Protecting Your Mobile Devices from Mobile Malware

Published on 10 Sep 2021 | Updated on 21 Jul 2023

The proliferation of mobile devices in our daily lives and its increasing use for various features make it a convenient and attractive target for cyber criminals to deploy mobile malware. Mobile malware are malicious software that are specifically designed to target mobile devices with the goal of gaining access and stealing information. Examples of such malware include spyware, trojans and adware. Such malware may be downloaded to devices through methods such as visiting and clicking on links that lead to untrustworthy websites, downloading malicious attachments in social media messages, text messages or emails, or downloading of malicious mobile applications.

Some signs of possible malware infection may include:

  • Installation of unknown applications on the device
  • Significant decrease in device performance
  • Unexpected or strange behaviours from the device such as auto-activation of camera or microphone

Users may safeguard mobile devices from malware infection by practising the following measures:

  • Only download applications from the official Play Store (Android) and App Store (iOS). As an added precaution, check the developer information on the application listing, and only download applications developed and listed by the official developer.
  • Pay attention to the security permissions required by the application and/or its privacy policy before downloading. Be wary of applications that ask for unnecessary permissions on your device.
  • Update the device software and applications to the latest versions as soon as possible. 
  • Keep anti-virus/anti-malware software updated with the latest malware signature file, and run the anti-virus/anti-malware scans regularly.
  • Be wary of suspicious social media messages, text messages and emails. Always verify the authenticity of the message before clicking on any links or downloading any attachments.
  • Close applications when not in use.
  • Power on and off the device regularly.
  • Ensure that PlayProtect is enabled on your Andriod devices and refrain from installing applications whenever a Google PlayProtect warning is prompted.

If you suspect that your mobile device has been infected with malware, immediately turn on "flight mode" to disable any malicious network communications and perform an anti-virus/anti-malware scan on the device. If there are unknown applications installed on the device, uninstall them immediately. If there are still signs of infection, users may consider performing a factory reset of the device. Before proceeding, users should make sure to back up all important data from the device.

There have also been reports of infection of mobile devices around the world by the Pegasus spyware, although the reports suggest that it is targeting mainly business leaders, journalists or dissidents and does not infect random devices. For those who may be concerned of a possible Pegasus infection, there are open source tools such as the Mobile Verification Toolkit developed by Amnesty International, to identify the malware. Users may alternatively also consider engaging a reputable third party company to conduct mobile forensic investigation on the mobile device to check for the presence of a malware infection, or replacing the mobile device with a new device.

More information is available here: