Smartphone Malware Is On The Rise, Here's What To Watch Out For

                         

There's been a surge in mobile malware attacks as cyber criminals’ ramp up their attempts to deliver malicious text messages and applications to users in order to steal sensitive information including passwords and bank details. Cyber security researchers at Proof point say they detected a five hundred percent surge in attempted mobile malware attacks during the recent few months of 2022, with significant peaks at the beginning and end of February. The major target of a substantial proportion of mobile malware is to steal usernames and passwords for email or bank accounts; however, many forms of mobile malware are also equipped with invasive snooping capabilities to record audio and video, track your location, or even erase your content and data., More attacks are employing these advanced capabilities as mobile malware evolves. 

For cyber criminals, both Apple and Android smartphones are targets. However researchers and analysts note that the more open nature of the Android marketplace and the ability to download apps from third-party app stores makes devices using Google's operating system more unsafe to being hacked. Both users of Apple and Android smartphones can also find themselves the victim of SMS phishing attacks; sees text messages sent to users containing links designed to trick them into entering their bank details or login credentials into a fake website for cyber criminals so as to see and steal. Fake missed delivery and fake alerts are common lures.

One of the most notorious forms of mobile malware is FluBot, active since November 2020. It is designed to steal usernames and passwords of user visits from banks and other sites. What makes FluBot so potent is because of its worm-like ability to spread itself by accessing the infected user's address book as well as sending SMS messages to their friends. It's this ability to virtually spread itself that is why it's been dubbed FluBot. 

TangleBot is another form of mobile malware causing problems for smartphone users. TangleBot, describing it “powerful but elusive”, first appeared in 2021; it is delivered mainly via fake package-delivery notifications. TangleBot has an ability to overlay other mobile apps and intercept camera footage and audio recordings; additionally of being able to steal sensitive information and control or hack devices. 

Other mobile threats detailed by researchers include Moghau. It is SMS-based malware that deploys multi-lingual attacks and threats to target users across the world with fake as well as pirate landing pages based on their country. It is designed to trick victims into downloading trojan malware. Furthermore, TianySpy is malware that infects both IOS and Android users by spreading via messages which claim to come from the victim's mobile network operator. 

Number of detected mobile attacks has been declining since the last month of current year. Mobile malware is still a threat to users however researchers warn that many people aren't aware of the potential and profound danger posed by phishing or malware attacks targeting smartphones. Researchers and specialists recommend that users should be wary of any unexpected or unrequested messages containing links or requests for data. 

"Consumers need to be very skeptical of mobile messages that come from unknown sources. And it's important to never click on links in text messages, no matter how realistic they look. If you want to contact the purported vendor sending you a link, do so directly through their website and always manually enter the web address/URL," said Jacinta Tobin, vice president of Cloudmark operations. “It's also vital that you don't respond to strange texts or texts from unknown sources. Doing so will often confirm you're a real person to future scammers," she added. 

Users who receive a suspected malicious text message mustn't click the link or install any apps if prompted, advice from the National Cyber Security Centre says. Contrary, they’re advised and urged to forward the message to concerned government agency, a free spam-reporting service provided by phone operators rather than deleting the message.