Our new F-Secure Labs’ Mobile Threat Report finds that 99% of the new mobile threats that emerged in Q1 2014 targeted the the Android operating system. This continues a trend that allows us to say, mobile malware is essentially Android malware.
83% of the Trojans the Labs analyzed performed some sort of SMS-sending, making it the most common objectionable activity we’ve found. Sending SMS to premium-rate numbers can drive up a users’ bill and is the best way to crooks have found to monetize malware in Europe and Asia..
Here’s the good news: Google has introduced a notification prompt for SMS messages sent to premium-rate numbers in the 4.2 Jelly Bean update for the Android operating system. You can allow or block this action. The Labs predicts this little change likely to put a major crimp in an SMS-sending Trojans’ business model.
A new study finds that 34% of a Americans do nothing — nothing! — to secure their smartphone. They don’t even lock it. Don’t be one of those people.
Here’s what the Labs recommends to protect your tablet or mobile phone:
1. Just lock it!
Despite concern about online-based attacks, the easiest way for malware to get on a device is still for someone to secretly manually install it. Locking it prevents anyone else from meddling with its settings and installing an monitoring app or spyware while it is out of your possession.
2. Use anti-theft protection.
Anti-theft protection gives you the ability to remotely wipe the data on your device, including on removable media, if you think the device is irretrievable. Some anti-theft solutions also include location mapping for locating the device.
3. Stick to trusted sources.
By default, Android devices block installation of apps from any source other than the Play Store. You can check to make sure your device only allows Play Store apps by looking in Setting > Applications > Unknown sources. If the checkbox is checked, non-Play Store apps can be installed. Uncheck it now!
4. Check those permissions.
Whether you’re downloading from the Play Store or other sources, check the app’s list of requested permissions. Does it ask for Internet connection, to save files to external storage, or to be allowed to send SMS messages? Check the developer’s site to see why the permissions are needed and look at reviews for feedback from other users. Our free F-Secure App Permissions App makes this easy.
5. Turn on message barring
If your Android device isn’t using OS version 4.2 (Jellybean), consider requesting a call or SMS barring service (also known as ‘premium-rate blocking’) from your operator to prevent unwanted outgoing calls or messages. This is especially handy for parents who want to keep their children’s devices from racking up unexpected charges.
6. Scan your apps.
If you’re downloading an app from anywhere but an official store or a trusted source, be sure reputable mobile antivirus to scan it before installing. You can think of this as a check on its ‘silent’ behavior – it’s unstated but allowed actions. If you’re comfortable with the verdict from the mobile antivirus, then you can elect to install the app.
[Photo by Irita Kirsbluma via Flickr.com]
This may sound like a nightmare or a Black Mirror episode about a dystopic future, but…
March 23, 2017