The volume of malware attacks targeting mobile devices has skyrocketed so far this year, cybersecurity researchers are saying.
A new report from security company Proofpoint claims that the number of detected mobile malware (opens in new tab) attacks has spiked 500% in the first few months of 2022, with peaks at the beginning and end of February.
Much of this malware aims to steal usernames and passwords from mobile banking applications, Proofpoint says. But some strains are even more sinister, recording audio and video from infected devices, tracking the victim's location, or exfiltrating and deleting data.
We're looking at how our readers use VPNs with different devices so we can improve our content and offer better advice. This survey shouldn't take more than 60 seconds of your time. Thank you for taking part.
>> Click here to start the survey in a new window (opens in new tab) <<
Smishing attack vector
Cybercriminals will usually try to deploy the malware through smishing, or SMS phishing. In other words, they will send a malicious link or app through the SMS service. This makes Android, which is a lot more lenient when it comes to the installation of third-party apps, somewhat of a bigger target.
According to Proofpoint, some of the most popular malware variants are FluBot, TangleBot, Moghau, and TianySpy.
Since the end of February, the number of mobile malware attacks has somewhat dipped, but now is not the time to relax, the researchers claim. Instead, they urge everyone to stay vigilant and wary of any unexpected, unrequested SMS messages, particularly those that carry links or attachments.
> ‘Smishing’: the new SMS fraud (opens in new tab)
> This new SMS smishing malware is targeting Android mobile users (opens in new tab)
> Recognizing and guarding against SMS FluBot phishing scams (opens in new tab)
"Consumers need to be very skeptical of mobile messages that come from unknown sources. And it's important to never click on links in text messages, no matter how realistic they look. If you want to contact the purported vendor sending you a link, do so directly through their website and always manually enter the web address/URL," said Jacinta Tobin, VP of Cloudmark Operations for Proofpoint.
"It's also vital that you don't respond to strange texts or texts from unknown sources. Doing so will often confirm you're a real person to future scammers," she added.
Having an extra layer of protection, such as two-factor authentication for important apps or a mobile antivirus (opens in new tab) solution, could help as well.
- Here are the best firewalls (opens in new tab) right now
Via: ZDNet (opens in new tab)