Crowdstrike researchers have prepared a report that analyzes malware and other cyber threats for mobile devices. According to experts, attacks on smartphones have recently become significantly more complicated and dangerous.Previously, the main problem for smartphone and tablet users was clickjacking. However, now people are increasingly connecting their lives with mobile devices – they store important data, billing information etc. Cybercriminals are developing new methods of attacks on smartphones.
The Crowdstrike document identifies five key modern cyber threats for mobile devices: Remote Access Tools (RATs), banking Trojans, ransomware, cryptominers, and advertising clickfraud. Finally, as the sixth potential threat, researchers noted legal commercial spyware (also called spouseware or stalkerware).
RAT programs are mainly used for espionage, which is often easier to implement on mobile devices – the camera, microphone and GPS chip are already integrated. After installation, such malware usually intercepts SMS messages, looking for tokens for multi-factor authentication there.
Because cross-platform RAT programs are difficult to develop and maintain, government hackers with significant resources more often use them.
Mobile banking trojans, whose capabilities are similar to RAT, represent another cyber threat that is rapidly growing. A distinctive feature of programs of this class is the ability to overlay their windows on top of legitimate applications.
“You enter your credentials or bank details, but an invisible malware window has been placed on top of your bank’s official application. As a result, all the information you enter falls into the hands of cybercriminals“, – Crowdstrike researchers describe the threat.
Ransomware and encrypting ransomware- these programs have also recently switched from desktops to mobile devices.
Smartphone users are often use cloud storages, which store backup copies of files and the operating system, however, attackers came up with their own working schemes here – just completely block the device and require a certain amount for unlocking it.
Security experts have also begun to find malicious cryptocurrency miners on smartphones.
“Initially, the idea of mining on mobile devices may seem insane – usually such a code is completely not optimized for smartphone processors. On the other hand, a huge number of potential victim devices make crypto mining an attractive event. It is expected that in the future all malware for mobile devices will be equipped with mining scripts. This will be facilitated by the minimum requirements for the development and relatively low risk”, – believe in CrowdStrike.
The latest threat to smartphone users – clickfraud – is perhaps the least dangerous of all. The purpose of this method is to send hidden HTTP requests to ad inventory.
According to experts, by 2025 click fraud will bring advertising revenue of up to $50 billion.