Malware for Android users is becoming increasingly common. The security arms race between Google and the bad guys is a never-ending battle. Despite each version of the OS offering increased security, inevitably something created by humans isn’t perfect, so exploits are found and leveraged to inject malicious software on to devices.
The type of malware threats on Android are very similar to what is faced by Windows users on the PC, which can be inconvenient at best and personally and financially damaging at worst.
Data Theft
We all carry personal data on our devices, from email to social media accounts and even your camera roll, all are things you want to keep private. Malware can threaten that privacy and a compromised device can potentially send data from your device to a remote server without your knowledge.
Keystroke Logging
Multiple times a day we’re asked to sign into our accounts. On mobile devices, apps tend to be better at remembering our credentials, but if your device has malware on it and you enter your username and password into a browser or app, a keystroke logger could steal your credentials.
An attacker would then sign into your account and unless you have 2-factor authentication turned on, they’d be able to access your account(s). Even then, it’s no guarantee though, as we saw back in December last year.
If you use weak passwords or the same passwords on different services, it’s possible someone could build enough of a profile on you to embark on identity theft, something that can take years to escape from.
Cryptomining
There have been instances where an attacker loads malicious software on to a device, of which the payload delivers cryptomining software. It may sound like low returns, but given the impressive performance of modern mobiles, and the ability to take over hundreds or thousands of devices, it can make sense.
The attacker could also abuse the power of a device without adhering to the normal thermal constraints on a device, meaning the malicious software used for mining cryptocurrency, not only drains the battery faster, it could overheat and permanently damage the phone.
Malware examples
- Lotoor – Hack tool that exploits vulnerabilities on Android operating system in order to gain root privileges on compromised mobile devices.
- Hiddad – Android malware which repackages legitimate apps and then releases them in a third-party store. Its main function is displaying ads, however it is also able to gain access to key security details built into the OS, allowing an attacker to obtain sensitive user data.
- Triada – Modular Backdoor for Android which grants superuser privileges to downloaded malware, as helps it to get embedded into system processes. Triada has also been seen spoofing URLs loaded in the browser.
What’s the solution?
As always in information security, prevention is always better than the cure, so if you’re concerned about the safety of your mobile phone, you can purchase a security suite, specifically for your mobile phone.
The good news is protecting your device doesn’t have to cost the world, ESET Mobile Security & Antivirus for Android is priced at A$5.98 per year. This includes features like app lock, anti-phishing protection and proactive anti-theft. The price represents great value, also offering scheduled scanning, low battery alert, automatic update of virus database, as well as connected home monitor, and security audit capabilities.
There’s also a free version that still offers a great set of protections such as antivirus, real-time scanning, security report, activity log, remote lock, remote siren and tablet support.
More information at ESET.
