What is Mobile Malware? Types, Methods and Examples

Mobile malware is a growing threat to users. Understand the types of mobile malware and how to protect your devices from infection.
By SentinelOne June 24, 2021

Mobile malware is a growing threat that targets smartphones and tablets. This guide explores the different types of mobile malware, how they spread, and their potential impacts on users.

Learn about effective strategies for detecting and removing mobile malware and best practices for securing your devices. Understanding mobile malware is crucial for protecting personal and organizational data.

What is Mobile Malware?

Mobile malware is malicious software that targets smartphones, tablets, and other mobile devices to gain access to private data.  Although Mobile Malware is not as prolific as it’s counterpart (malware that attacks traditional workstations) it’s a growing threat for all organizations.

Threat actors use various types of mobile malware (and deployment methods) to access smartphones. To help keep your organization safe, it’s important to know each of them.

Types of Mobile Malware

Knowing the different types of mobile malware will give you a better idea of how to protect yourself and identify threats. Let’s take a look at the different types of mobile malware below.

Remote Access Trojans (RATs)

Attackers use RATs to gain extensive access to data from their mobile devices and are most often used for intelligence collection. The typical data that RATs collect include your call history, SMS data, browsing history, and installed applications. What’s dangerous is that attackers may use RATs to enable cameras, send messages, and log GPS data.

Bank Trojans

Your bank account information is the number one target of attackers, so be wary of Bank Trojans. Attackers disguise Trojans as applications that may seem legitimate to trick users into providing confidential information. Bank Trojans access details of your financial accounts like your login details by spoofing a financial institution’s login page.  Once installed on the client’s computer, the hackers have a backdoor into their computer, which allows access to computer files and systems, so that identity theft and unauthorized financial transactions can take place.

Ransomware

Ransomware is malware that attackers use to gain access to your mobile device. They access important data and encrypt it until a ransom is paid..

Only until the ransom is paid can the victim get back access to their encrypted files Most often, ransom demands involve payment in Bitcoin.

Cryptomining Malware

This mobile malware allows attackers to mine cryptocurrency like Monero on a user’s device. It enables attackers to run calculations through the victim’s browser with JavaScript without installing software. Crypto mining allows cybercriminals to hijack a client’s computer to use their processing power and electricity to mine cryptocurrencies for free.

Mining these cryptocurrencies takes a lot of processing power, as only the first person to solve the complex mathematical problem will be paid for their efforts in cryptocurrency.  Those affected will generally notice a marked decrease in their battery life, and also that their computer is running very slowly.

Mobile Spyware (Stalkerware)

Mobile Spyware runs in stealth mode and aims to collect your data undetected.It targets data such as your activity and account login information. Cybercriminals hide Spyware behind harmless-looking apps in order to avoid detection.

Mobile Adware

Malicious adware poses a danger to your mobile devices. Threat actors use “malvertising” code to infect the root of your device, forcing the download of malicious adware.

This also allows attackers to steal data stored in your mobile device. This includes log-in information, contacts, and your location.

Drive-By Downloads

While visiting websites is easy, mobile malware like drive-by downloads threatens cybersecurity. When you open infected websites, the malware will instantly install itself on your device. These variants can give spyware, adware, and more access to your device.

Methods of Mobile Malware Infection

Several methods can be used to infect a mobile device with malware. Some common methods include:

  • Downloading infected apps: Malware can be hidden in apps available for download from app stores or third-party websites. When a user downloads and installs the app, malware is also installed on their device.
  • Visiting malicious websites: Malware can be delivered to a mobile device through a website designed to exploit vulnerabilities in the device’s web browser. When a user visits the website, the malware is automatically downloaded and installed on their device.
  • Opening malicious email attachments: Malware can be delivered through email attachments, such as PDF files or Word documents. The malware is installed on their device when a user opens the attachment.
  • Using infected USB drives: Malware can be spread through USB drives that are infected with the malware. When a user connects the USB drive to their device, the malware is transferred to the device.

Protecting your mobile device by only downloading apps from trusted sources, keeping your device’s operating system up to date, and using a reputable mobile security app.

Examples of Mobile Malware Campaigns

One example of a mobile malware campaign is the “Gooligan” campaign, which was discovered in 2016. This campaign targeted Android devices and infected over 1 million, stealing the users’ Google account credentials. The malware was spread through infected apps downloaded from third-party app stores.

The “XcodeGhost” campaign targeted iOS devices in 2015. This campaign infected over 4,000 apps, including popular apps such as WeChat and Didi Chuxing, and was spread through a compromised version of Apple’s Xcode development software.

Another example is the “HummingBad” malware campaign that targeted Android devices in 2016. This campaign infected over 10 million devices and was used to generate fraudulent advertising revenue. The malware was spread through infected apps downloaded from third-party app stores.

The “Agent Smith” malware campaign was recently discovered in 2019. This campaign targeted Android devices and infected over 25 million, replacing legitimate apps with malicious versions without the user’s knowledge. The malware was spread through infected apps downloaded from third-party app stores.

Mobile Malware Analysis Protects You from Cybercrime

What is Mobile Malware Analysis?

Mobile malware analysis detects and identifies malware, it’s origin and the potential impact on your mobile device..

Mobile Malware Analysis Tools

Mobile malware analysis tools display strategies that attackers use to deliver mobile malware. They also give updated malware attack statistics and present acknowledged malware detection processes.

Mobile malware analysis results in three main benefits. These benefits include being able to detect malware on your mobile device.

Detection allows room for actions that put an end to the threat. The experience will also give you data that can help with your research about malware.

Precautionary Measures for Cybersecurity 

Aside from mobile malware analysis tools, there are best practices that you can use to protect yourself from mobile malware. Here are a few recommendations.

Update Applications Frequently

Developers are always looking for ways to ensure their apps are secure from mobile malware. Continue to update your apps, to the latest available version to ensure that you are getting the best and most secure experience.

Use Secure Wi-Fi

As an IT Professionals, we have to think about how your team members might approach the offer of free Wi-Fi.  Although it’s tempting for them to connect to free Wi-Fi in malls, cafes, and other public places, employees need to be wary of their security, as public Wi-Fi is a cybercriminal’s playground. Threat actors attack the most vulnerable devices on the network and can pose an undetected threat for months or years. We should advise them to use extra caution while on a free Wi-Fi network, and not to download or click on links that they’re not familiar with.

Other best practice methods to increase mobile security include using a firewall and having two-factor authentication for login credentials. While on a public Wi-Fi network, they should also be cautious about what personal information they’re sharing. For example, banking and healthcare data is something better saved for when they’re on a secure private network, rather than an unsecured network.

Defend Yourself and Your Team From Mobile Malware!

There are many mobile malware threats, for both individuals and for companies to manage. Is your organization secure? The SentinelOne platform delivers the defenses you need to prevent, detect, and rollback—known and unknown—threats.

Set up a demo of SentinelOne here.

Schedule A Demo
SentinelOne encompasses AI-powered prevention, detection, response and hunting.

Endpoint Security that Stops Threats at Faster Speed and Greater Scale Than Humanly Possible.

One intelligent platform for superior visibility and enterprise-wide prevention, detection, and response across your attack surface, from endpoints and servers to mobile devices.