Friday, November 10, 2023

Learn About The Latest Risk To The Android Device - The IMUTA Malware

 


Let’s fac it, our smartphones are the extension of our lives, both on a personal and professional basis.  If anything happens to it, we are totally paralyzed, in a way like losing our Internet connection.  But given how much we actually use them; they have been for the longest time a prime target for the Cyberattacker. 

There have been countless articles written about how to keep your device safe as much as possible, so today I am going to be one of them.

But we take a different approach on this one, in that we focus upon the Android, and all of the smartphones that use them.  At the present time, this is the most popular OS that is around.  In fact, it has been estimated that there are over 3 billion users of it on a global scale. 

Most of them have relied heavily upon the antimalware, antivirus, firewall, etc.  that is installed onto them as the main source of protection.  But truth be told, the malware of today has become so sophisticated and covert that many of them bypass these traditional safeguards and very often are not detected in time.

The main culprit behind this trend is believe or not, Generative AI.  Through the use of the various platforms that have become available (especially that of ChatGPT) a Cyberattacker can literally create a piece of malicious payload that can be easily spread in Phishing emails, and even tricking legitimate chatbots that many people make use of. 

The Cyberattacker can now quite easily “jailbreak” into the core of the chatbot, and manipulate it in a way to launch Social Engineering attacks.  For example, if an end user went to a website seeking advice on something from a chatbot, it could really be just a fake, and instead, it could pose questions back, or even engage in a particular conversation, that will urge the end user to give up their private and confidential information, ranging anywhere from financial information to their Social Security numbers.

As a result of all of this, there has been a 61% rise in Phishing based attacks alone just from Generative AI, and outsmarting the chatbots.  Apart from this, another grave threat that is posed to the Android user is what is known as “Incremental Malicious Update Attacks”, also known as the “IMUTA” for short. 

Essentially, this is where a Cyberattacker will deploy a malicious payload in an incremental fashion, finding its home in a mobile app that is not completely secured.  In fact, the major source of where these malicious are deployed is the Google Play Store.

The trick here is that every time the end user updates their Android device, this malicious payload will become more dominant in the OS, until is too late to do anything about it.  According to a recent article that was  published in the Journal of Ambient Intelligence and Humanized Computing, the researchers have demonstrated how IMUTA can be used to breach the privacy of how a voice search application (which is actually a mobile app) that is downloaded from the Play Store can add malicious features through the incremental updates. Worst yet,

The malware can scan and collect private user data from the device, such as contacts, messages, photos, and transmit it to a remote server for covert execution.

More information about this threat vector can be found at the following links:

https://scholars.org/contribution/imuta-malware-breaches-google-play-security

https://link.springer.com/article/10.1007/s12652-023-04535-7

So given just how scary the above scenario can be, what is an Android user supposed to do?  Well, first keep in mind that all people who use a smartphone are prone to being hacked.  The key here is in mitigating that risk.  So here are some quick steps that you can take:

1)     Be careful of what you download:

For example, do you really need this app, or is  just a “want to have”?  My recommendation would be to download those apps that you really need.  Before you do so, always check the website of the vendor, and try to find any reviews by doing online searches.  If there is anything negative about you, don’t download it!!!

2)     Keep your smartphone updated:

Simply put, if there is an update, install it.  If possible, enable your smartphone to update automatically, but outside of hours when you are not using it.

3)     Monitor your device:

Beware of any subtle signs that your device is telling you.  For example, watch for any slowdowns, unusual system crashes, or any pop ups that appear.  These are usually the first warning signs of the IMUTA threat vector.

My Thoughts On This:

To be honest, if I was shopping for a smartphone or looking for a replacement, I would go with an iPhone.  I have been a user of one since 2014 or so, and the security features they have are great.  Also, the app store from Apple is pretty secure as well. 

For instance, before any mobile app can be uploaded for general consumption by the public, Apple requires that the software developer(s) follow stringent security testing measures, including thoroughly testing the mobile app in a sandbox environment, then releasing it to a limited production environment.

Just some food for thought.

No comments:

Post a Comment

How To Launch A Better Penetration Test In 2025: 4 Golden Tips

  In my past 16+ years as a tech writer, one of the themes that I have written a lot about is Penetration Testing.   I have written man blog...