Recently, there has been an alarming upward trend in cybersecurity breaches, with 2018 seeing over 600 breaches only halfway into the year. Cybercrime is now the fastest growing crime in the US, and according to the FBI every 3 seconds, an identity is stolen. That's 35,000 every day and more than 15 million every year! Major companies are now falling victim to cyber-attacks including Marriot, Facebook, Google, and Macy's most recently. Hackers can now get personal information from customers such as phone numbers, email addresses, credit card numbers, and birth dates, and much more.
As hackers are becoming more advanced, the ways they can steal information are growing, making mobile devices vulnerable to cyber-attacks now too. According to Wandera Inc., "the number of malicious malware installation packages found striking mobile devices more than tripled in 2016, resulting in almost 40 million attacks globally." This all may sound frightening but fear not! There are many ways to protect your phone from cyber-attacks. Keep reading to learn several ways you can keep your phone safe from malware applications!
How Hackers Infect Phones With Malware
1. Infected Apps
Infected applications are the most commonly used delivery system for hackers to transfer malware to mobile devices. Hackers typically choose popular apps like PokemonGo or Whatsapp to replicate or infect, increasing the chances of their rogue app being downloaded by users. Occasionally, hackers will come up with brand new applications infected with malware to infect your phone.
Infected apps are most commonly found on third-party app stores but recently have been showing up more in official app stores like Google Play or the App Store. In 2017, Google removed over 700,000 potentially malicious apps out of the Google Play store before they were able to reach Android users. Since then, the vetting process for apps to enter the official app stores have become much more rigorous and secure making it more difficult for the malicious apps to get in. Even so, some malicious apps are still able to slip through the cracks and get into both the Google Play store and Apple App store.
Scams are another favorite tool amongst hackers used to infect mobile devices. Users are redirected to a malicious web page, either through a pop-up screen or a web redirect. Sometimes, links to infected pages are sent directly to users through email or text messages.
Once the infected page has been visited, the code on the page triggers the automatic download of the malicious software. The sites are usually designed to replicate legitimate websites to get users to accept the file on their devices.
Malvertising is the use of online advertising to spread malware. The ads look the same as regular advertisements and can appear on a wide range of apps and web pages including legitimate online ad networks.
Once the ad is clicked on, the user is taken to an infected site, which triggers the download of the malware and infects the device. Some examples of more aggressive malvertisements are ads that take up the entire screen of the device while using the internet. If the screen is touched, it triggers the automatic download of the malicious file.
4. Direct to Device
This is the least commonly used method to infect devices with malware, but it still happens to a few unsuspecting individuals. This can be done at the hands of the user or by a hacker accessing an unattended phone. When it is done by the user, it's often the unintentional result of them deciding to download an application directly to their phone from a third-party website that appears to be safe but is indeed infected. When it's done by a hacker, the hacker manually downloads the malicious software onto a device that's been left unattended or stolen. The most common example of this method in use is spyware being installed on the phones of spouses by their partners so they can monitor them.
Below are some of the types of mobile malware most commonly used today:
- Spyware – a program that monitors and gathers information about users’ actions on their devices without their knowledge or permission.
- Adware – short for “advertising software,” shows users frequent ads in the form of pop-ups, sometimes redirecting users to web pages or applications.
- Financial malware – attempts to steal users’ bank credentials without their knowledge.
- Ransomware – malware that locks the user out of their files or their device, then demands an anonymous online payment to restore access.
- Trojan – a form of malware that hides within a piece of seemingly innocent, legitimate software to gain access to target users' systems.
- Rooting malware – ‘roots’ the device, basically unlocking the operating system and then obtains escalated privileges.
- SMS malware – makes devices send and intercept text messages resulting in SMS charges. The user is usually not aware of the activity.
Recent Mobile App Attacks
Earlier this month, two malicious fitness iOS apps were able to infiltrate the App store and steal money from users by taking advantage of the TouchID feature on iPhone devices. The apps "Fitness Balance app" and "Calories Tracker app," appeared to be new legitimate fitness applications in the App Store. But, once downloaded and opened, they began initiating payments in the background for the amounts of $99.99, $119.99, or €139.99. They then tricked users into unknowingly approving the charges with onscreen prompts asking the user to use the TouchID sensor to set up and access their content.
