Mobile Malware Attacks Rapidly Increase by 42% – Zero-Click, Smishing, Spyware Attacks

There is a steady increase in the number of cyberattacks taking place every day. There has been a 42% increase in attacks globally year-over-year according to the security firm, CheckPoint’s 2022 Mid-Year Report, which was published in November. 

In its 2022 Global Risk Report, the World Economic Forum claims that human error is at the root of 95% of cyber security issues. 

Cybersecurity strategies that are adopted by corporate organizations tend to focus almost exclusively on standard endpoints.

It is becoming increasingly important to have a robust mobile security solution in place as the threat landscape pertaining to mobile devices is constantly evolving.

Threat Landscape

Here below we have mentioned the common and increasing threat scenarios:-

  • Thriving spyware marketplace
  • Zero Click Attacks
  • Smishing attacks on the rise
  • Vulnerable App Store

There is a growing number of vulnerabilities being exploited in the mobile malware landscape, and spyware software is being deployed at an increasing rate. The Apple Company announced in July that its devices have been equipped with a “lockdown mode” that protects them from hacks like Pegasus.

A powerful tool such as Pegasus is one of the most potent ones available on the market today. There has also been an increase in the amount of competition among surveillance vendors.

There has been a constant rise in zero-click attacks this year compared to previous years because of the multitude of techniques that are being used.

As a result of these attacks, the victim is not required to provide any input before malware is deployed. They do this by exploiting existing vulnerabilities in existing apps that have already been installed. 

Having this capability will allow threat actors to be able to covertly sneak past verification systems and begin their attacks undetected.

Data processing applications are particularly suited to this technique since they accept and process data in real-time.

Attacks Method

Several early versions of iOS are vulnerable to a zero-click iMessage exploit that allows Pegasus to be installed on iPhones. Several Catalan officials, journalists, and activists have been targeted by an exploit called HOMAGE.

The distribution of malware is carried out through SMS messages, referred to as smishing. It is very common for such scams to disguise themselves as trusted brands or familiar contact people in order to entice the victim into clicking on a link or sharing personal details in a fearless manner.

It has been found that this method of compromising a device has been particularly successful as it allows an attacker to access the entire contacts list of the compromised device after one device has been compromised.

Normally, this is how Flubots were deployed when they were first introduced to the market. It has been believed by many security experts that this is the fastest-growing Android botnet in history since its announcement in December 2020.

The application stores are a popular way for users to keep their devices safe from security threats. In reality, sometimes even the security apps that are supposed to protect you are themselves infected with malware or contain the malware.

There is no doubt that the threat landscape is evolving quickly, and mobile malware is an emerging threat that poses a serious threat to the security of both private individuals and enterprises.

There is also the need to implement proactive strategies in order to mitigate the risk of this attack happening so that employees and company data can remain protected from potential attacks.

Download Free SWG – Secure Web Filtering – E-book

BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.