What is Mobile Malware?

Mobile malware, as its name suggests is malicious software that specifically targets the operating systems on mobile phones. There are many types of mobile malware variants and different methods of distribution and infection. For organizations that depend on mobile phones to do business or who allow employees and visitors to use their own devices as part of a BYOD policy, the threat is very real and needs to be addressed.

As more users are steadily moving away from desktop operating systems and favoring mobile devices instead, it was only a matter of time before hackers switched tactics. Right now, the volume of mobile threats is a mere fraction of those that target desktops. However, as more and more sensitive and potentially high-value tasks are carried out on mobile devices, mobile security threats are fast becoming a growing concern.

Let's take a closer look into the different types of mobile malware, how they are distributed or installed and the damage they can do to both data on the phone itself and over the network.

1. Spyware and Madware

Madware, short for mobile adware, usually finds its way onto a mobile phone through the installation of a script or program and often without the consent of the user. The purpose of most forms of madware is to collect data from your phone in order to spam you with ads. Most madware variants usually include an element of spyware, which collects information about your internet usage and sends it on to a third party. This data may include details about your location, your passwords and your contacts. That not only makes it a problem for you, but potentially anybody in your address book.

2. Drive-by Downloads

If you open the wrong email or visit a malicious website, you could become the victim of a form of mobile malware known as the drive-by download. These variants are automatically installed on your device and can unleash a range of threats, including spyware, malware, adware or something much more serious such as a bot that can use your mobile device to perform nefarious tasks like sending viruses to other people within your organization or scanning the network for a way in.

3. Viruses and Trojans

What might seem a legitimate application could contain a virus or trojan ready to attack your mobile phone. These viruses may have a fairly innocuous payload, such as changing your phone's wallpaper or changing the language. However, most have something much more malicious in mind like mining for passwords and banking information.

4. Mobile Phishing

Phishing exploits are nothing new, but the introduction of the mobile phone has seen cybercriminals change their phishing tactics in order to scam users of mobile devices. Traditional phishing techniques involve criminals sending emails to users that appear to originate from a trusted source. Mobile phishing takes this tactic one step further and uses applications to deliver mobile malware. The user, often unable to tell the difference between a legitimate application and a fake application is none the wiser as the fake application collects account numbers, passwords and more.

4. Browser Exploits

When it comes to security, your mobile browser is not completely flawless. For this reason, there are a number of browser exploits in the wild that can take full advantage of your browser and other applications that work within the browser, such as PDF readers.

While mobile malware can deliver a serious payload, there are a number of things you can do to protect your device from infection.

• Keep applications updated: By running the newest version of every application on your mobile phone, you can ensure that you are running the version with the latest security patches and updates. Application developers will often release a new update or version if their software is compromised in any way.
• Install mobile security software: Just like antivirus software protects a computer from viruses and malware, a mobile security application will do the same thing.
• Consider a firewall: The majority of mobile phones do not include any type of firewall protection. Firewalls not only protect your online privacy when browsing, but can be used to only allow authorized apps to access the internet through a set of firewall rules.
• Use screen lock protection: Many mobile devices are compromised when they are lost and stolen. Ensure at the very least that a passcode is used to lock the screen. Even better, use facial recognition or fingerprint recognition technology.
• Only download apps from official stores: All vets available on the Apple App Store and Google Play have been vetted to ensure they are safe. That doesn't mean that no app will slip through the net, but you have a much better chance of installing a legitimate app through office sources.

With Forcepoint CASB (Cloud Access Security Broker), an organization can gain complete mobile security for their applications. Apply unique access and security policies on a per-device basis by easily distinguising betweeing managed and unmanaged devices.