Forum

Space for exchanging points of view.

The Rise of Mobile Malware

Technology

Smartphones, tablets and other mobile devices have become ubiquitous in our society over the past few decades, leading to a world where many of us have one in our possession at all times.  The sheer technical capabilities of these devices are tremendous, and they have provided innumerable advancements in efficiency and accessibility for individuals and professionals working while not at the office or at home.  Unfortunately, with these advancements come new threat vectors and additional risks, which threat actors are heavily exploiting.



Most recently, threat actors exploited Google’s authorized Play Store to deliver malicious software by forcing users who downloaded a fitness application to install an update package from a third party server. Once the software was installed and launched, masquerading as an update that included new fitness exercises, this malware spread far and wide, ultimately leading to more than 300,000 infections being discovered across Android devices.



These infections bypassed Google’s Play Store protections, as the malicious software itself didn’t exist in the binary as provided to Google, and Google’s code scanning capabilities did not trigger on the command-and-control download that occurred after installation and launch.  This was because the threat actors waited until the application was approved and allowed in the Play Store to make a back-end modification to their servers that prompted users who ran the application to download the update, effectively preventing Google from seeing the malicious code at all until a manual review was done post-launch.



Once the malicious software was installed on a device, threat actors gained the capability to capture the device’s screen contents as well as to log all keypresses on the device.  The threat actors leverage this capability to gain unauthorized access to e-mail accounts, banking accounts, investment accounts and more.


0 Commentaires

Laissez un commentaire

Back to top