3 min read

Mobile security threats: reality or myth?

Filip TRUȚĂ

June 13, 2021

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
Mobile security threats: reality or myth?

Consumers are sometimes skeptical about warnings that smartphones face just as many security threats as regular computers. While some security experts might seem over-zealous shouting about the dangers, the vast majority of warnings about mobile security threats are indeed justified. Just because our phones are not tethered physically to a network doesn’t mean they’re safe from cyber threats. In fact, they are more vulnerable than most of us like to think.

Platform-agnostic threats

Most security threats faced by regular users arrive via the Internet, whether it’s a malicious app or a rigged website, a scam delivered through the user’s social media channels, or a phishing scheme carried out via email or SMS. Even ransomware can make its way onto your phone if you jump through enough hoops set up by a threat actor.

Stalkerware is another big issue on mobile platforms. Whether delivered by exploiting a software vulnerability in the phone or installed deliberately by, say, a jealous spouse, this type of malware is especially prolific on phones – since they contain troves of personal data and private communication channels.

Mobile threats are in no way a myth. And most threats today are platform-agnostic, meaning they don’t discriminate based on OS or device type as long as the hardware can connect to the web. Furthermore, most consumer-oriented threats focus on stealing data (passwords, credit card information, etc). In many cases, no malware is needed to compromise this data. A well-timed phishing attack is all it takes to steal a user’s personal or financial information.

iPhones are not immune to hacks

‘White hat hackers’ are skilled security researchers that specialize in finding and exploiting device-specific vulnerabilities so bad guys don’t get to them first. But that doesn’t stop ‘black hats’ from doing the same. And when the bad guys do succeed, they sell their mobile exploits for millions on the dark market.

A vulnerability in WhatsApp recently made headlines for allegedly allowing threat actors to install spyware onto iPhones. It’s just one example that Apple’s walled ecosystem is not so immune to hacks either.

Weaponized hype

As shown in our 2020 Consumer Threat Landscape Report, the surge in popularity of video conferencing solutions during the pandemic opened an unlikely door for opportunistic threat actors. We detected a relatively large number of users installing Zoom apps from unofficial app stores, exposing themselves to malware posing as Zoom installers.

This scenario especially applies to Android phones. As noted in a recent Bitdefender Labs entry, one of Android’s greatest strengths, the ability to sideload apps from unofficial sources, is also its Achilles’ heel.

Our researchers wrote:

“Using a combination of tricks to persuade users to install apps outside of the official store, criminals spread most of their malware through sideloading. If mobile devices have no security solution installed, malicious apps roam free.”

Teabot, also known as ‘Anatsa,’ is an Android malware that can carry out overlay attacks via the Accessibility Services. It can intercept messages, perform keylogging activities, steal Google Authentication codes, and it even enables its authors to take full remote control of a user’s phone.

The Teabot payload is hidden in fake apps copying popular counterparts from the official Google Play store – some with as many as 50 million downloads. One popular distribution method uses a tainted Ad Blocker that people deliberately seek and install from unofficial sources. Other attack avenues include so-called free antivirus apps.

Stay protected with Bitdefender Mobile Security

Bitdefender has long gauged the dangers posed to mobile platforms, as well as the privacy hurdles we face each day in the digital era.

Bitdefender Mobile Security gives your iPhone or Android device full protection against mobile-specific threats, plus a secure VPN for a fast, anonymous and safe experience while surfing the web. We help users secure their passwords, private data and financial information, and we offer instant alerts whenever an incident is detected and prevented.

And with our new Digital Identity Protection you can check your online accounts against data breaches, find your private information online in legal and illegal collections of data, detect your social media impersonators and more. You can count on us to always be there to help you secure your online accounts, regardless of platform.

tags


Author



Right now

Top posts

John Oliver Shows the Dark Side of Data Brokerage on Last Week Tonight

John Oliver Shows the Dark Side of Data Brokerage on Last Week Tonight

April 15, 2022

3 min read
Bitdefender Labs Warns of Phishing Scams Targeting MetaMask Users

Bitdefender Labs Warns of Phishing Scams Targeting MetaMask Users

April 14, 2022

3 min read
Why and how to hide your IP address while traveling

Why and how to hide your IP address while traveling

April 13, 2022

2 min read
How Bitdefender Can Help Restore Your Privacy in the Digital Age

How Bitdefender Can Help Restore Your Privacy in the Digital Age

April 04, 2022

3 min read
How Strong is VPN Encryption?

How Strong is VPN Encryption?

February 28, 2022

3 min read
Top Three Ways Internet Users Unknowingly Help Cybercriminals

Top Three Ways Internet Users Unknowingly Help Cybercriminals

February 25, 2022

4 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Bitdefender Labs Warns of Phishing Scams Targeting MetaMask Users Bitdefender Labs Warns of Phishing Scams Targeting MetaMask Users
Alina BÎZGĂ

April 14, 2022

3 min read
Scam Alert: FIFA World Cup Lottery Scams are Back in Business Scam Alert: FIFA World Cup Lottery Scams are Back in Business
Alina BÎZGĂ

April 13, 2022

2 min read
Malspam Duet: Tax Season Phishing Campaigns Deliver LokiPWS and Emotet Malware Malspam Duet: Tax Season Phishing Campaigns Deliver LokiPWS and Emotet Malware
Alina BÎZGĂ

March 30, 2022

4 min read