For many of us, our smartphones fulfill a variety roles – an avenue to contact friends and family, the main camera and Web browser we use, a gaming device, a handheld shopping cart, the list goes on and on. However, many users don't realize the risk that their top technological companion can pose to their sensitive personal information. In today's world of cyber threats, hackers are increasingly targeting mobile platforms and the veritable treasure trove of information connected to their users through mobile malware attacks.
Smartphone infections can affect a device in a number of ways, and as NewScientist contributor MacGregor Campbell pointed out, oftentimes, these activities are not noticed by the user.
"It's 2 a.m. Do you know what your smartphone is up to?" Campbell asked. "It may not be sleeping faithfully beside you. Seduced by a server far away, it springs to life and betrays your trust, giving away your secrets and running up quite a tab."
Mobile malware targeting Android devices
When it comes to the world of mobile malware, research has shown time and time again that the Android platform has become one of – if not the – top attack vector for cybercriminals. In fact, the most recent F-Secure Labs report found that Android-targeted mobile malware samples accounted for 97 percent of all the new threats that emerged last year.
"To no one's surprise at this point, Android continues to be the most targeted mobile operating system, as threats against this platform accounted for 804 new families or variants," the report stated.
Although malware comes with a range of malicious capabilities, some of the most recently discovered families have been established to leverage mobile devices for cryptocurrency mining, according to Trend Micro. The sample, known as ANDROIDOS_KAGECOIN.HBT, can mine for a variety of digital currencies like Bitcoin, Litecoin and Dogecoin. Victims' mobile devices also feel the effects of the malware, and can suffer from shortened battery life, and in the long run, a shorter device lifespan.
According to F-Secure, there are several reason that make Android devices more attractive to hackers, including the fact that, due to its popularity, there are simply more potential victims at their disposal. Current research shows that there are more Android devices operating now than those on any other platform. While predictions show that the operating system may lose a small portion of its market share in the near future, it will remain on top.
Another reason hackers are continuing to target Android devices is due to the habits of the users' themselves. F-Secure pointed out that many smartphone owners are utilizing unofficial app stores to download programs that are often laced with malware. And while the Google Play store has a favorable track record when it comes to preventing and removing malware from the store, the same cannot be said of these unofficial platforms.
Although the Google Play store works to ensure that apps being offered are not a threat to user devices, some do fall through the cracks. F-Secure noted that cybercriminals have gotten into the habit of trojanizing popular applications, repackaging top-selling programs to appear legitimate, but to actually be dangerous, malicious knock-offs. The report, which looked at the top 20 most popular apps in mid-December 2013, found that eight of these programs had more than one trojanized version being offered in third-party marketplaces.
How can users protect themselves?
There are a number of best practices and safeguarding strategies smartphone users – particularly those owning Android devices – can utilize to prevent an infection of their handheld hardware.
First and foremost, when it comes to downloading applications onto the device, individuals should only utilize a trusted source – the Google Play store, iOS Apple App store, etc. As F-Secure pointed out, other platforms don't have the staunch security measures in place to screen for malicious applications that can infect mobile endpoints when downloaded. For this reason, all programs should come from a reputable marketplace. This thinking should also be extended to the app itself, PC Magazine advised.
"[B]e careful before you download; if it's not a company you recognize, do some research before letting that app live on your phone," PC Magazine contributor Peter Pachal wrote. "Check out the ratings and reviews, and look at the app's permissions very closely – there's no reason for a wallpaper app to have access to your personal data, for example."
In addition, users should also download all updates and security patches as soon as possible. Oftentimes, hackers will leverage a known vulnerability in the operating system to infect the device. Once the issue is discovered, an update will be provided to patch the hole. However, if individuals don't download these items, they're basically leaving the door wide open for cybercriminals to exploit the security problem on their device.
CNET also encouraged users to leverage an antivirus application that can provide an extra layer of security, further safeguarding the device against infection. When it comes to choosing this type of application, CNET noted that there are a number of trusted providers, including Trend Micro, which have a good track record of offering robust mobile protection to identify and weed out threats. In fact, CNET found during a recent AV-Test endurance test that Trend Micro's mobile antivirus app ranked among the top five currently available today.