With smartphones we store a huge amount of personal and organizational sensitive information. While cybersecurity hardening for the servers, pc/endpoint computers have greatly improved and adopted. Mobile device protection is yet not in the stage of “consideration” for many. Hence, hackers consider smartphones now as a much more exposed target.With the advent of sophisticated “zero click zero day” malware targeting mobile device platforms and the kind of cyber-espionage campaigns that are being surfaced, it is critical to take the action quickly.
A zero click zero day can be understood as – “Unknown exploitable vulnerability” (known to and exploited by threat actors) if targeted could compromise the subject by sending a simple URL that didn’t even need to be clicked/ triggered by victim or just by visiting a website.
In the recent findings by industry researchers, a simple message with link, or a whatsapps video miscall could compromise a vulnerable mobile device.This opens up a lot low hanging and need for immediate action.
Put together, below are a few telltale signs of a malware infected mobile device;
- Unknown apps in your device / apps getting installed automatically
- Frequent restarts of device
- Slowdown, Sluggish performance
- Significant drop in device battery backup cycles
- Sending receiving cryptic text messages and calls –by itself
- Strange background noise during the calls
- Abnormalities in data/network usage.
- Lost credentials of other accounts
Barring device problems, these are considered among the major sings of malicious activity in mobile devices.
What can be done to secure?
Modern malwares are engineered to “not getting found”, Unless we act cautiously it is difficult to defend also with advance capabilities like clearing the traces and self-destruct features, prevention is always better than cure. Here are our recommendations.
- Always keep the mobile operation system up-to-date.
- Ensure your smart device is protected with mobile endpoint security.
- Download only secure applications.
- Restrict apps and their permission to minim required and disable information sharing between apps.
- Avoid connecting to public untrusted wifi networks or mobile charging kiosks.
- Disable Bluetooth / IR/ NFC etc when not in use.
- Avoid rooting your device
- Enterprises and business must consider deploying enterprise mobility management (EMM) technology.
* Disclaimer: The above blog post is of information purpose only.