When computers began appearing in businesses and homes around the world, they were relatively safe. At that time, cybercriminals didn't exist; because digital devices were so new, no one had considered manipulating them for illegal gain. The same occurred when smartphones and other mobile devices developed at the end of the '00s.
The tech was so new that cybercriminals had not developed methods of infiltrating them and pilfering valuable data.
Of course, it didn't take long for the first computer viruses to emerge: Elk Cloner materialized in 1982, just a few years after computers became available for home use. Unfortunately, mobile devices are copying this pattern, as well.
Mobile devices are becoming as at-risk of infection by malware as desktop computers - but unlike computer users, who are aware of the ever-present threats and tend to protect themselves with security software, mobile users remain vulnerable to attack.
As cybercrime increases, all mobile users (but especially businesses that utilize mobile technology) must be aware of the importance of guarding against mobile malware.
The Evolution of Mobile Malware
Just as the first computer virus was a clunky bit of code spread via the floppy disc that did little more than displaying a funny poem, the first mobile virus was hardly devastating.
After white hat hackers proved mobile viruses could exist in 2004, cybercriminals developed the first mobile malware in the wild.
Called Qdial, the virus was disguised as a mobile game called Mosquitos and sent text messages to premium rates services owned by the criminals. Qdial only affected handset owners in the U.K., Germany, the Netherlands, and Switzerland, but it remains an excellent example of how to monetize mobile malware.
In 2005, mobile malware began moving toward information theft. A virus called Pbstealer copied the address book information from infected mobile devices; then, the virus replicated itself by transmitting to and from nearby Bluetooth devices.
Later, similar viruses would use MMS messaging as a transmission vector, which was much more effective. By 2009, MMS messaging was replaced by SMS messaging, but fraudulent premium rate texts and virus transmission still occurred.
Also, read:
As iOS and Android devoured the smartphone market, cybercriminals lost little time developing malware for these mobile operating systems. The first Trojan for Android, ANDROIDOS_DROIDMS.A, emerged in 2010 and sent premium rate messages. The second Android Trojan, disguised as the game Tap Snake, transmitted user GPS location to criminals.
Apple users were hardly safer; in 2010, jailbroken iPhones were subject to viruses like Ikee worm, which Rick-rolled users and integrated devices into a botnet for use in an attack against ING Bank.
Recently, there has been a renaissance of malware thanks to users' migration to mobile devices. Every month, it seems, more third-party Android apps are discovered to be corrupt, containing malicious code designed to steal data or control devices.
Most recently, Trend Micro identified several security apps in Android's Google Play that installed location trackers, keyloggers, adware, and other dangerous programs on users' phones. While there has yet to be a compromised app in Apple's App Store, iOS users can still download malware by clicking on malicious links appearing on web pages or sent via iMessage or email.
Soon, mobile malware will be as well-known as computer malware - but until then, individuals and businesses could be devastated by theft, fraud, and other cybercrimes. Business leaders who want to keep their devices and data safe must take appropriate precautions.
Safeguarding Businesses From Mobile Attacks
Staying safe from mobile malware isn't difficult if businesses have the proper policies in place. Here is a guide to help businesses defend against mobile malware:
- Build a BYOD security policy. Businesses that allow employees to use personal devices for work should have a policy in place to limit how users manage their devices. For example, employees using mobile devices should be prohibited from jailbreaking their devices, downloading apps from third-party sources, or mixing personal and professional data.
- Manage endpoints thoroughly. Businesses should have endpoint security measures to monitor the activity on all devices connected to the business network. Endpoint software helps IT teams identify vulnerabilities and eliminate them before malware can decimate the business.
- Educate workforce on security hygiene. While all devices used for work should be protected by security software, human error is the reason behind most data breaches and thefts. Businesses should instill in their workforces the tenets of cyber hygiene, which include generating strong passwords, updating software, backing up data frequently, and other good security habits.
For now, a lucky user can avoid mobile malware - but soon enough, that won't be the case. It is better to have strong defenses before the onslaught begins, and the mobile malware assault is just beginning.