The volume of malware attacks targeting mobile devices has skyrocketed so far this year, according to cybersecurity researchers.
A new report from security firm Proofpoint claims that the number of detected mobile malware attacks increased by 500% in the first months of 2022, with peaks in early and late February.
Much of this malware is aimed at stealing usernames and passwords from mobile banking apps, says Proofpoint. But some strains are even more sinister, recording audio and video from infected devices, tracking the victim's location, or exfiltrating and deleting data.
smishing attack vector
Cybercriminals will typically attempt to deploy malware through smishing or text phishing. In other words, they will send malicious links or applications through the SMS service. This makes Android, which is much more forgiving when it comes to installing third-party apps, a slightly bigger target.
According to Proofpoint, some of the most popular malware variants are FluBot, TangleBot, Moghau, and TianySpy.
Since the end of February, the number of mobile malware attacks has dropped somewhat, but now is not the time to relax, researchers say. Instead, they urge everyone to stay alert and beware of any unexpected and unsolicited SMS messages, especially those containing links or attachments.
"Consumers should be very skeptical of mobile messages from unknown sources. And it's important to never click on links in text messages, no matter how realistic they are. If you want to contact the purported provider who sent a link, please do so directly through your website and always manually enter the web address/URL,” said Jacinta Tobin, Cloudmark's vice president of operations for Proofpoint.
"It's also essential that you don't reply to text messages from strangers or unknown sources. This will often confirm that you are a real person to future scammers," he added.
Having an extra layer of protection, like two-factor authentication for important apps or a mobile antivirus solution, could also be helpful.
Via: ZDNet