Let's Count the Ways That a Phone Can Be Infected by Malware (tl;dr there are six ways)
When a phone is infected with malware, it behaves slightly differently. You may suddenly see a pop up advertisement, or you may feel your phone is slowing down, or your mobile data usage is increasing at a incomprehensible rate. Malware may be used by criminals for financial gains or by hackers for identity theft or to do damage, or even powerful groups for intelligence purposes. Whatever the purposes of the malware, we just do not want to be infected. We need to understand the different ways a malware can get into our phone so as to protect ourselves.
1. Android devices that are shipped with pre-installed malware
Some phones that you buy, especially the non branded low cost phones, may be infected by malware as shown in this article. The malware may be inserted by a malicious manufacturer or may be inserted during the supply chain of the different parts and assembly. These types of malware are the hardest to remove as it usually involve deep technical knowledge and skill to dig into the firmware of the phone. If infected at the firmware level, usually the only recourse is for you to buy another phone. After factory resetting your phone, there will be researchers interested to get hold of your infected phone to perform forensics. Thus, you may want to consider donating it to a good cause.
2. Applications that are downloaded contains malware
Applications that you download may be infected with malware. If you frequently download from third party App Store and not from official sources such as Google Play, your risk score immediately jumps up by a few notches. It is also a fact that malware infected applications can also sneak into Google Play Store because the detection of malware by anyone will never be foolproof. Google is improving its detection engine though it may still miss some of the malicious apps. Thus, you should be getting your applications from the official sources and not side-loading or third party App stores. Application that contains malware is either developed by the malicious developer or inserted during the supply chain (yes there is a supply chain of software libraries, codes, services, in the software development world).
3. Malvertising - The use of online advertising to spread malware
Malvertising involves injecting malicious or malware-laden advertisements into legitimate online advertising networks and webpages. Because advertising content can be inserted into high-profile and reputable websites, it provides attackers an opportunity to push their attacks to web users who might not otherwise see the ads, due to firewalls, secure settings, or the like. The ads to you will appear to be perfectly normal and appear on a wide range of apps and web pages. Once you click on the ad, your device is immediately infected with the malware. Major reputable ads networks are combating these malicious ads, but occasionally malware still come through this channel. Some people will choose to use ads blocker software to prevent ads from showing up. This practice is of arguable benefits depending on which side you are on.
4. Scams - The use of fake promise to lure you into downloading an application
Scams are common methods used by attackers to infect your mobile devices with malware. They will use websites, full screen Ads or emails to redirect you to a malicious web page. In some cases, a link to the infected page is sent directly to you in an email or text message, usually with some fake promise or prizes. Once they got you to their infected site, the code within the page automatically triggers the malicious software download. The website is usually disguised to look professional and legitimate in order to give you a false senses of security. Never open up these downloaded apk files on your phone.
5. Direct installation of malware into your device
You probably do not have to worry about this method of attack as it is costly to the attacker. In this case, the attacker must physically touch your device in order to install the malware. Usually, this involves plugging the device into a another device and directly downloading the malicious software onto it. You do have to worry about this method of attack, if you have the habit of using free charging services such as kiosks at the airports. Usually you do not know what the other end of the charging cable is connected to. An attacker can set up a fake charging station to infect people when they pluck the cable into their device. You should check that the debugging feature over USB is turned off and "Unknown sources - allow installation of apps from unknown sources" is also turned off, if you intend to use these charging stations. You should never just plug in a mobile storage card into your phone without first checking and scanning the card with some antivirus software.
6. (Free) WiFi insertion of malware into your device
This is a more complicated process to get a malware into your device because the attacker has to first get your device to join his WiFi network and then to exploit one of the software vulnerabilities in order to install a malicious application over the WiFi network. The first part is easy to the attacker unless you never ever turn on the WiFi function in your phone. The attacker has to just emulate one of the common WiFi broadcast ID (SSID) and your phone will automatically join the WiFi network. Some popular SSID to emulate would be coffee joints, restaurants or even your home WiFi network (yes, it is possible to capture and fake it subsequently). The best you can do to prevent this method of attack is to make sure your phone is always patched up to date, the Android operating system and all the applications. You should turn off the WiFi function if you are not expecting to join a WiFi network (You will reduce the WiFi electromagnetic signature and gain back some privacy too).
We are neutral to the suggestion of installing an Anti-Malware application as a preventive measure against malware. Whether you think they are really effective or wasting your phone resources (CPU, storage, RAM), it is still a good idea to occasionally install one of the popular one and perform a full scan of your phone. You can always delete or uninstall the application after the full scan. We built a simple malware check application just to perform a quick check of the latest malware announced on the Internet. It will always be free and adopts our Zero Permission App (ZPA) drive.
Be safe. God Bless.
No comments:
Post a Comment