By Brooke Crothers, ,
Published December 08, 2017
Digital thieves have a playbook for stealing your sensitive data. A software security firm spells it out.
Avira, a company that provides antivirus and Internet security software, has published a concise but informative 5 step guide to mobile theft explaining the how and why of malware getting inside your mobile device.
The five-step strategy is pretty simple but effective, according to Avira.
Effective because, one, some malicious software slips by filters at reputable online stores and, two, people are always looking for free stuff, Alexander Vukcevic, head of virus lab for Avira, told Fox News.
“Users rely on the quality assurance provided by store operators, and many users try to access and deploy popular apps through alternative stores without paying anything,” He said. “This…is used by many malware authors to infect mobile phones.”
Step 1: The plan. The bad guys identify vulnerabilities then develop exploits. If they don’t have the skills, they hire a bounty hunter on the black market. Bounty hunters sometimes work with exploit brokers. The broker gets paid because organizations will pay to find and stop the hack.
Step 2: The gear. Infected websites and malicious apps are the gear used to install malware on victims' phones.
Step 3: The inside man. Once downloaded to your phone, the bad guy tries to gain root access to the phone. “If this fails, they generate a fake update notification — clicking on the notification grants them the ability to display ads and download apps at will. Banditos can even change the phone’s IMEI number to increase the number of ads they can display,” according to Avira.
Step 4: The heist. They sit back wait until the money starts flowing in.
Step 5: the getaway. The cybercriminals have gotten inside and left malicious code behind. But the malware is often “difficult to dislodge,” says Avira.
HummingBad -- and its derivatives -- is a good real-world example, according to Avira. The booby-trapped app is incredibly devious because it’s often supported by fake reviews and four-star ratings.
“These apps can look pretty good. People have found them in the official Google Play store or, more commonly, from the off-market sites,” Avira said. Off-market sites offer, for example, Android apps that may not be available in the Google Play store. The apps on these sites are often free.
However, if users access a malicious app it immediately tries to get root access to the phone, which allows it to do pretty much anything. “If that fails, it tries to get the user to click on a bogus ‘System Update’ notification," according to Avira.
And it can be very profitable. “Each click, every install on the infected device means more money for the bad guys – an estimated $300,000 monthly,” Avira said, referring to HummingBad.
The fix can be extreme. “To remove this malware, the most common solution is a wipeout for the device owner, as it usually requires a complete reset of the device, wiping out all apps, settings, and saved files,” says Avira.