Smartphones, tablets and other mobile devices have become ubiquitous in our society over the past few decades, leading to a world where many of us have one in our possession at all times. The sheer technical capabilities of these devices are tremendous, and they have provided innumerable advancements in efficiency and accessibility for individuals and professionals working while not at the office or at home. Unfortunately, with these advancements come new threat vectors and additional risks, which threat actors are heavily exploiting.
Most recently, threat actors exploited Google’s authorized Play Store to deliver malicious software by forcing users who downloaded a fitness application to install an update package from a third party server. Once the software was installed and launched, masquerading as an update that included new fitness exercises, this malware spread far and wide, ultimately leading to more than 300,000 infections being discovered across Android devices.
These infections bypassed Google’s Play Store protections, as the malicious software itself didn’t exist in the binary as provided to Google, and Google’s code scanning capabilities did not trigger on the command-and-control download that occurred after installation and launch. This was because the threat actors waited until the application was approved and allowed in the Play Store to make a back-end modification to their servers that prompted users who ran the application to download the update, effectively preventing Google from seeing the malicious code at all until a manual review was done post-launch.
Once the malicious software was installed on a device, threat actors gained the capability to capture the device’s screen contents as well as to log all keypresses on the device. The threat actors leverage this capability to gain unauthorized access to e-mail accounts, banking accounts, investment accounts and more.
However, these types of incidents are not just limited to Android and Google’s Play Store. It was recently uncovered that back in 2015, Apple found itself in hot water as over 128 million users downloaded malicious software dubbed XcodeGhost on their iPhone or iPad devices. This allowed threat actors to read and write data to and from the clipboard, hijack URLs that the user was visiting and lead victims to phishing sites in order to thieve their credentials.
Apple made limited public announcements about this, making it difficult for impacted users to discover that they had, in fact, been impacted. Additionally, as of April 2021, there existed a variant of iOS malware predominantly targeting users who had jailbroken their devices. Known as mainrepo RAT, this malware allows threat actors to execute shell commands on jailbroken devices in order to steal information and monitor device use.
All of this emphasizes user responsibility in ensuring that the applications they are using on their devices are safe. When Google or Apple’s approved stores can be deploying the malware, though, it can be difficult to address these challenges.
To stay ahead of the threat actors, it’s recommended that users take the following precautions:
- Never jailbreak (iOS) or root (Android) your phone or tablet if it has access to any privileged or confidential information. Doing so removes several of the key protective security features of your device and leaves it exposed for threat actors to run unsigned code that wasn’t approved by Apple or Google.
- Only download applications from approved sources like the Apple App Store, the Google Play Store or the Amazon App Store.
- Only download and leverage banking applications or investment applications on a mobile device if it is absolutely necessary to do so.
- Be wary of third-party applications that replicate core phone functionality (e.g., QR code scanning applications), or of third-party applications that are being provided by an organization that you are not familiar with or implicitly trust.
- Be extremely cautious if an application requires you to update it the first time it is executed when this update is not processed through the appropriate App Store that the application was downloaded from. All applications should be directly updated through the appropriate App Store and not through the application itself.
It may seem a daunting task, but if you remain aware of the potential threats when using your device, it can significantly reduce the risk of your mobile device being impacted and your data being unintentionally disclosed.
Organizations can work to control this by layering in low-touch and pragmatic mobile-device-management platforms and on-device anti-malware tools, while educating users on the potential threat of this type of mobile malware. Additionally, Android and Apple devices both support the concept of a wholly segregated and secured enclave where all confidential and work-related information can be stored, keeping that data safe from prying eyes and making it significantly more difficult for threat actors to access even when a device is compromised.
iVision is passionate about keeping mobile devices and their data secure across all platforms and have deep experience implementing and managing mobile-device-management solutions in order to significantly reduce or mitigate this risk and we would love to help your organization prevent this type of attack. Learn more about our security offerings and how we can help prevent malware in your future.