As Android viruses and other types of mobile security attacks become more common, researchers have discovered some new methods hackers are using to spread their malware.
Most examples of Anroid viruses and other mobile malware have appeared in the form of malicious apps that hackers have tricked users into installing.
However, as the number of smartphones grows, attackers are casting a wider net, much as they do when trying to spread viruses attacking PCs.
In fact, one scam recently discovered combined an Android virus attack with a type attack that would typically target desktop computers.
To carry out the scam, cyber criminals hacked into the email account of a high profile Tibetan activist, according to security researchers at Kaspersky Lab. All of the addresses in the account’s contact list were then sent a spear phishing email.
The email contained a malicious attachment disguised a letter from a group of human rights activists. So far, it’s pretty standard stuff as far as security attacks go.
The twist in this case: The attachment was a malicious .apk file — the file type use for Android apps. Of course in this case, when the attachment was open on a smartphone, an Android virus was installed on the recipient’s device.
After the .apk is installed, a phony letter does appear on the user’s screen. But in the background, an Android virus harvests information from the device, including:
- Call logs
- Text messages
- Location tracking information, and
- Phone data.
New Android virus attacks are appearing
Earlier this year, security researchers found another new way hackers were trying to spread an Android virus: setting up a phony app store and offering downloads of malicious software.
Again, a phishing email used in this attack, in this case to get victims to visit the phony store, which was designed to look like Google’s Play store.
The bottom line: Hackers are constantly looking for new ways to spread their attacks, and that includes attacks against mobile devices. If users in your company receive corporate-issued devices, or use their own smartphones and tablets as part of a BYOD program, the IT department can help protect data by offering regular training on how to avoid the latest mobile security attacks.