Mobile phone malware attacks are on the rise around the world, as users fall prey to fake apps and spam text messages.
Both cybercriminals and hostile countries from nation states seeking dirt on their foes are believed to be responsible, and Australian mobile users aren’t being overlooked.
In March, a new breed of malware known as ‘Gustuff’ began hitting targets in Australia via an SMS spam campaign.
Gustuff tricked its victims into entering their banking details and password by triggering push notifications sent by a fake mobile banking app.
It then used an automatic transfer system to pass the captured credentials on to the legitimate banking applications.
The 2019 Mobile Threat Landscape Report released by cybersecurity firm CrowdStrike this week shows that nation states are targeting individual mobile users for “intelligence gathering” and “disruption” of national rivals.
There has been an “uptick in sophistication and interest from nation states, in addition to eCrime groups who seek to exploit mobile devices for financial gain”, CrowdStrike Intelligence vice president Adam Meyers said.
Nation states “typically target end users who demonstrate political or intelligence value”, while criminal actors attempt to “monetise mobile devices through ransomware, banking trojans, credential theft and cryptomining”, Mr Meyers said.
How to protect your smartphone from malware
The report highlighted a growing trend of smartphone users falling victim to malware attacks by downloading illegitimate apps onto their devices.
“I tell people to really make sure you’re careful about what apps you’re installing and where you’re installing them from,” CrowdStrike technology strategy vice president Michael Sentonas said.
“The majority of malware comes from a third-party store – stick to the App Store and Google Play and you’ll see less.”
When it comes to protecting your smartphone, Mr Sentonas recommends following these basic steps:
- Practise phone “hygiene”: Only install apps from official app stores
- Keep your phone up to date: Install security patches promptly and ensure you’re using the latest operating system, as adversaries target phones running on out-of-date software
- Apps: Know which apps you’ve installed, what they’re doing, and delete old apps you no longer use
- Beware of phishing scams: Don’t trust text messages and emails that prompt you to install applications, especially if it’s through third-party app stores
- Physical security of the device: Have strong passwords, use biometric identification, and don’t leave your device unattended
- Don’t use unsecured wi-fi networks.
If you believe your phone has been compromised, back up your photos and any other important data, and wipe your phone to restore it to its factory settings.
Travel warning: Free airport wi-fi not worth the cost
When travelling overseas it can be tempting to login to free airport and hotel wi-fi services, but Mr Sentonas said it’s not worth the risk.
“When you’re travelling overseas and connecting to free wi-fi points your traffic is going to a third party,” he said.
Despite the high cost of data when travelling, the best thing to do is to use the telco that your Australian provider is partnered with, he said.