Some new phones come loaded with malware

You probably give users advice on avoiding mobile malware. But there’s some bad news: Some of them could have phones that are infected through no fault of their own. 

Even if your users get the message on avoiding bad app stores and safe mobile browsing, their devices still might be infected. Marble Security found fake versions of the Netflix app that stole users’ credit card and other info, forwarding it to cyberthieves.

Alarmingly, in many cases, these apps weren’t downloaded by the user – they came preloaded on the phone itself.

How it works

Essentially, hackers had inserted themselves into the supply chain. Users bought phones online (often from stores in China). The seller of the phone loaded malware before shipping it out.

That way, the device was compromised before the user even downloaded any apps.

And it’s alarming for IT departments that support BYOD. These tactics interfere with your security message.

Secure the device first

If your department supports users’ personal devices, make sure to:

  • Scan incoming devices. Before you even think about allowing devices on your network have them checked out by mobile anti-malware. Detecting and neutralizing threats already on devices is just as important as protecting employees from picking up new malware.
  • Encourage safe shopping. Just as you (hopefully) encourage employees to consider whether the maker of an app is trustworthy before downloading, you’ll also want to encourage them to be skeptical of shady device dealers. Saving a few bucks by going with an untrusted seller isn’t going to do them any favors in the long run.
  • Focus on MDM. Again, part of a good BYOD program (in addition to sound policy) is having an MDM that provides security and control. Keep the focus on security at all times by making sure your MDM is up to snuff.

Make Smarter Tech Decisions

Get the latest IT news, trends, and insights - delivered weekly.

Privacy Policy