Smartphone malware is on the rise - here's how to stay safe

An abstract image of digital security.
(Image credit: Shutterstock)

The volume of malware attacks targeting mobile devices has skyrocketed so far this year, cybersecurity researchers are saying.

A new report from security company Proofpoint claims that the number of detected mobile malware attacks has spiked 500% in the first few months of 2022, with peaks at the beginning and end of February.

Much of this malware aims to steal usernames and passwords from mobile banking applications, Proofpoint says. But some strains are even more sinister, recording audio and video from infected devices, tracking the victim's location, or exfiltrating and deleting data. 

TechRadar needs yo...

We're looking at how our readers use VPNs with different devices so we can improve our content and offer better advice. This survey shouldn't take more than 60 seconds of your time. Thank you for taking part.

>> Click here to start the survey in a new window <<

Smishing attack vector

Cybercriminals will usually try to deploy the malware through smishing, or SMS phishing. In other words, they will send a malicious link or app through the SMS service. This makes Android, which is a lot more lenient when it comes to the installation of third-party apps, somewhat of a bigger target. 

According to Proofpoint, some of the most popular malware variants are FluBot, TangleBot, Moghau, and TianySpy. 

Since the end of February, the number of mobile malware attacks has somewhat dipped, but now is not the time to relax, the researchers claim. Instead, they urge everyone to stay vigilant and wary of any unexpected, unrequested SMS messages, particularly those that carry links or attachments. 

"Consumers need to be very skeptical of mobile messages that come from unknown sources. And it's important to never click on links in text messages, no matter how realistic they look. If you want to contact the purported vendor sending you a link, do so directly through their website and always manually enter the web address/URL," said Jacinta Tobin, VP of Cloudmark Operations for Proofpoint. 

"It's also vital that you don't respond to strange texts or texts from unknown sources. Doing so will often confirm you're a real person to future scammers," she added. 

Having an extra layer of protection, such as two-factor authentication for important apps or a mobile antivirus solution, could help as well.

Via: ZDNet

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.