In this article we examine the different variants of mobile malware, and how one can prevent becoming infected with mobile malware by using a secure device.
Our phones store our most personal information, including photos, text messages and emails. Mobile malware can reveal directly what's going on in our lives, bypassing the encryption that protects data sent over the internet.
Mobile malware can reveal extremely private and sensitive personal and company information. As mobile phones are becoming the main method of transmitting sensitive documents, mobile malware will continue to cause billions in losses from companies around the world.
One report found that for an enterprise, the economic risk of mobile data breaches, including direct operational costs, as well as potential maximum loss from non-compliance and repetitional damage, could be as high as $26.4 million. It also found that mobile data breaches are more common than many may think. Two-thirds (67 percent) of organizations report having had a data breach as a result of employees using their mobile devices to access the company's sensitive and confidential information. With an average of 3 percent of employees' mobile devices infected with malware at any point in time, that's more than 1,700 mobile devices, in a typical organization, connecting to an enterprise network everyday.
"It's never been more clear that mobile devices can be a critical part of the attack equation" said Craig Shumard, former Cigna CISO and current cybersecurity advisor. With the rise in access to corporate data via mobile devices, those devices will become bigger targets for the bad guys. And the cost to the enterprise will only increase. ( Report: The Economic Risk of Confidential Data on Mobile Devices in the Workplace ” https://prn.to/3HEJn6o )
Some of the more widespread mobile malware variants are from the Agent Tesla family which made up approximately 30% of all mobile malware attacks in 2021. Formbook malware was the second most common type found, followed by those from the LokiBot family. There are many additional mobile malware variants. Some more dangerous and insidious than others.
Mobile malware can be classified into different categories such as adware, backdoor, file infector, potentially unwanted application (PUA), ransomware, riskware, scareware, spyware, and trojan, trojan-sms, trojan-spy, trojan-banker, and trojan-dropper. Each malware category has some unique characteristics that differentiate it from other malware categories.
One of the more threatening types is one developed by Israeli cybersecurity firm NSO Group called Pegasus. Pegasus malware is the latest example of how vulnerable we all are to digital prying, and mobile malware in general
What is Pegasus?
Pegasus is NSO's best-known product. It can be installed remotely without a surveillance target ever having to open a document or website link, according to The Washington Post.
Pegasus uses a “jailbreaking” process on iPhones and a technique called “rooting” on Android phones to hack the devices. This allows the entity installing it to further modify the phone. Built-in security controls on the phone are essentially disabled. This is why Pegasus is so deadly, it is zero-click malware, and will deploy if the user misses a WhatsApp call or an SMS. It will launch without detection by the user.
This would not be possible on a SecureCrypt device however as SecureCrypt phones run on a secured and locked down operating system that does not allow for the installation of any apps unless otherwise approved by SecureCrypt.
Furthermore, the key technique that Pegasus uses (a soft jailbreak and/or rooting) will not work as SecureCrypt devices are 'hardened" devices, and do not allow for any type of jailbreaking or rooting. If this is attempted, your SecureCrypt devices will detect that it is been rooted or jailbroken, and using device attestation, the device will wipe itself automatically.
SecureCrypt devices also run on a private network, with network level protections which makes them immune to techniques used to spread mobile malware to begin with, such as through SMS. You can only obtain this level of protection by using a secure phone, which is what SecureCrypt offers.
SecureCrypt uses its own cryptographically signed secure App Store self hosted and self managed. Only applications signed with our own digital keys can be deployed, further enhancing device security and privacy.
Using a secure phone with network level, device level, and messaging level protections would prevent any important heads of state, diplomats, politicians, government employees, executives, activists, journalists or anyone else using a SecureCrypt device from being compromised by Pegasus malware. This unfortunately is not the case for those who do not use a secure. Communicating with a secure app is simply not enough.
Pegasus reveals all to the NSO customers who control it -- text messages, photos, emails, videos, contact lists -- and can record phone calls. It can also secretly turn on a phone's microphone and cameras to create new recordings, The Washington Post said.
The GPS, Bluetooth, NFC and tracking sensors are disabled on SecureCrypt devices
from within the kernel level of the operating system.
SecureCrypt also protects against attacks that simply target a phone number or SIM card as our devices operate on a private network, and our devices are not registered on any cellular network using any phone number at all. SecureCrypt SIM cards are encrypted, and have a separate additional dedicated VPN onboard our SIM cards. We also use private APNs which is another layer of security we provide to our clients.
Our devices cannot be simply “discovered” by an attacker who uses an automated process to send out malicious SMS messages to a list of phone numbers, which greatly reduces the risk posed by using an insecure line on a public cellular network.
