It’s vital as an established organization in today’s day and age to understand and protect your mobile fleet against the ever-expanding and advancing world of malware. Plenty of businesses know what mobile malware is, but many fail to fully comprehend the different types of malware and how they go about infecting corporate devices.
A new report, “The Current State of Mobile Malware,” by Wandera, a member of the VMware Mobile Security Alliance (MSA), takes you through the most common malware infection vectors, the different types of mobile malware currently plaguing organizations and how to take the appropriate steps to protect your mobile fleet.
What Is Malware?
First things first: What is malware? The word itself is short for “malicious software.” It is defined as any software created with the intention of causing damage to a device without the owner’s knowledge or consent.
Mainstream media frequently mentions terms like “spyware,” “adware” and “Trojans.” What’s the difference between these terms and malware? There isn’t one. All of these harmful software classifications fall under the broader definition of malware.
What Is Mobile Malware?
Malware has been around for decades, but mobile malware is a relatively new concern. Asking security experts if mobile malware was a risk back in 2014 would have resulted in mixed responses. In 2017, the answer is a resounding yes. Mobile malware is a potent and growing threat to enterprises.
Cybercriminals use a variety of tactics to infect the maximum number of corporate devices possible with their malware variants.
Infected applications: The method most frequently used by hackers to transfer malware to users’ devices. Applications are repackaged or infected then uploaded to third-party app stores. Occasionally, these apps find a way to the Google Play Store.
Malvertising: The practice of inserting malware into legitimate online ad networks to target a broad spectrum of end users. The ads appear to be perfectly normal and appear on a wide range of apps and web pages.
Scams: Scams rely on a user being redirected to a malware-ridden web page either through a web redirect or pop-up screen. In more targeted cases, a link to the infected page is sent directly to an individual in an email or text message.
Direct to device: This dictates that the hacker must actually touch the phone in order to install the malware. Usually this involves plugging the device into a computer and directly downloading the malicious software onto it (also known as sideloading).
Types of Mobile Malware
Mobile malware, as a subcategory of malware, can be broken out into no fewer than seven main subcategories. Though you often hear these terms in the media, most individuals are unfamiliar with their intricacies.
Adware: Adware or “advertising software” is designed to show frequent ads to a user in the form of pop-ups, sometimes leading to the unintended redirection of users to web pages or applications.
Banker: Banker malware is defined as any type of malware attempting to steal users’ bank credentials without their knowledge.
Ransomware: Ransomware is a type of malware that demands money from users and, in exchange, promises to release either the files or the functionality of the devices being “held hostage.”
Rooting: Rooting malware as a category includes any malware that “roots” the device, essentially unlocking the operating system and obtaining escalated privileges.
SMS: SMS malware is a type of malware that manipulates devices to send and intercept text messages resulting in SMS charges. The user is usually not aware of the activity.
Spyware: Spyware monitors and records information about users’ actions on their devices without their knowledge or permission.
Trojan: Trojans are a type of malware that hide themselves within pieces of seemingly innocent, legitimate software.
For examples of each type of malware, and a detailed analysis of the prevalence of each type, take a look at the full report by Wandera.
Prevalence by Type
It’s important to note that the prevalence of a malware type does not dictate severity. Some of the most dangerous types of malware are those that root the device, which is the least prevalent type of unique malware sample detected since 2014. Adware variants, on the other hand, are usually the least severe, and yet adware is one of the most prevalent types detected.
Danger level depends on variant. There’s no one hard or fast rule as to what type of malware is the most damaging. What experts can agree on, however, is that comprehensive mobile security is required in order to avoid malware compromising corporate devices.
Wandera’s Unique Malware Protection
Wandera has the unique ability to shut down malware at the source, before it is able to affect the device. This is thanks to its pioneering web gateway for mobile that can detect malicious command and control traffic at the network level, and block it instantaneously.
This means if a user downloads an infected application to their device, not only will admins be notified in real time that the app contains the particular type of malware, but also the malware will not be able to make a connection to the command and control server, and therefore, it will be rendered useless. This is only possible with all-encompassing visibility and control at the device, network and application level.
If you’re interested in learning more about the different types of malware, download the report, “The Current State of Mobile Malware.” To find out more about how Wandera can protect your organization from the full landscape of mobile threats, request a demonstration today at wandera.com/demo.