Modern Threats to Mobile Devices and How to Protect Yourself

Today, more and more people are choosing mobile devices as their primary way to connect to the internet. Smartphones and tablets can now meet almost any online need, offering a wide range of apps (Instagram, Twitter, VK, Facebook), built-in cameras, and the convenience of portability. It’s no surprise that cybercriminals have set their sights on mobile platforms, where many users are less experienced in cybersecurity.

Introduction

The main goal of modern cybercriminals is profit. The days when malware was created just for fun or destruction are long gone. Attackers now focus on making money from regular users’ mobile devices. But what methods do they use, and how can you protect yourself? Let’s take a closer look.

Ransomware on Mobile Devices

Ransomware has become a widespread threat for desktop computers, and cybercriminals have adapted similar tactics for mobile devices. Typically, these malicious programs lock your device and demand a ransom to restore access. Sometimes, they target call histories, contacts, photos, or messages, which often forces victims to pay up.

One of the most dangerous mobile ransomware examples is DoubleLocker—the first mobile encryptor to use Android’s Accessibility Service. It uses two extortion tools: encrypting device data and changing the PIN code. The use of Accessibility Service, designed to help people with disabilities, is a particularly dangerous innovation now exploited by cybercriminals, especially on Android.

Another threat, Android/Locker.B, blocks access to the infected device’s operating system and changes the lock screen PIN. It disguises itself as a camera app for WhatsApp, an Android antivirus, a Dropbox app, or Flash Player. Notably, Android/Locker.B demanded ransom in the form of iTunes gift cards.

Figure 1. Android/Locker.B ransomware

Botnets

Botnets made up of hacked smartphones and tablets are another major cyber threat. Infected devices are controlled by attackers, who can use them to launch DDoS attacks or send out mass spam emails.

The RottenSys malware for Android could turn infected devices into part of a botnet. RottenSys disguised itself as a Wi-Fi security app and requested system permissions. Experts found 316 variants of RottenSys, each tailored for specific distribution channels.

Similar apps that turned Android devices into bots were also found in the official Google Play store. These apps, supposedly offering Minecraft skins, were actually infected with the Sockbot malware, which compromised between 600,000 and 2.6 million devices. Sockbot created a SOCKS-proxy server to form a botnet. The developer, known as FunBaster, obfuscated the app code and signed each app with a different developer key, helping them bypass Google Play’s security checks.

WireX (detected as Android Clicker) is another large-scale botnet, consisting of tens of thousands of hacked Android smartphones. This malware, also downloaded from the Play Store, was designed for application-level DDoS attacks. WireX infected over 120,000 Android smartphones, with 70,000 devices from more than 100 countries participating in a single DDoS attack. Security researchers found over 300 malicious apps in the Play Store containing WireX code, disguised as video players, ringtones, or storage management tools.

Figure 2. WireX botnet for Android

Malicious Apps

Malicious apps are another ever-evolving threat for mobile users. These programs can perform a wide range of harmful activities, such as making unauthorized purchases in app stores—sending your money straight to the attackers. Some of these apps don’t even require user interaction, which is especially alarming.

Worse, some manufacturers of cheap Android devices have started embedding malware at the firmware level. Researchers found 140 such devices with pre-installed malware. These programs run from the “/system” directory with full root access, connect to a remote server, download an XML file, and install one or more apps. Since they’re built into the firmware, they can install any app the cybercriminal wants, without any user interaction.

Some malicious apps disguise themselves as legitimate software. For example, a recently discovered Android malware pretended to be Google Maps. After installation, it tried to hide by displaying the official Google Maps icon or the Google Play Store logo.

Figure 3. Icon of a malicious app disguised as Google Maps

Vulnerabilities in mobile operating systems make things even worse. Many cybercriminals track new security holes, and some startups offer up to $3 million for zero-day exploits for Android and iOS. For example, the “Trustjacking” vulnerability discovered in April allowed attackers to remotely control iPhones by luring users to a website with special code.

Even security measures from Google and Apple can sometimes fail. Experts found a spyware app in Google Play that disguised itself as a messenger. After installation, it downloaded a second app that collected location data, call logs, audio and video recordings, text messages, and other private information.

With the rise of cryptocurrency, attackers have also become interested in mining apps that use regular users’ devices to generate cryptocurrency for the attacker. Researchers found legitimate apps in Google Play that secretly included mining software.

Data theft is another concern. Apps like KevDroid can record calls made on Android devices.

Many believe that iOS offers better protection against malicious apps than its main competitor. For example, Igor Pushkarev, the former mayor of Vladivostok, once urged citizens not to use Android, claiming it was poorly protected.

Contactless Payments (Tap and Pay)

Most people have heard of NFC (“Near Field Communication”). In simple terms, this technology expands on contactless cards, allowing users to pay for purchases with their mobile devices. This links your smartphone to your bank account or credit card, making it even more attractive to fraudsters.

To steal money via NFC, attackers use the “bump and infect” method, which exploits NFC vulnerabilities. This method has already been used to steal money, especially in places like shopping malls, parks, or airports.

How to Protect Your Mobile Device from Cyber Threats

While these tips may sound familiar, it’s important to remember the basics of mobile security to ensure your information is as safe as possible:

• Install antivirus software. With the constant evolution of mobile malware, treat your smartphone or tablet like a desktop computer and use a reputable antivirus app.
• Create strong passwords. If you’re still using your pet’s name as a password, it’s time to change. Use passwords at least 8 characters long, including letters, numbers, and symbols. Avoid easily guessed words like your child’s or pet’s name.
• Keep your software up to date. Make sure your apps and operating system are always updated, as updates often fix vulnerabilities that attackers could exploit.
• Monitor your bank statements and mobile payments. Regularly check your transactions for suspicious purchases made via your mobile device.
• Disable unused features. For extra security, turn off GPS, Bluetooth, or Wi-Fi when you’re not using them. Also, avoid storing personal data (like passwords and account credentials) on your device whenever possible.

Conclusion

It’s clear that cybercriminals have long considered mobile devices a top target, and technologies like NFC only make them more attractive. Remember, attackers are after two things: your money and your personal data (which can be sold or used for further theft). Decide carefully what you store on your device and what’s better kept on more secure platforms.