Three Threats Targeting Your Mobile Security

ChatMail   |   March 15, 2023

image by traimakivan @envato

Three Threats Targeting Your Mobile Security

Mobile phones are powerful business essentials that have surpassed computers as the preferred communications tool, but they can compromise your privacy and security. Statistics show 97% of companies have faced cyber threats and malware attacks on mobile devices. These mobile threats are mainly due to web reputation risks, where users unwittingly try to access malicious websites or compromised apps.

The three most detrimental vectors are:

  1. Phishing messages designed to steal credentials (52%)
  2. Command and control traffic from malware on a device (25%)
  3. Browsing infected websites or URLs (23%)

Phishing Attacks Are Increasingly Accurate at Hitting Their Mark

Spear phishing is highly targeted, effective, and difficult to prevent. Hackers exploit this passive attack vector to either install malware on the devices of specific victims or steal sensitive information like financial information or account access details from their targets. Research is typically conducted on the victim's social media accounts to glean personal information and details from their data footprint.

Attackers then impersonate others, usually a friend or colleague, via email or instant messaging tools to obtain access to the information they seek. Spear phishing is often used in advanced persistent threats, a sophisticated, sustained cyberattack in which an intruder establishes an undetected presence in a network to steal sensitive data over a prolonged period.

Recently an Activision staff member fell prey to a smishing attack – or short message service phishing – which is conducted via text or direct messaging. The hacker is reported to have gained access to a Slack account of an HR employee. Breached data included a release calendar of upcoming games; however, no source code or customer data was taken. According to Insider Gaming, “Employee information obtained includes full names, corporate emails and phone numbers, job opening offer amounts, places of work, and more.”

C&C Attacks Target One to Affect Many

A command and control attack is an active vector exploit, in which the criminal attempts to alter a system or affect its operation. Also known as C2 or C&C, this type of attack occurs after a threat actor infiltrates a system and installs malware. This lets the hacker send commands from a C2 server to take control of the infected device.

According to the Cybersecurity and Infrastructure Security Agency, CISA, “Many users may consider mobile phone security to be less important than the security of their PCs, but the consequences of attacks on mobile phones can be just as severe. Malicious software can make a mobile phone a member of a network of devices that can be controlled by an attacker (a “botnet”). Malicious software can also send device information to attackers and perform other harmful commands. Mobile phones can also circulate viruses to PCs that they are connected to.”

A C&C attack starts with methods of social engineering like phishing or diverting web browsing searches to fake ads, malicious websites, as well as unscrupulous browser plug-ins and apps. Once a user clicks on a link or downloads the compromised software, malware is injected into the system. Although 98% of malware targets Android, there has been a 165% increase in attacks on the Apple Store in the last year.

Domain Name Servers are like the contact directory for the internet, connecting the IP address of web servers with websites. DNS data shows one in 10 organizations have malware traffic on their networks. Research into malicious C2 traffic found it was an important component of modern cyber threats like ransomware. The attack traffic often passes through DNS. “C2 can be used to facilitate an attack in progress, to download the next-stage malware and other payloads, and to establish backdoor access.”

“A significant amount of attack traffic in home networks can be correlated with mobile malware and Internet of Things botnets.” One of the most prominent botnets with C2 traffic affecting home users is FluBot, an Android malware distributed by SMS. It infects the victim’s mobile device to steal banking information. An outbreak of FluBot malware was detected in Europe, Latin America, and Asia. The dangerous Android trojan used DNS-over-HTTPS for obfuscation. By using DoH tunnelling, it was difficult to detect due to encryption. The tunnel lets the hacker run the exploit as well as extract data and/or other sensitive information.

The FluBot was sent in text or voice messages asking users to download a tracking app for a delivery service like DHL or FedEx. Or it may be sent through a fake security update saying your device has been infected with the FluBot® spyware, trying to get a user to react with fear to click on the link – which then installs the payload.

The malware was able to obtain access to the infected device's services and then upload the user's contact lists to a C&C center. Messages containing links to the FluBot malware were then sent to these numbers, perpetuating the attack on new unsuspecting targets.

An international operation of law enforcement, led by Europol in 2022, managed to take control of this aggressively expanding global cyber campaign. FluBot malware can be difficult to detect. If you think an app may be malware, reset the phone to factory settings. There are two ways to tell whether an app may be malware:

  • If you tap an app and it doesn’t open
  • If you try to uninstall an app and are instead shown an error message

Browsing Web Sites is Like Navigating a Minefield

The number one threat to mobile security is a tie, with the risk of exposure due to apps or web browsing to an infected site. It is estimated 12.8 million websites worldwide are compromised.

High-risk URLs are classified by the following categories: botnets, keyloggers and monitoring, malware sites, phishing, proxy avoidance and anonymizers, spam, spyware, and adware.

In 2022, SonicWall discovered 465,501 previously unknown malware variants with its patented system for detection – a daily average of 1,279. “This increase was enough to push the all-time number of never-before-seen malware variants detected past the 1 million mark.”

Accessing the internet from a handheld device is convenient and since web browsing is more accessible from a phone than a computer, it’s no surprise most traffic to malicious sites was from a mobile device. Statista reports almost 60% of global website traffic came from mobile devices in Q4 2022.

The Aim Is Being Undectable

Business culture continues to support remote workers and cyber attackers keep exploiting their vulnerabilities. They are sophisticated and persistent. It’s not like throwing a dart in the dark, they are on point with their purpose.

Wouldn’t you want to prevent malicious actors from gaining access to your phone, messages, and data? Privacy-conscious businesses and individuals need full control over their mobile communications.

A De-Googled, hardened device with custom encrypted applications is the best way to secure your data and ensure your privacy.

Trustworthy companies prove their encryption. Contact us to request a live ChatMail data extraction demonstration for your enterprise organization.

ChatMail®. Engineered for Security. Designed for Privacy.