3 min read

Mobile security threats: reality or myth?

Filip TRUȚĂ

June 13, 2021

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
Mobile security threats: reality or myth?

Consumers are sometimes skeptical about warnings that smartphones face just as many security threats as regular computers. While some security experts might seem over-zealous shouting about the dangers, the vast majority of warnings about mobile security threats are indeed justified. Just because our phones are not tethered physically to a network doesn’t mean they’re safe from cyber threats. In fact, they are more vulnerable than most of us like to think.

Platform-agnostic threats

Most security threats faced by regular users arrive via the Internet, whether it’s a malicious app or a rigged website, a scam delivered through the user’s social media channels, or a phishing scheme carried out via email or SMS. Even ransomware can make its way onto your phone if you jump through enough hoops set up by a threat actor.

Stalkerware is another big issue on mobile platforms. Whether delivered by exploiting a software vulnerability in the phone or installed deliberately by, say, a jealous spouse, this type of malware is especially prolific on phones – since they contain troves of personal data and private communication channels.

Mobile threats are in no way a myth. And most threats today are platform-agnostic, meaning they don’t discriminate based on OS or device type as long as the hardware can connect to the web. Furthermore, most consumer-oriented threats focus on stealing data (passwords, credit card information, etc). In many cases, no malware is needed to compromise this data. A well-timed phishing attack is all it takes to steal a user’s personal or financial information.

iPhones are not immune to hacks

‘White hat hackers’ are skilled security researchers that specialize in finding and exploiting device-specific vulnerabilities so bad guys don’t get to them first. But that doesn’t stop ‘black hats’ from doing the same. And when the bad guys do succeed, they sell their mobile exploits for millions on the dark market.

A vulnerability in WhatsApp recently made headlines for allegedly allowing threat actors to install spyware onto iPhones. It’s just one example that Apple’s walled ecosystem is not so immune to hacks either.

Weaponized hype

As shown in our 2020 Consumer Threat Landscape Report, the surge in popularity of video conferencing solutions during the pandemic opened an unlikely door for opportunistic threat actors. We detected a relatively large number of users installing Zoom apps from unofficial app stores, exposing themselves to malware posing as Zoom installers.

This scenario especially applies to Android phones. As noted in a recent Bitdefender Labs entry, one of Android’s greatest strengths, the ability to sideload apps from unofficial sources, is also its Achilles’ heel.

Our researchers wrote:

“Using a combination of tricks to persuade users to install apps outside of the official store, criminals spread most of their malware through sideloading. If mobile devices have no security solution installed, malicious apps roam free.”

Teabot, also known as ‘Anatsa,’ is an Android malware that can carry out overlay attacks via the Accessibility Services. It can intercept messages, perform keylogging activities, steal Google Authentication codes, and it even enables its authors to take full remote control of a user’s phone.

The Teabot payload is hidden in fake apps copying popular counterparts from the official Google Play store – some with as many as 50 million downloads. One popular distribution method uses a tainted Ad Blocker that people deliberately seek and install from unofficial sources. Other attack avenues include so-called free antivirus apps.

Stay protected with Bitdefender Mobile Security

Bitdefender has long gauged the dangers posed to mobile platforms, as well as the privacy hurdles we face each day in the digital era.

Bitdefender Mobile Security gives your iPhone or Android device full protection against mobile-specific threats, plus a secure VPN for a fast, anonymous and safe experience while surfing the web. We help users secure their passwords, private data and financial information, and we offer instant alerts whenever an incident is detected and prevented.

And with our new Digital Identity Protection you can check your online accounts against data breaches, find your private information online in legal and illegal collections of data, detect your social media impersonators and more. You can count on us to always be there to help you secure your online accounts, regardless of platform.

tags


Author



Right now

Top posts

August Spam Debrief: Bitdefender Labs Warns of Fraud Campaigns Exploiting the Russia-Ukraine War

August Spam Debrief: Bitdefender Labs Warns of Fraud Campaigns Exploiting the Russia-Ukraine War

August 31, 2022

4 min read
Snake Keylogger Returns in Malspam Campaign Disguised as Business Portfolio from IT Vendor

Snake Keylogger Returns in Malspam Campaign Disguised as Business Portfolio from IT Vendor

August 30, 2022

2 min read
What is medical identity theft and how to protect against it

What is medical identity theft and how to protect against it

July 27, 2022

2 min read
Curious about Omegle? Here’s how the roulette-style chat platform can threaten your online privacy and security

Curious about Omegle? Here’s how the roulette-style chat platform can threaten your online privacy and security

July 07, 2022

5 min read
Identifying and Dealing with Online Bullying Is Not Impossible - School Presentation Inside

Identifying and Dealing with Online Bullying Is Not Impossible - School Presentation Inside

June 28, 2022

2 min read
Let’s Celebrate World Social Media Day by Improving Your Privacy and Security Online

Let’s Celebrate World Social Media Day by Improving Your Privacy and Security Online

June 28, 2022

3 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Cybercrooks Leverage Death of Queen Elizabeth II to Steal Users’ Microsoft Credentials Cybercrooks Leverage Death of Queen Elizabeth II to Steal Users’ Microsoft Credentials
Alina BÎZGĂ

September 15, 2022

2 min read
Spammers switch tactics by asking recipients to call toll-free numbers in PayPal phishing campaign Spammers switch tactics by asking recipients to call toll-free numbers in PayPal phishing campaign
Alina BÎZGĂ

September 14, 2022

3 min read
August Spam Debrief: Bitdefender Labs Warns of Fraud Campaigns Exploiting the Russia-Ukraine War August Spam Debrief: Bitdefender Labs Warns of Fraud Campaigns Exploiting the Russia-Ukraine War
Alina BÎZGĂ

August 31, 2022

4 min read