Mobile Malware That Can Spy On Users, Steal Credentials and Intercept Calls Is Up 500%


Enterprises that deploy smartphones and other mobile devices to its employees should be on the lookout for malware sent via text-based phishing, which has risen 500% since early February, cybersecurity firm Proofpoint says in a new report.

This comes after a 2021 where malware attacks on mobile devices fell sharply. However, new strains of malware are recording audio and video, tracking location and destroying or wiping content and data, according to the report.

Android phones, due to the more open approach to app stores and the ability to sideload apps from anywhere on the internet, are more susceptible to compromise.

While many strains of mobile malware aim to give attackers control of the device or the ability to steal sensitive information and credentials, newer strains are allowing hackers to record conversations, including both audio and video from the device.

In addition, destructive malware that can wipe data from a device has also been seen in the wild recently, Proofpoint says.

Much of this malware is delivered via phishing, including via SMS text message, designed do trick the user into inputting credentials on a fake login page. Other malware hides in the background to steal credentials once certain apps, usually finance related, are activated.

Proofpoint highlighted several prevalent strains of mobile malware, mostly impacting Europe and Asia, including FluBot, which spreads by accessing the infected device’s contact list and sending the information back to a command-and-control (C&C) server, which then instructs the devices to send malicious messages to those contacts.

The malware can also access the internet, read notifications, make voice calls and delete apps.

Proofpoint also highlighted TeaBot, which the company calls a “multifunctional Trojan” capable of stealing credentials and streaming an infected device’s screen to the attacker. Like FluBot, it spreads via SMS message and uses keylogging to intercept Google Authenticator codes.

TangleBot, meanwhile, is a piece of malware thought to be spreading through a collaboration between the two aforementioned malware families. It lures victims into clicking on a software update notification and once compromised, can control devices, overlay other mobile apps and steal camera and audio feeds.

Other mobile malware capable of stealing financial data, controlling the affected device and spying on the user are Moqhao, BRATA and TianySpy, according to the report. 

Like with the desktop, an antivirus app is just part of the solution when it comes to protecting against mobile malware. Since most compromise begins with some form of social engineering and phishing, users should be aware of what a mobile phishing attempt looks like.





Source link