Part 1 of a 3-part series focused on application, network and device-level mobile threats. This blog focuses on application-level mobile threats.
By Vivien Raoul, Chief Technology Officer for Pradeo
We live in an ultra-connected world in which billions of corporate and personal datapoints are processed through mobile devices every second. While organizations leverage mobility to boost their productivity and offer the best experience to their users, cybercriminals exploit the mobile attack surface for their own illicit gain.
Smartphones and tablets have inherent capabilities that, when illegally exploited, enable hackers to locate users, eavesdrop on their communications, access their files, microphones, camera, etc. making them a target of choice.
Threats targeting mobile devices operate either at the application, the network or the device level. In this first article of a 3-part series, we’ll focus on application-related threats by analyzing the modus operandi of various x-wares.
The Various X-Wares
Malware
A malware (malicious software) is specifically designed to disrupt, damage, or gain authorized access to a legitimate device or data while the victim often remains unaware of the attack. It can have various functionalities depending on the objective of the hacker and different malwares are sometimes combined in a unique attack. Even though mobile applications hosting malware are sometimes found on official app stores, most of them come from third party platforms. However, as more and more people download applications from unofficial app stores, the numbers of devices infected by malware continues to grow.
Here are some examples of common Android malware:
- Keylogger: A keylogger malware collects everything that is typed on a device keyboard and sends the data toward a remote server. It can either display a fake keyboard on top of the real one, or if the device is rooted, directly collect details from the original keyboard.
- OTP interceptor: A One-Time-Password (OTP) is often used during transactions to confirm that the person making the payment and the credit card owner are one and the same. This kind of malware intercepts the temporary code automatically sent by SMS to the user to commit a malicious attack like banking fraud.
- Overlay malware: This type of malware displays an overlay on top of legitimate applications. The overlay mimics the original interface to trick users into entering sensitive data into a fake window that will collect and forward them to a remote attacker.
- Ransomware: This malware encrypts the infected device and locks it until the user pays a ransom. It’s the type of threat that we heard the most about in 2017 with Petya and WannaCry.
Spyware
Spyware is also a malicious program. It collects and leaks sensitive information off the device without a user’s consent and does not display a persistent notification that this is happening. Its objective is to capture passwords, banking credentials, location coordinates or other sensitive data and send them over the internet for fraud, espionage or resell purposes. Often, spyware is hidden within third-party libraries that developers embed within mobile applications.
Adware
Adware displays untimely advertisements, usually through pop-up or banners, sometimes encouraging users to download a malicious application. The line between a spyware and an adware is very thin, since spyware leaks data without the user knowledge toward malicious servers while adware sends them out towards legitimate servers, for example for marketing purposes. While adware may be disruptive, it is not inherently malicious.
Riskware
Riskware constitutes a wide category that features, among other things, legitimate applications that can cause damage if exploited by malicious users. Mobile applications hosting vulnerabilities referenced by the US National Vulnerability Database, the OWASP mobile security project, US-CERT, etc. are more prone to cause data leakage and to lead to Man-In-The-Middle and DoS attacks. Currently, 1 out of 3 mobile applications host vulnerabilities (Source: Pradeo Lab).
How VMware Workspace ONE + Pradeo Mobile Threat Defense Protect Mobile Fleets From X-Wares
Pradeo Mobile Threat Defense technology relies on an Artificial Intelligence-based engine to detect mobile threats operating at the application, the network and the device level. It performs real-time on-device analysis to accurately identify known, unknown and advanced mobile threats, including x-wares, and wards them off before they do any harm.
Once activated within VMware Workspace ONE, powered by AirWatch, Pradeo Security provides fast, appropriate and proactive threat management directly from the VMware UEM console.
Interested in learning more about Pradeo integration with VMware? Check out pradeo.com and the VMware Workspace ONE Marketplace for more information.
Stay tuned for Part 2 – Network threats and Part 3 – Device threats in the months to come!
