Malicious Mobile Applications: An Introduction

Let’s begin from the beginning; with a brief history of Malicious Mobile Applications (MMAs) or the mobile malware…

It was in 2004 that Cabir, the first computer worm capable of infecting mobile phones, was found. The relatively harmless worm targeted devices that ran on Symbian OS. Cabir would hijack a phone’s UI upon infection and then, as it replicated itself, would run the battery down.

Well, that was just the beginning. Two years later, there were as many as 200 viruses vying with one another to infect smartphones of the world.

2006 saw many SMS/MMS attacks taking place targeting phones. There were worms, Trojans and spyware like FlexiSPY, RedBrowser, Commwarrior etc that targeted phone users, exploiting mobile messaging services.

Ever enterprising as they are, cybercriminals were not going to sit idle with just targeting smartphones. They would definitely have wanted to attack iPhones too; iPhones were considered to be unassailable. 2009 saw hackers compromising jailbroken iPhones by using iKee, a simple but very effective worm. The attackers used this worm to turn jailbroken iPhones into bots and botmasters; it was akin to the PC-based botnet and each infected iPhone was assigned a unique identifier. Thus, the C&C server could be made to send new instructions and execute commands on each compromised device. In 2014, researchers at Palo Alto Networks discovered in iPhones the presence of a virus, which they called WireLurker and which, according to some researchers, was the first serious virus impacting iPhone and iPad owing to the striking features that it had.

Another notable MMA was DroidDream, a virulent Trojan that hit the official Android market in 2011. DroidDream, which came with over 50 seemingly genuine apps, impacted over 250,000 users; this Trojan gave hackers root access to a device, thereby helping them potentially hijack an entire device and all data in it. They could use it to initiate the formation of a mobile botnet too.

The different kinds of MMAs

There are basically four different kinds of MMAs. There are Trojans that impact smartphones and generate unauthorized premium rate calls/texts or purchases, for which the bill would come to the phone owner. Then there are spyware that would track down the users’ various activities (calls, texting, emails, browsing etc), would also access contacts and browsing history and would also track the location of the device. The third kind are the phishing sites that resemble legitimate social networks or online banking services and are thus used to steal user credentials. The fourth variety of MMAs are the hidden processes that run in the background and lie in wait, unknown to the user, for an apt moment to strike. They would strike when an online banking session or any such thing is initiated and cause mischief.

MMAs likely to get more sophisticated

Today we have MMAs that are sophisticated and run in the background, always ready to run executables or contact botmasters for new instructions. Experts point out that in near future we’d have even more advanced and sophisticated MMAs, which would actually hijack and help to gain full control over compromised devices.

Thus, with mobile devices pervading our lives greatly and with trends like BYOD bringing more mobile devices into the work environment, mobile security is going to be a great challenge for IT professionals. They’d have to work hard to combat MMAs and secure mobile devices from all kinds of threats.

How to protect devices from MMAs

There are some basic measures that can be adopted to try securing mobile devices against MMAs. These include:
• Downloading apps only from official stores (Google Play, Apple’s App Store etc).
• Doing enough research on third-party apps before obtaining them for use.
• Reading the end user agreement and rethinking “permissions” before installing new apps.
• Ensuring that all mobile devices connected to an enterprise network are brought into the organization’s security criteria.
• Ensuring that the IT department is promptly notified whenever a mobile device that’s connected to an enterprise network gets compromised.
• Installing necessary security software on mobile devices, especially the ones that are connected to any enterprise network for work-related purposes.