3 min read

Mobile security threats: reality or myth?

Filip TRUȚĂ

June 13, 2021

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
Mobile security threats: reality or myth?

Consumers are sometimes skeptical about warnings that smartphones face just as many security threats as regular computers. While some security experts might seem over-zealous shouting about the dangers, the vast majority of warnings about mobile security threats are indeed justified. Just because our phones are not tethered physically to a network doesn’t mean they’re safe from cyber threats. In fact, they are more vulnerable than most of us like to think.

Platform-agnostic threats

Most security threats faced by regular users arrive via the Internet, whether it’s a malicious app or a rigged website, a scam delivered through the user’s social media channels, or a phishing scheme carried out via email or SMS. Even ransomware can make its way onto your phone if you jump through enough hoops set up by a threat actor.

Stalkerware is another big issue on mobile platforms. Whether delivered by exploiting a software vulnerability in the phone or installed deliberately by, say, a jealous spouse, this type of malware is especially prolific on phones – since they contain troves of personal data and private communication channels.

Mobile threats are in no way a myth. And most threats today are platform-agnostic, meaning they don’t discriminate based on OS or device type as long as the hardware can connect to the web. Furthermore, most consumer-oriented threats focus on stealing data (passwords, credit card information, etc). In many cases, no malware is needed to compromise this data. A well-timed phishing attack is all it takes to steal a user’s personal or financial information.

iPhones are not immune to hacks

‘White hat hackers’ are skilled security researchers that specialize in finding and exploiting device-specific vulnerabilities so bad guys don’t get to them first. But that doesn’t stop ‘black hats’ from doing the same. And when the bad guys do succeed, they sell their mobile exploits for millions on the dark market.

A vulnerability in WhatsApp recently made headlines for allegedly allowing threat actors to install spyware onto iPhones. It’s just one example that Apple’s walled ecosystem is not so immune to hacks either.

Weaponized hype

As shown in our 2020 Consumer Threat Landscape Report, the surge in popularity of video conferencing solutions during the pandemic opened an unlikely door for opportunistic threat actors. We detected a relatively large number of users installing Zoom apps from unofficial app stores, exposing themselves to malware posing as Zoom installers.

This scenario especially applies to Android phones. As noted in a recent Bitdefender Labs entry, one of Android’s greatest strengths, the ability to sideload apps from unofficial sources, is also its Achilles’ heel.

Our researchers wrote:

“Using a combination of tricks to persuade users to install apps outside of the official store, criminals spread most of their malware through sideloading. If mobile devices have no security solution installed, malicious apps roam free.”

Teabot, also known as ‘Anatsa,’ is an Android malware that can carry out overlay attacks via the Accessibility Services. It can intercept messages, perform keylogging activities, steal Google Authentication codes, and it even enables its authors to take full remote control of a user’s phone.

The Teabot payload is hidden in fake apps copying popular counterparts from the official Google Play store – some with as many as 50 million downloads. One popular distribution method uses a tainted Ad Blocker that people deliberately seek and install from unofficial sources. Other attack avenues include so-called free antivirus apps.

Stay protected with Bitdefender Mobile Security

Bitdefender has long gauged the dangers posed to mobile platforms, as well as the privacy hurdles we face each day in the digital era.

Bitdefender Mobile Security gives your iPhone or Android device full protection against mobile-specific threats, plus a secure VPN for a fast, anonymous and safe experience while surfing the web. We help users secure their passwords, private data and financial information, and we offer instant alerts whenever an incident is detected and prevented.

And with our new Digital Identity Protection you can check your online accounts against data breaches, find your private information online in legal and illegal collections of data, detect your social media impersonators and more. You can count on us to always be there to help you secure your online accounts, regardless of platform.

tags


Author



Right now

Top posts

Abode IoT Security Camera Vulnerabilities Would Let Attackers Insert Images, Bitdefender Finds

Abode IoT Security Camera Vulnerabilities Would Let Attackers Insert Images, Bitdefender Finds

December 21, 2021

2 min read
Online Shoppers Beware, Mobile Scams Are on the Rise

Online Shoppers Beware, Mobile Scams Are on the Rise

December 17, 2021

2 min read
The Holiday Guide to Tech Support: Fixing the Family Computer

The Holiday Guide to Tech Support: Fixing the Family Computer

November 24, 2021

2 min read
Bitdefender Celebrates 20 Years of Cybersecurity Leadership

Bitdefender Celebrates 20 Years of Cybersecurity Leadership

November 04, 2021

3 min read
Bitdefender Study Reveals How Consumers Like (and Dislike) Managing Passwords

Bitdefender Study Reveals How Consumers Like (and Dislike) Managing Passwords

October 26, 2021

3 min read
What are drive-by download attacks and how do you prevent them?

What are drive-by download attacks and how do you prevent them?

October 25, 2021

2 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Scam Alert: Tens of thousands of users targeted in pyramid scheme spam campaign Scam Alert: Tens of thousands of users targeted in pyramid scheme spam campaign
Alina BÎZGĂ

January 13, 2022

3 min read
Is Your QNAP NAS Secretly Mining Crypto? Is Your QNAP NAS Secretly Mining Crypto?
Radu CRAHMALIUC

December 09, 2021

2 min read
What is FluBot and why you need to start taking it seriously right now What is FluBot and why you need to start taking it seriously right now
Radu CRAHMALIUC

December 03, 2021

3 min read