The Banking Trojan in Your Pocket (or, Why Your Smartphone is Way Less Secure Than you Think it is)

We’re betting you love your smartphone. It’s okay if you do, because you’re in good company. Really good company. In fact, according to a recent Pew Research Study, Americans love their smartphones so much that the usage of other internet-ready devices like tablets and laptops is beginning to wain, with the average American checking his or her smartphone a whopping 75-85 times a day. What’s more, people use their phones on average 17 times a day to check their social media accounts, give or take a few. And perhaps most eye opening of all, the participants in the study felt that they were looking at their smartphones less than half the actual amount that they really did.

We are in deep and we don’t even know it.  

But you know who does know that we are totally, mindlessly obsessed with our phones? You know who is just loving the fact that you give nary a thought when it comes to downloading apps and that you never install updates? You know who feels a surge of glee that you don’t care worth a rat’s tail if you shop on unsecured websites from your mobile?

Hackers, that’s who.

If you thought that malware only affects computers like PCs and a Mac here and there, think again. Mobile malware is a huge issue and it’s only getting worse. In a study conducted by G-Data, new variants of Android malware are being found every eleven seconds. Got that? A new kind of Android malware is born every. Eleven. Seconds.

At this rate, according to some expert estimates, the occurrence of mobile malware is set to eclipse PC-based malware within just a few years.

With these scary statistics (and you thought sitting through Statistics 101 was scary – real life statistics are much, much scarier) in mind, let’s take a look at some trending mobile malware so you can get your head out of the sand and begin to take your mobile digital security seriously.

Triada

Known as perhaps the most sophisticated mobile trojan to date, Triada began making rounds in early March 2016. This particularly advanced malware is spread through mobile malvertising and installs a backdoor on to the victim’s device and though it seems that it was developed with the intention of accessing financial information, its modular capabilities mean that whoever is controlling it remotely can continue to extend its functionality and can access all processes on the host device. Yikers.

Triada can affect anyone running Android 4.4.4 and earlier and according to security Giant Kaspersky, who located the threat, if you find your phone is infected you might as well chuck it. According to researcher Nikita Buchka “Once Triada is on a device, it penetrates almost all the running processes, and continues to exist in the memory only. In addition, all separately running Trojan processes are hidden from the user and other applications. As a result, it is extremely difficult for the user and antivirus solutions to detect and remove the Trojan”.

Yup, it’s that bad.

Malware in Google Play store  

It doesn’t take a genius to figure out that downloading apps from third-party stores is a big time no-no. This is because these stores have weak, or no regulations for the apps they accept. This is why people who care about their security stay as far away as possible from them and get their apps at the official Google Play app store. In theory, at least Google’s own store is safe because each app is checked and verified to be malware-free.

Alas, as we have seen time and time again, not all the offerings on Google Play are what they say they are. Some harbor malware along with other evil executables and some dupe users into signing away their privacy through confusing Terms of Service that read like a Statistics 101 textbook (we told you it would be scary). Just two weeks ago it was discovered that over 190 variations of malware-filled apps were hanging around Google Play. The infected apps, all of which were useless garbage like dream-deciphering apps and horoscope readers, were part of a rogue affiliate ads scheme, bombarding victims with ads and forcing them to download other malicious apps.

The apps were taken down from the store but in the last two days, two new app-baddies were discovered. Early this week, researchers from CheckPoint Security discovered that the app “Viking Jump” and some other games such as “Parrot Copter” and “Memory Booster”, collectively known as Viking Horde, execute functions that attach the said device to an existing botnet to carry out DDoS attacks and to become part of click-fraud ad campaigns. At one time Viking Jump was a top downloaded app in some markets but as of recent, it and all of its rogue buddies have fallen in downloads because of their low trust ratings. Google has since removed the apps.

Then just yesterday a new malicious app called “Black Jack Free” was discovered by researchers at Lookout Security. The app, that has over 5000 downloads, steals financial information and reads SMS messages. Google uses a system called VerifyApps to check all incoming apps to the store and it’s generally able to catch something quite so glaring as a banking trojan but in this case it missed it. According to Christoph Hebeisen at Lookout,  “What this Trojan shows is that people, even when behaving sensibly and only downloading apps only from Google Play, can still get hit by malware.”

Mobile Ransomware

Yes, that same scourge that’s after your PC is also after your mobile. As we predicted, mobile ransomware is a real and growing problem, and just like its PC-based counterpart in crime, it’s constantly evolving to evade detection.

For a moment, turn your thoughts back to the Google Play store – The beauty of a system like VerifyApps is that it really does route out the big nasties like ransomware. Turns out though, this just forces the baddies to up their game and become more creative in their quest to get you to download their infected offerings. So hackers employ some pretty simple scareware tactics like this – you come across an ad while browsing, which poses as a legit anti-virus or anti-malware product, displaying a message that your device is at risk. If you click on the ad, it will redirect you to a fake Google Play store where you download the “anti-virus” program, which by the way, if you haven’t figured it out yet… is your brand spankin’ new ransomware.

Other variants, such as Dogspectus enter devices via vulnerabilities in smartphones running older operating systems. And Cyber Police trojan enters smartphones via infected ads in drive by download attacks on devices running outdated operating systems. Cyber Police isn’t actually as advanced as its PC-based counterparts, in that it demands payment in iTunes gift cards and it doesn’t actually encrypt information, it just blocks users from performing any actions until a fee is paid.

All this said, your device can be kept safe and secure by following some smart security tips:

1 – Set up a password, lock screen pattern or 4-digit pin number on your smartphone. To do this go to security —> screen security—-> screen lock option. Then you can decide what kind of security measure you want to use to open your phone. Sure, it’s a bit of a drag to open it each time but if you ever leave it on the table in Starbucks or anywhere else, you’ll be so relieved its locked.

2 –  Install a “locate my phone” app or set up Android Device Manager which is built into Androids. This will help you locate it quickly when you do leave it on that table in Starbucks.

3 – Only use The Google Play store or if you are on an iPhone, the official App Store to download apps. It’s just not worth the risk of doing otherwise.

4 – Install updates – Just like we are always banging into your heads regarding  your PC, you MUST keep your software up to date if you want to avoid vulnerabilities. To find out if your phone needs any updates to be installed, go to settings —> about device —> system update/software update. It will let you know if there are any updates that need to be installed and if there are, install them asap, following the instructions provided.

5 – Avoid the temptation to jailbreak your phone. Jailbreaking is the process of removing OS restrictions in order to customize a device. This may sound cool, but it opens that device up to tons of threats including malware and nukes your warranty, so don’t do it.

This all just goes to show that your mobile security should be just as important as your PC security. Developing and incorporating smart habits on both platforms is the real key to maintaining a comprehensive digital security game plan.

 

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s