In its Mobile Threat Landscape Report, released today, cybersecurity firm CrowdStrike highlighted the “key types of mobile malware observed so far in 2019, along with their typical deployment mechanisms.” The report also identified both how and why some adversary groups and cybercriminals are targeting mobile devices for both intelligence and financial gains and takes a forward-looking approach to understand potential changes in the threat landscape.
“As a result of changes in the way people use and protect their devices, malicious actors have increasingly sought to diversify the way they attempt to compromise their targets and achieve their objectives,” the report explains. “This diversification includes the development of malware for mobile devices, which often do not have access to the same level of security monitoring as desktop computers and servers.”
The report further explains that successful compromises of mobile devices can actually provide cybercriminals with “more extensive access to large amounts of personal data” than hacking desktop computers or servers. “This density of personal information offers an attractive target to a range of adversaries, leading to an uptick in both targeted and commercial mobile malware families,” CrowdStrike explains.
The report identified five key findings:
- “The targeting of mobile platforms is increasingly being adopted by a range of criminal and targeted intrusion adversaries.
- Malware targeting mobile banking is likely to remain prolific, supported by a prolific underground industry of developers operating mobile ‘malware-as-a-service’ subscription models to complement their desktop offerings.
- Targeted adversary groups continue to develop mobile malware variants, typically as ports of established malware families. Development capability has proliferated to less-skilled groups due to the accessibility of proof-of-concept mobile malware variants.
- Mobile malware running on the Android operating system is most prevalent at this time, driven by the ease of installing new applications from third-party sources.
- The current maturity level of mobile security solutions lags behind that of traditional platforms, leading to longer potential attacker dwell times on compromised mobile devices.”
The report also identifies the most popular and prevalent types of mobile malware – Remote Access Tools (RATs), Banking Trojans, mobile ransomware, cryptomining malware, and advertising click fraud – and explains that while the malware can be installed on targeting devices in multiple mechanisms, most variants “ultimately take the form of some kind of Trojan application that the user is persuaded to install.”
In terms of the threat outlook, CrowdStrike explained that “as with malware designed to target desktop machines, there is a continual battle between defenders and attackers seeking to maintain or subvert the security of these devices. This has resulted in an ever-increasing set of malware capabilities that have been developed to ensure that malicious actors can continue to achieve their objectives.”
However, while there are some similarities between the goals and implementation of desktop and mobile malware, “the security landscapes they operate in are very different. While desktop computing has benefited from years of development in commercial and open-source malware research and detection, the current state of defensive technology in the mobile space is less mature; although mobile malware is researched by the security community, detection methodologies that can be employed by the user – such as antivirus monitoring – are currently more limited in comparison.”
CrowdStrike did offer six security recommendations for the mobile device end-users
- Download applications from trusted sources such as official app stores;
- Be on the lookout for phishing messages;
- Regularly apply security patches to mobile operating systems and installed applications;
- Establish security around solid MDM processes;
- Evaluate Mobile endpoint detection and response solutions; and
- Maintain physical security of physical devices.