If users already had previously registered payment information in their App Store accounts, the transaction would be approved and accepted immediately. There was one flaw in the app's design though; it quickly displayed a pop-up showing the pending transaction which prompted some skeptical users to stop the finger scanning process. Whenever users became suspicious and refused to scan their fingers, the app would fail to start and continuously show the finger scanning prompt in a loop until the user either completed the scan or uninstalled the app.
Many iOS users fell victim to this scam because of its legitimate appearance, high ratings, and favorable reviews. Posting fake reviews is becoming a commonly used technique by hackers to improve the reputation of their apps. Using methods like this, hackers are often successful in getting their malicious apps downloaded. Because of this, users on Android and Apple devices alike are falling victim to apps that sneakily steal their personal information or scam them out of money more than ever. Some of these apps have even been reported of being capable of recording audio and video on users' phones to use against them for blackmail. With hackers becoming more clever with the methods they use to scam individuals, it's important to be smart about the apps you download on your mobile device. Follow these suggested tips to keep your phone safe from malware applications!
Tips To Keep Your Phone Safe
1. Always use official app stores- While some apps do manage to sneak inside official app stores for both Android and Apple devices, using only official app stores to download applications to your phone dramatically decreases your chances of downloading an infected application.
2. Read the reviews- Use reviews to screen apps before downloading them. Often if there are issues within an app, users will comment on whether or not the app does what it says it will, or if the app seems suspicious. Also, if an app has only 5-star ratings, this too could be a warning sign that the app might be malicious since hackers often pay for reviews to make the app seem more legitimate.
Often, if looked at in combination, the reviews and star rating can be a great indicator to the validity of an app. It's safe to say if an app has low ratings and bad reviews you shouldn't download it. Alternatively, if an app has all 5-star reviews but terrible reviews it's probably a suspicious app.
3. Verify it’s really the app you are looking for- Hackers often create malicious apps that mimic popular apps, so they can sneak their way into app stores without being detected and get downloaded by unsuspecting users. The most significant incident of this was the lookalike WhatsApp application published by hackers in the Google Play store being downloaded by more than 1 million users. If you're looking up a popular app but see errors in the description or the logo looks a little off, don't download it.
4. Check which permissions it asks for- Always check which permissions apps ask for before using it. If the app requests permissions that don't make sense or are unreasonable, don't trust it. Beware of apps that ask for permission to run in the background, to control the keyboard, phone, and messaging functions, or to launch other apps. If an app asks for permissions that it doesn't need to run properly, it's probably suspicious.
5. Regularly update your phone and applications- Make sure to keep your operating system up to date! New system updates often include new security patches to protect your phone from new cyber threats.
6. Don’t jailbreak your phone- Many malicious apps like spyware can only be installed on jailbroken phones. Jailbroken phones are unlocked and able to bypass many of the security settings that are standard for the devices. This lack of security allows hackers to remotely control devices through installed apps to steal users' private data such as passwords, emails, photos, messages and much more. victims
Warning Signs You May Have An Infected App
- It disappears from the home screen once downloaded
- It displays strange behavior when launched or crashes a lot
- It asks for additional, unnecessary permissions
- It drains your battery or data more than usual
- Unfamiliar apps have been added to your phone
If you believe your phone may be infected with a virus, try downloading one of these free trusted antivirus applications to remove the virus: AVG AntiVirus Free, Norton Security and Antivirus, or McAfee Security: Antivirus, Anti-Theft & Safe Web. If you are an iPhone user and fear that you may have a virus simply try restarting your device, clearing your website history, or restoring your phone to a recent back up to remove the malware virus.
1. Restart your iPhone or iPad: Hold down the power button until you see Slide to Power Off >> touch and slide until it turns off. To turn it back on, hold down the power button for a few seconds until you see an Apple logo.
2. Clear your history: Settings >> Safari >> Clear History and Website Data >> tap Clear.
3. Restore your iPhone or iPad to a recent backup. Make sure your device is set to automatically backup. If it is, you can restore it to an earlier backup, when you weren't having problems. To turn on Backup: Settings >> iCloud >> turn on Backup.