Malware

Mobile Malware Attacks Rapidly Increase by 42% – Zero-Click, Smishing, Spyware Attacks

There is a steady increase in the number of cyberattacks taking place every day. There has been a 42% increase in attacks globally year-over-year according to the security firm, CheckPoint’s 2022 Mid-Year Report, which was published in November. 

In its 2022 Global Risk Report, the World Economic Forum claims that human error is at the root of 95% of cyber security issues. 

Cybersecurity strategies that are adopted by corporate organizations tend to focus almost exclusively on standard endpoints.

It is becoming increasingly important to have a robust mobile security solution in place as the threat landscape pertaining to mobile devices is constantly evolving.

Threat Landscape

Here below we have mentioned the common and increasing threat scenarios:-

  • Thriving spyware marketplace
  • Zero Click Attacks
  • Smishing attacks on the rise
  • Vulnerable App Store

There is a growing number of vulnerabilities being exploited in the mobile malware landscape, and spyware software is being deployed at an increasing rate. The Apple Company announced in July that its devices have been equipped with a “lockdown mode” that protects them from hacks like Pegasus.

A powerful tool such as Pegasus is one of the most potent ones available on the market today. There has also been an increase in the amount of competition among surveillance vendors.

There has been a constant rise in zero-click attacks this year compared to previous years because of the multitude of techniques that are being used.

As a result of these attacks, the victim is not required to provide any input before malware is deployed. They do this by exploiting existing vulnerabilities in existing apps that have already been installed. 

Having this capability will allow threat actors to be able to covertly sneak past verification systems and begin their attacks undetected.

Data processing applications are particularly suited to this technique since they accept and process data in real-time.

Attacks Method

Several early versions of iOS are vulnerable to a zero-click iMessage exploit that allows Pegasus to be installed on iPhones. Several Catalan officials, journalists, and activists have been targeted by an exploit called HOMAGE.

The distribution of malware is carried out through SMS messages, referred to as smishing. It is very common for such scams to disguise themselves as trusted brands or familiar contact people in order to entice the victim into clicking on a link or sharing personal details in a fearless manner.

It has been found that this method of compromising a device has been particularly successful as it allows an attacker to access the entire contacts list of the compromised device after one device has been compromised.

Normally, this is how Flubots were deployed when they were first introduced to the market. It has been believed by many security experts that this is the fastest-growing Android botnet in history since its announcement in December 2020.

The application stores are a popular way for users to keep their devices safe from security threats. In reality, sometimes even the security apps that are supposed to protect you are themselves infected with malware or contain the malware.

There is no doubt that the threat landscape is evolving quickly, and mobile malware is an emerging threat that poses a serious threat to the security of both private individuals and enterprises.

There is also the need to implement proactive strategies in order to mitigate the risk of this attack happening so that employees and company data can remain protected from potential attacks.

Download Free SWG – Secure Web Filtering – E-book

Balaji N

BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Recent Posts

GoPlus’s Latest Report Highlights How Blockchain Communities Are Leveraging Critical API Security Data To Mitigate Web3 Threats

GoPlus Labs, the leading Web3 security infrastructure provider, has unveiled a groundbreaking report that highlights…

13 hours ago

C2A Security’s EVSec Risk Management and Automation Platform Gains Automotive Industry Favor as Companies Pursue Regulatory Compliance

In 2023, C2A Security added multiple OEMs and Tier 1s to its portfolio of customers,…

14 hours ago

Apple ID “push bombing” Attack Targeting Apple Users to Steal passwords

Apple users are falling prey to a sophisticated phishing campaign designed to hijack their Apple…

16 hours ago

Hackers Using Weaponized Virtual Hard Disk Files to Deliver Remcos RAT

Hackers have been found leveraging weaponized virtual hard disk (VHD) files to deploy the notorious…

17 hours ago

NVIDIA ChatRTX For Windows App Vulnerability Let Attackers Escalate Privilege

A security update released by ChatRTX on March 26th, 2024, addresses two vulnerabilities (CVE-2024-0082 and…

21 hours ago

iPhone Users Beware! Darcula Phishing Service Attacking Via iMessage

A new threat has emerged, targeting unsuspecting iPhone users through the seemingly secure iMefofferssage platform.…

21 hours ago