Using an insecure phone on a public wireless network (Rogers/AT&T/Verizon) is by far the most insecure way to communicate and opens you up to multiple methods of attack. SIM swapping is also not possible with SecureCrypt as we act as our own private mobile wireless provider. This gives us enhanced capabilities in terms of securing our networks, and securing our SIM cards.
Whose phones did Pegasus infect?
In addition to countless unidentified victims, two journalists at Hungarian investigative outlet Direkt36 had infected phones, The Guardian reported.
A Pegasus attack was launched on the phone of Hanan Elatr, wife of murdered Saudi columnist Jamal Khashoggi, The Washington Post said, though it wasn't clear if the attack succeeded. But the spyware did make it onto the phone of Khashoggi's fiancee, Hatice Cengiz, shortly after his death.
Also affected were French President Emmanuel Macron, Iraqi President Barham Salih and South African President Cyril Ramaphosa. Also on it are seven former prime ministers and three current ones, Pakistan's Imran Khan, Egypt's Mostafa Madbouly and Morocco's Saad-Eddine El Othmani. King Mohammed VI of Morocco also is on the list.
Seven people in India were found with infected phones, including five journalists and one adviser to the opposition party critical of Prime Minister Narendra Modi, The Washington Post said. And six people working for Palestinian human rights groups had Pegasus-infected phones, Citizen Lab reported in November.
Edward Snowden, who in 2013 leaked information about US National Security Agency surveillance practices, called for a ban on spyware sales in an interview with The Guardian. He argued that such tools otherwise will soon be used to spy on millions of people.
State Sponsored APTs & Cyber Espionage
Advanced Persistent Threats (APTs)
If there's one thing that keeps corporate cybersecurity professionals awake at night, it's the thought of an attack employing a range of sophisticated techniques designed to steal the company's valuable information.
As the name "advanced" suggests, an advanced persistent threat (APT) uses continuous, clandestine, and sophisticated hacking techniques to gain access to a system and remain inside for a prolonged period of time, with potentially destructive consequences.
Because of the level of effort needed to carry out such an attack, APTs are usually levelled at high value targets, such as nation states and large corporations, with the ultimate goal of stealing information over a long period of time, rather than simply "dipping in" and leaving quickly, as many black hat hackers do during lower level cyber assaults.
APT is a method of attack that should be on the radar for businesses everywhere. However, this doesn’t mean that small- and medium-sized businesses can ignore this type of attack.
APT attackers are increasingly using smaller companies that make up the supply-chain of their ultimate target as a way of gaining access to large organizations. They use such companies, which are typically less well-defended, as stepping-stones.
SecureCrypt uses Triple-Layered Encryption, secure devices, and network connections, to ensure you are protected from the usual methods of attack, such as SMS messaging and email based attacks. Because SecureCrypt operates on a private network using private Access Point Names (APNs), regular SMS is not possible and has been disabled at the network level. Our SIM cards also have a VPN on board which protects against any initial foothold an attacker may get, as protecting your identity 100% of the time if an attacker is trying to use social engineering techniques to find out how to contact you. Your private ECC ID can only be given out by you, it is not discoverable on any network like a phone number is.
Vietnam’s OCEANLOTUS has been conducting mobile malware operations since at least early 2014, pre-dating the identification of the group by a year. A new OCEANLOTUS campaign BlackBerry researchers identified as a new mobile malware family that was propagated via fake apps available in well-known app stores.
A newly identified Chinese APT named BBCY-TA2 by BlackBerry researchers utilized a new Windows malware family dubbed PWNWIN1. Along with another new Chinese APT group named BBCY-TA3, these threat
actors engaged in economic espionage against
Western and South Asian telecom companies and
nearly every large chemical company outside of China.
• OPERATION DUALCRYPTOEX uses new malware families that
target both Android and Windows® by a newly identified Chinese APT.
• OPERATION OCEANMOBILE by APT group OCEANLOTUS
delivered malware via a sophisticated trio of fake mobile apps.
• OPERATION DUALPAK by APT group BITTER targeted Pakistani
military with a new mobile malware family distributed via fake
apps, SMS, WhatsApp® and other social media platforms.
• OPERATION DUALPAK2 by APT group CONFUCIUS targeted
Pakistani government and military with a new Windows malware
family distributed via JavaScript version of a chat app.
The only way to protect against these types of attacks is by using a secure, encrypted device which operates on a private network. Our locked down and containerized operating system prevents users from accidentally installing malicious apps, or being coerced via social engineering attacks to install malicious apps. Our locked down operating system provides many more security features that most commercial level mobile security solutions do not.
When it comes to sensitive phone calls between business, government, or political associates you cannot afford to have your calls intercepted and your secrets discovered.
APTs are actively targeting all types of businesses, small to large for a variety of reasons. Ransomware, surveillance, and data theft/extortion being the most dangerous to a company.
SecureCrypt devices are all FIPS 140-2 compliant.