Mobile Malware and Security Practices

Unofficial Application Stores

  • Malware has extensive access once installed on a mobile device.

  • Caution on APK Files:
      - Do not install APK (Android Package Kit) files from untrusted sources.
      - iOS Application Curation:
        - All applications are curated and controlled by Apple.
      - Android Application Distribution:
        - Applications can be downloaded from Google Play or trusted app stores.
        - Sideloading Risks:
          - Problems can occur during the sideloading process.

Developer Mode

  • Purpose of Developer Mode:
      - Enables access to developer-specific settings and functionalities.

  • Features of Developer Mode:
      - USB debugging.
      - Memory statistics.
      - Demo mode settings.

  • Enabling Developer Mode:
      - iOS/iPadOS:
        - Enabled using Xcode on macOS.
      - Android:
        - Enable from Settings > About Phone > Tap the build number seven times.

Root Access and Jailbreaking

  • Mobile Devices as Purpose-Built Systems:
      - Direct access to the operating system is generally unnecessary.

  • Gaining Access:
      - Android: rooting process.
      - Apple iOS: jailbreaking process.

  • Custom Firmware Installation:
      - Custom firmware replaces existing operating systems.
      - Facilitates uncontrolled access and circumvention of security features, allowing sideloading of apps without app store usage.
      - Results in Mobile Device Management (MDM) losing its effectiveness.

Application Spoofing

  • Definition:
      - Installation of applications that appear legitimate but are actually malicious or bootlegged.

  • Example of Spoofing:
      - In 2021, Google removed 150 malicious applications, including:
        - Photo editing tools.
        - Camera filters.
        - Games.
        - QR code scanners.
      - Example of malicious behavior: the UltimaSMS app attempted to subscribe users to a $40/month SMS service.

  • Malicious Source Example:
      - XcodeGhost Malware: a malicious version of Xcode that infected applications during development.

  • Precautions:
      - Always verify the source and legitimacy of an app before granting permissions.

High Network Traffic

  • Indicators of Malware:
      - Higher than normal network utilization may indicate malware presence.
      - Observed high network traffic typically arises from command and control (C2) functions of malware.

Proxy Network Use

  • Monitoring Data Usage:
      - Utilize built-in data use reports, which can provide detailed monitoring options.
      - Consider third-party reporting applications from trusted sources.
      - Run a malware scan as a precautionary measure.

Degraded Response Time

  • Symptoms:
      - Device running slowly or experiencing screen lags and poor input response time.

  • Troubleshooting Steps:
      - Restart the device to clear the slate.
      - Check for OS and app updates to fix buggy code.
      - Close apps that are not in use to reduce resource management.
      - Consider a factory reset as a last resort.

Data Usage Limit Notification

  • Android Feature:
      - Built-in feature to notify users of excessive data usage, which is not native to iOS.
      - iOS can limit downloadable file sizes and set warnings/limits for excessive data usage.

  • Implications:
      - Excessive data usage can indicate malware infection.
      - Detailed drilling down on individual app data usage may help identify malicious apps.
      - Running a malware scan is essential to pinpoint the problematic app.

Limited or No Internet Connectivity

  • Malware Behavior:
      - Malware often prevents access to network resources to avoid removal.
      - Troubleshooting Steps:
        - Disable and enable Wi-Fi or toggle airplane mode.
        - Restart the device to clear memory and reload drivers.
        - Perform a malware scan to identify and remove infection.

High Number of Ads

  • Malware Objectives:
      - Malware may increase ad exposure to generate revenue for views and clicks.
      - FakeAdsBlock malware strain is an example.

  • Ad Blocker Example:
      - A 2019 ad blocker promised to remove ads but instead increased them once installed.

Fake Security Warnings

  • How Malware Gains Access:
      - Fake security warnings trick users into installing malicious software, posing as legitimate alerts.

  • Users' Data Vulnerability:
      - Malware can directly access sensitive user data, including credit card details, stored passwords, browsing history, and text messages.
      - Users should avoid clicking on misleading alerts and utilize a malware removal tool if infected.

Unexpected App Behavior

  • Signs of Compromise:
      - Apps unexpectedly closing or experiencing excessive delays and missing standard features.

  • High Battery Utilization:
      - Particularly when specific apps are running.
      - Recommended action: update the app to the latest version to rectify issues.

Leaked Personal Files

  • Consequences of Unauthorized Access:
      - Unauthorized access to accounts and root access may result in personal data being leaked.
      - Users should investigate the cause of data breaches and conduct app and anti-malware scans.

  • Final Steps for Security:
      - Perform a factory reset with a clean installation if necessary.
      - Check online data sources such as Apple iCloud, Apple Configurator, Google Workspace, Microsoft OneDrive.
      - Change passwords and enable Multi-Factor Authentication (MFA) for additional security.