Cybercriminals are increasingly setting their sights on smartphones and other mobile devices, according to a recent report from the Anti-Phishing Working Group (APWG) called In Mobile Threats and the Underground Marketplace. What’s driving their interest is a huge opportunity – more than two billion mobile devices that will be processing $1.3 trillion in payments by 2015.
In shocking detail, APWG’s report describes how mobile malware has become an industrialized process run by organized cybercrime gangs targeting Google Android, Apple iOS and other mobile handling systems. In the eCrime marketplace, the price for mobile malware apps runs from $400 for a basic mobile keylogger to over $30,000 for a complete mobile banking fraud package. Renting a botnet costs just $50/hour. And an SMS spam campaign goes for just 2.8 cents per text.
Those chilling findings are echoed in Juniper Networks Mobile Threats Report released in June. It found mobile malware threats grew at the staggering rate of 614%. And 92% of the detected threats were aimed at Android devices which accounted for over 2/3 of all smartphones shipped in 2012. Juniper’s Mobile Threat Center identified more than 500 third party Android app stores worldwide with little or no accountability or oversight that are known to be hosting mobile malware. Three out of five originate in Russia or China.
The MTC also found several legitimate free apps that could pose a risk of leaking sensitive corporate data on mobile devices. The free mobile apps it sampled are five times more likely to track location and 2 1/2 times more likely to access mobile users’ address books than their paid counterparts. “There’s no doubt mobility will continue to be a pervasive and disruptive force across every industry,” says Troy Vennon, director of Juniper Networks Mobile Threat Center. That means you need to take action to secure your mobile devices or face a malware-ridden future.
- Only install apps from trusted sources such as Google Play and the Apple App Store.
- Don’t install apps that ask for permission to do anything other than what they need to do their job.
- Make sure your mobile device’s operating system and applications are up to date and its security settings and software are enabled. As of June, 2013, only 4% of Android phones were running the latest version of the operating system according to Google.
- Protect your phone with a unique password; and don’t store passwords for access to your accounts.
- Disable features that allow your phone to automatically connect to new WiFi networks or Bluetooth devices.
- Check with the WiFi hotspot operator to make sure you’re connecting to the real hotspot, not a rogue designed to steal your information.
- When you’re using your mobile device at a WiFi hotspot, the best way to protect your information is to use a Virtual Private Network. VPNs encrypt the information traveling to and from your smartphone by sending it through a secure tunnel that’s invisible to hackers. The Federal Trade Commission, the FBI and the Better Business Bureau recommend using a VPN whenever you’re at a WiFi hotspot. Your online security depends on it.