Saturday, May 21, 2022

The 5 New Ways In Which Your Android & iOS Devices Are Being Targeted

 


Well, happy weekend everybody!!!  It’s hard to believe that in another week it will be Memorial Day Weekend, and soon, half the year will be over.  Honestly, this year has gone by the fastest than I ever remember. 

But speaking of the halfway mark, in June I will be releasing my midyear Cyber Report. Just to pique your curiosity somewhat, the topic will be about the true cost of Security Breaches that have occurred here in the United States.

Everybody talks about it; nobody has really put a firm dollar value to it.  This is where I am hoping this report will have.  One of the other objectives of it is to hopefully raise some alarm bells as well.  I could have written about other topics, but last year I covered Ransomware, and at the beginning of this year, I covered Phishing.

Anyways, as we hit June, there is yet another form of threat vector out there that has not received the attention it should be getting.  We are all so obsessed with the Cyber impacts from Russia invading the Ukraine, that this one has totally faded out. 

What am I talking about?  It is attacks to our mobile devices, whether there are notebooks, tablets, laptops, smartphones, etc. 

Luckily, I came across an article which covered some of the major avenues in which your device can be attacked.  Some of them I never even thought of before.  So, here we go:

1)     Conducting Fraud:

When one thinks of an attack to a smartphone, the immediate thoughts that come into mind are that of the Cyberattacker taking 100% control of the device, or implanting some kind of Malware on it in order to gain access to the information that is stored on it.  But now, hackers can use your smartphone as a way to conduct fraudulent based activities.  This is technically known as “On Device Fraud”, or “ODF” for short.  This kind of attack first hit the mobile apps that were created for the customers of the major banks, but now it is being used anywhere fraud can be carried out. Two of the most notorious threat variants are that of Octo and Teabot.  They both allow for the hijacking of video conferencing and screen sharing on your Android device.  More information about these two can be seen at these links:

https://thehackernews.com/2022/04/new-octo-banking-trojan-spreading-via.html

(FOR OCTO)

https://www.zdnet.com/article/teabot-android-banking-trojan-continues-its-global-conquest-with-new-upgrades/

(FOR TEABOT)

2)     Redirecting phone calls:

Think Smishing attacks and Robocalls are annoying enough?  Well, here is something that is even scarier.  Placing a call on your smartphone with a legitimate phone number, the Cyberattacker intercepting it, and instead rerouting your call to another receiver.  In this entire process, you do not even know what is happening until the person picks up on the other side.  This trend started to happen with a rogue mobile app Trojan Horse known as “Fakecalls”.  During the installation process of this app, the Cyberattacker overwrites all of the permissions on your smartphone.

More information about this nasty Trojan Horse can be seen at this link:

https://usa.kaspersky.com/blog/fakecalls-banking-trojan/26354/

3)     Taking over push-notifications:

This is when you receive a direct notification, such as a One Time Password (OTP) in which you have to respond to.  For example, many financial institutions now require some sort of 2FA, and using an OTP fits this bill perfectly.  But now, there is a new piece of Malware called the “FluBot” that directly targets the push notification functionalities of Android based devices.  This Malware will reply automatically to any sort of push notification that you may receive, even without you knowing about it.  Even worst, it can even hijack the address book in your Android device, and spread itself like a worm to infect other wireless devices to your contacts.  This kind of attack is known technically as “Push Message Phishing”.  There is another variant of this which is known as “Sharkbot”, and information about both can be seen at these links:

https://www.darkreading.com/threat-intelligence/flubot-malware-s-rapid-spread-may-soon-hit-us-phones

(FOR THE FLUBOT)

https://www.darkreading.com/endpoint/google-removes-dangerous-banking-malware-from-play-store

(FOR THE SHARKBOT)

4)     The creation of new domain names:

A new trend that started to occur when COVID-19 hit was the registration of many domain names by the Cyberattacker.  While one intent of this was to create phony and fictitious websites, the other has been used to create multiple command and control centers hosted on VMs.  For example, when a Cyberattacker launches an attack, he or she may not specifically target the victim. Rather, they will issue remote commands through one of these servers to in target the victim, in an effort to disguise themselves.  But keep in mind that tracking these kinds of ill-used domains has been a target of law enforcement, such as that of the FBI.  So to avoid further detection, the Cyberattacker will shut down the VM on which a domain has been used, and create a new one, to host a new domain to be used for these malicious purposes.  The Sharkbot variant has been used for this very purpose, in an effort to stay covertly inside your wireless device for extended periods of time.  In a way, this can also be compared to that of an Advanced Persistent Threat.

5)     Getting through Google and Apple:

Apple has one of the most stringent requirements when it comes to uploading of new apps to iTunes, and Google not so much. But even despite these tight requirements, Cyberattackers have found ways to bypass all of this and deploy the rogue mobile apps.  These kinds of apps are technically known as “Droppers”.

My Thoughts On This:

There are numerous ways in which to lessen the odds of becoming a victim of a smartphone attack:

1)     Limit mobile app usage.  I know life is a lot easier with a mobile app for everything, but the more you put on, the more you are increasing your attack surface.  Try restricting how many mobile apps you put on to those that are really only necessary.  As for myself, I hardly ever use mobile apps.  I only have two of them.

 

2)     Always read the reviews of a mobile app you want to use.  If they are any good, then it just gives that mobile app more credibility. But take this with a grain of salt.  Even a Cyberattacker can put up fake reviews.

 

3)     Always confirm the authenticity of the mobile app. By this, I mean actually try to call the creator of it.  Any legitimate mobile app designed by a real company should have a distinct website, with real contact information.

 

4)     Always keep your wireless updated with the latest versions and software patches/upgrades.

 

In the end, for the sheer lack of a better term, you have CYA.  In other words, trust your gut.  If it doesn’t feel right, then download it.

No comments:

Post a Comment

How To Launch A Better Penetration Test In 2025: 4 Golden Tips

  In my past 16+ years as a tech writer, one of the themes that I have written a lot about is Penetration Testing.   I have written man blog...