Mobile platforms are under attack more and more every day as cyber criminals look for new ways to install malware with advanced capabilities on iPhone and Android devices. Of course, mobile attacks have been a problem for years, but the threats are evolving at a rapid pace.
The malware now being deployed has full remote access capabilities that can post threats to individual users, and thus, larger companies overall. Both the United States and European Union are contemplating antitrust regulations that would make sideloading apps a right, an attempt at combating the increasingly intelligent malware. Below, you will find four malware tactics that companies should be aware of and prepare security for:
On-device fraud (ODF) has become the most concerning of the new malware tactics. This is when cyber criminals have the ability to perform fraudulent actions directly from a device. Specifically, ODF has recently been used in mobile baking Trojans. ODF has mostly been used to target banks and other financial theft, but they can be manipulated to target other accounts and tools commonly used by businesses. These other tools could include Slack, Teams and Google Docs.
Another tactic is intercepting legitimate phone calls. This happens when users are trying to contact outside businesses or organizations. Cyber criminals end the connection of a call made by the user and redirect it to another number controlled by the cyber criminals. Users still see the number they were trying to call, so they don't immediately realize their call has been redirected to a fake call service. The malware does this successfully by securing call handling permission during app installation.
Notification Direct Reply Abuse
This type of malware intercepts and replies to push notifications from target applications. This can allow the cyber criminal to sign fraudulent transactions, intercept authentications, and edit notifications sent to the victims device. This can also be used to send malicious messages to contacts within a device through social applications.
Domain Generation Algorithm
Domain generation algorithm (DGA) is also used in mobile malware to avoid being detected. The mobile malware will constantly create and use new domain names and IP addresses for its servers, to make it difficult cyber security teams to detect the malware.