Mobile Malware Definition
Mobile malware is malicious software specifically designed to target mobile devices, such as smartphones and tablets, with the goal of gaining access to private data.
Although mobile malware is not currently as pervasive as malware that attacks traditional workstations, it’s a growing threat because many companies now allow employees to access corporate networks using their personal devices, potentially bringing unknown threats into the environment.
Recent years have seen many Android mobile security issues, but Apple isn’t immune to mobile data security malware either.
Types of Mobile Malware
Cybercriminals use various tactics to infect mobile devices. If you’re focused on improving your mobile malware protection, it’s important to understand the different types of mobile malware threats. Here are some of the most common types:
- Remote Access Tools (RATs) offer extensive access to data from infected victim devices and are often used for intelligence collection. RATs can typically access information such as installed applications, call history, address books, web browsing history, and sms data. RATs may also be used to send SMS messages, enable device cameras, and log GPS data.
- Bank trojans are often disguised as legitimate applications and seek to compromise users who conduct their banking business — including money transfers and bill payments — from their mobile devices. This type of trojan aims to steal financial login and password details.
- Ransomware is a type of malware used to lock out a user from their device and demand a “ransom” payment — usually in untraceable Bitcoin. Once the victim pays the ransom, access codes are provided to allow them to unlock their mobile device.
- Cryptomining Malware enables attackers to covertly execute calculations on a victim’s device – allowing them to generate cryptocurrency. Cryptomining is often conducted through Trojan code that is hidden in legitimate-looking apps.
- Advertising Click Fraud is a type of malware that allows an attacker to hijack a device to generate income through fake ad clicks.
CrowdCast:
Mobile Malware Threat Landscape
Tune in with CrowdStrike experts as they explore the mobile threat landscape and expose malicious adversaries and their tradecraft.
Download ReportMobile Malware Distribution Methods
The personal devices that employees use for work create unguarded endpoints in the corporate environment. While employees using their own devices can lower costs and improve efficiency and effectiveness, it also creates security concerns for the company network and the data stored on it. One breach through a personal device can potentially lead to widespread infection and a catastrophic large-scale data loss.
There are a few common ways that attackers rely on to distribute to distribute their malicious code:
1. Mobile Phishing and Spoofing
Phishing is the practice of tricking someone into providing their valuable account or personal information – often through spoofing. Spoofing is the practice of disguising electronic communication or websites as a trusted entity of the victim. While spoofing and phishing often go hand in hand, spoofing can be used for other nefarious goals beyond phishing for account information. For example, a spoofed email may try to convince the recipient to click a malicious.
Kurt Baker is the senior director of product marketing for Falcon Intelligence at CrowdStrike. He has over 25 years of experience in senior leadership positions, specializing in emerging software companies. He has expertise in cyber threat intelligence, security analytics, security management and advanced threat protection. Prior to joining CrowdStrike, Baker worked in technical roles at Tripwire and had co-founded startups in markets ranging from enterprise security solutions to mobile devices. He holds a bachelor of arts degree from the University of Washington and is now based in Boston, Massachusetts.
