Android Security Roundup: Malware Makers Get Savvier at Mobile Attacks

Security

android secured, smartphone, security

Verizon’s latest data breach investigations report shows there is little real-world data suggesting that cybercriminals are breaching mobile devices in a major way. But that doesn’t mean they aren’t trying. As several of our recent stories on the Android Secured blog show, smartphones and tablets, especially those running Android, are getting increasing scrutiny from cybercriminals.

Take ransomware, for instance. Read our story “Dogspectus” Opens New Front in Android Ransomware Distribution to find out how malware authors have figured out how to drop ransomware on a mobile device via drive-by download. All you need to do to get infected is to visit a website that has been infected with the malware.

Dogspectus, according to security vendor Blue Coat, which discovered it, is the first Android ransomware tool that is capable of installing itself on a device without the victim having to do anything proactively to initiate the action. Granted, the malware poses a threat only to Android device owners running older versions of the operating system that visit certain adult websites. So it isn’t exactly a widespread issue. Still, the main takeaway here is that malware authors are getting better at figuring out ways to attack the data on your smartphone or tablet. If history is any indication, sooner or later they will succeed.

Android SecuredIf you still need convincing about the growing interest in the mobile environment among the bad guys, take a look at our story on Android Users Duped by Nasty Malware Disguised as Chrome Update. The threat, reported by security researchers at Zscaler, involves a malware sample that is disguised to look like a legitimate Chrome update from Google, but really is a Trojan that can collect call logs, SMS text messages, browser histories, banking data and other information from devices on which it gets installed. Among other things, the malware can also monitor your phone calls and SMS messages, terminate phone calls and disable security applications.

Read The Ghost Push Scare And Other Takeaways From Google’s Android Security Report for a quick update on Google’s assessment of Android security in 2015.  According to Google, Android malware in general poses less of an immediate threat to users than potentially harmful applications (PHAs) like those that access and use your location data or personally identifiable information without your permission. Google says its analysis shows that about 0.5% of the nearly 1 billion Android devices in use have a PHA installed on them, compared to the 0.15% of Android devices that have malware.

In other news, a recent survey by security vendor iPass showed that a growing number of organizations are saying no mas to employees using free Wi-Fi services to access corporate data and services. A full 60% of the survey respondents said they had already banned such use, while another 20% indicated they have plans to do the same soon. Read Say Goodbye To Checking Email At The Coffee Shop.

And finally check out Waze May Be Fooled With Fake GPS Data to find out how researchers at the University of California, Berkeley, have devised a pretty smart way to fool Waze – and pretty much any app that is location-based and uses crowdsourced data – with a bunch of fake data.

Security standards around connected medical devices are woefully lacking, but that’s about to change. Don’t miss the unveiling of DTSec, the first consensus cybersecurity standard for medical devices with security and assurance requirements, by BlackBerry Chief Security Officer David Kleidermacher. It’ll happen May 23-24 at MEDSec 2016, the first international conference covering security and privacy for the Internet of Medical Things, taking place in San Jose, Calif. Learn more and register today at MEDSecMeeting.org.

About Jaikumar Vijayan

Vijayan is a freelance journalist and technology content writing specialist with 20+ years of award-winning experience in IT trade journalism. He is a former Senior Editor at Computerworld Inc.and is a frequent contributor to Christian Science Monitor Passcode, Computerworld, Dark Reading, eWEEK and other publications. Vijayan is the author of BlackBerry's "The Definitive Guide to Mobile Security: Strategies and Tactics for Business & IT Decisionmakers" e-book on mobile security and an author of security white papers for the SANS Institute.

Join the conversation

Show comments Hide comments
+ -
blog comments powered by Disqus