Several days ago, Alcatel-Lucent released a report on malware trends that has some important findings regarding smartphones and other mobile devices. While some of the findings were to be expected, there were some surprises in the report as well.
Many risks discussed in the report currently impact Android devices more than they do iPhones, but it's important for Apple users to be aware of the issues as well, as there is no guarantee that any particular problem will remain constrained to the Android universe forever.
People who use smartphones and care about their security (i.e., almost everyone) should be aware of the following information that researchers garnered from analyzing anonymized transmissions from many millions of devices connected to networks around the world.
1. Criminals are exploiting the unique opportunities presented to them by smartphones. Many attackers penetrate people's devices when the victims download free apps. Be careful what you install on your phone.
2. Ten out of the top 25 most prolific threats are mobile spyware--malware that allows unauthorized parties to track a phone owner's location and movement, monitor his or her phone calls, and read his or her text messages and emails. Criminals may even be able to watch, record, or monitor other activity--such as online banking or browsing. As to be expected, among the top risks described by the report is banking-oriented spyware (so called "Banking Trojans") that specifically seeks to steal banking credentials (and, in some cases, also credit card numbers).
3. There are now mobile ransomware-type apps that demand that users pay money to access their devices and data by claiming to have encrypted the contents of Android devices. Unlike true ransomware on Windows computers, however, some of these apps do not to actually do what they claim to do, and a technically-knowledgeable person can recover his or her data without paying the ransom. Others, however, do encrypt SD card contents--which often includes a user’s pictures and videos.
4. Criminals are making money by installing onto people's devices malware that surreptitiously sends text messages to special numbers that charge senders a fee for sending to them. This problem is more prevalent overseas than in the United States, perhaps due to the difficulty in our nation of setting up such a number while remaining anonymous.
5. There is plenty of malware circulating that seeks to steal people's personal information--in order for criminals to either use it to commit identity theft, or to sell it to people who will use it for that purpose. There is also malware that uses the data to deliver targeted advertisements.
6. One sophisticated piece of malware allows hackers to remotely use the Internet connection on infected smartphones and tablets. This can run up costs for the owner, and can cause serious aggravation for the owner if the criminals commit crimes over the connection--especially if they delete the malware after committing the crime. Fraudulent transactions committed from the device's connection, and child porn downloaded via the device, for example, could be traced to the device's owner.
7. While in 2013 and 2014, half the malware detected on mobile networks came from Android devices, in 2015 approximately 80% came from Windows. This rapid change may emanate from one or more of several factors including an increasing number of people connecting Windows computers to mobile networks via connections to their cellular devices, an improvement in Google's malware-spreading-prevention capabilities in its App store, security improvements in Android OS, the increased proliferation of Android security software, and other factors. That said, the increase in malware transmissions from Windows computers over mobile connections should serve as a wake up call and remind everyone that many Windows machines remain infected--so, if you have not installed and updated Internet Security software it would be wise to do so as soon as possible.
As always, it is wise to secure your mobile device by using security software, ensuring that you have remote wipe capabilities, and practicing common sense caution when downloading apps, clicking links, and opening email and text message attachments.