the data that they contain, and the systems that they have access to becomes a priority.
You’re welcome to schedule a free demo of Check Point’s Harmony Mobile to learn how to deploy comprehensive mobile threat defense and device protection against advanced threats to your organization’s mobile devices.