Mobile Threats

Published on Monday, 07 October 2019 09:00

CyberSense is a monthly bulletin by CSA that spotlights salient cybersecurity topics, trends and technologies, based on curated articles and commentaries. CSA provides periodic updates to these bulletins when there are new developments.


OVERVIEW

Globally and in Singapore, many own mobile phones and tablets to connect with one another, be entertained, or to work. Singaporeans on average spend more than 12 hours daily on them. The wide use of mobile devices in our daily lives also make it ripe for the picking by hackers who are developing “mobile malware” that can spy on you, steal your personal data, or lately, mine cryptocurrencies.

mobile threats

Mobile malware is not a new phenomenon per se, and one of the first - a malware known as Cabir - was discovered in June 2004. Cabir was relatively harmless as it only caused infected phones to display a word (with no known meaning) “Caribe” every time the phone was switched on. Fast-forward 14 years, mobile malware today have grown more pervasive and insidious. Two main motivations for hackers to target mobile devices: monetary gains and espionage. For monetary gains, hackers have devised malware that ride on the hype of cryptocurrency. “Cryptojacking”, as it is called, involves malware that mine for crypto-assets, often without your knowing. The only tell-tale sign may be a device appearing to work much slower than before because its processing power is being used by the malware to mine for crypto-assets.

Given such concerns over mobile malware, particularly when used for espionage, some countries such as USA have even decided to prohibit Chinese-made apps and devices, though some have also viewed these as protectionist measures. A measure you can take, before you start to see your phone slow down, is to install an anti-virus software in your mobile devices now.

REPORTS

THE RISE AND PROLIFERATION OF MOBILE MALWARE

Since the discovery of the first mobile malware, Cabir, in June 2004, the number of mobile malware has grown exponentially in the past 14 years. In 2017, Google said that it removed 700,000 potentially malicious applications from its App store; a 70 per cent increase from 2016. Most of these malicious applications were Ransomware and Banking malware (such as those that steal credit card information). Android devices account for almost 90 per cent of global smartphone market share, and is most targeted by malware, according to some industry reports (such as Nokia’s 2017 Threat Intelligence Report). Making matters worse, Android ransomware are more lucrative for hackers to devise and sell – they can be sold for 20 times more than Windows ransomware kits in the dark web.

Banking malware is another category of mobile malware to beware of. In a global survey conducted by cybersecurity company Avast, almost four in ten consumers mistook a fake app for the real one. To spy on users, collect their bank login details or steal their money, banking malware would create a fake page that can be a complete replica of the genuine banking application. This reflects the level of sophistication and accuracy applied by cybercriminals to create seemingly trustworthy copies of banking apps.

Read on by clicking on the story below:


CRYPTOJACKING GOES MOBILE

With the value of cryptocurrencies like Bitcoin and Monero growing, hackers are targeting mobile devices to harvest such assets. It has already struck the PC world earlier to carry out such activities. “Cryptojacking”, as it is called, involves adversaries installing cryptocurrency mining software without the victim’s knowledge. Often, the only tell-tale sign is a device that works slower, or overheats without reason.

Cryptocurrencies can be earned when one performs complex calculations to verify the cryptocurrency transactions made on an online ledger. This makes such transactions hard to forge. As such calculations need tremendous processing power – one Monero coin requires the equivalent of about 150 computers with high-end graphics processing units, which would cost about S$200,000 - miners avoid such costly set-ups by spreading malware to devices to hijack their processing power.

The surge in value seen in 2017 exacerbated the growth of such malware targeting mobile devices. In a malvertising campaign that started in November 2017, android users were redirected to websites, where they would need to enter a CAPTCHA code. While trying to solve the CAPTCHA code, a cryptojacking script would run and start using the processing power of the user’s device to mine Monero coin. Solving the CAPTCHA code only redirected the user to Google homepage. Malwarebytes, a US-based anti-malware company said the website attracted around 800,000 visits per day, with an average time of four minutes spent on the mining page per user. This earned the adversaries a few thousand dollars per month. More recently, in February 2018, NetLab360, a Chinese-based security research lab, reported that a malware, ADB.Miner, can self-propagate from one infected Android device to another, to mine Monero coins.

Read on by clicking on the story below:


CYBER ESPIONAGE ON MOBILE

Cyber espionage is increasingly pervasive and often leverages Internet-connected devices to steal or manipulate sensitive data. Nation-state actors, such as Fancy Bear and Comment Panda, are well-known for quietly breaching and staying in networks and computers to carry out such activities.

Mobile devices have now become another popular conduit. Researchers from Trend Micro discovered spy apps targeting Android users in India since late-2017. In another report, researchers from US-based mobile security company, Lookout, released information on a nation-state actor, Dark Caracal, which has been collecting sensitive personal information since 2012 from more than 21 countries, and targeting sectors including governments, military, and utilities. The actor typically used Facebook and WhatsApp to spread phishing messages, which when clicked, led victims to download fake messaging and privacy-oriented apps. These apps, once installed, were capable of collecting sensitive user information such as recorded audio, call logs, conversations from popular chat applications, and location information.

In the face of such threats, countries such as India and USA have taken measures to protect themselves from potential and inadvertent information leaks. In an advisory sent to Indian troops in November 2017, Indian Defence Ministry told troops stationed at the Chinese border to uninstall Chinese-made apps from their smartphones. The advisory, which included a list of more than 40 Android and iOS apps, warned soldiers that these apps can transmit user data back to servers located in China. In the USA, a Bill was signed in August 2018 that would prohibit US government agencies from using phones and equipment from Huawei and ZTE, both China-based telecommunications company. An executive order was given in May 2019 giving the federal government the power to block US companies from buying foreign-made telecommunications equipment deemed a national security risk. Some critics, however, have viewed such moves as protectionist measures rather than security concerns per se.

Read on by clicking on the story below:


QUICK BYTES

Hacking mobile phones like Mr. Robot (Season 2 Episode 9)

In an episode of popular US drama series Mr Robot, hacker Elliot Alderson was seen to have launched a cyber-attack using a real-world device, the Pwn Phone. The device has the ability to hack into any mobile device through its SIM card, and send malware via a malicious text message. While the TV show generally fictionalises most of the hacks, in using the Pwn Phone, it raised the awareness of such a tool, and potentially its usage. However, Pwnie Express, the company behind Pwn Phone, no longer sells the device. Their focus has since shifted towards establishing a version of Android that provides tools for network hacking and penetration testing, called Android Open Pwn Project (AOPP).


SOURCES INCLUDE: Arstechnica, Bleeping, Computer, Carbon Black, HackRead, Infosecurity Magazine, Lookout and Trend Micro