Security experts are warning that threats targeting the hugely popular Android operating system are surging across Europe right now, with some malware attacks jumping up to 500 percent. The expert team at Proofpoint has published an in-depth report about the latest attacks and it makes for some terrifying reading if you have an Android smartphone shoved in your pocket.
The latest report reveals there are a total of seven worrying threats circulating and, all but one, are focused on Google’s mobile operating system. As Proofpoint explains, the reason that Android is an easier target than Apple’s iOS is because it’s a more open platform – great if you don’t want a phone that’s not totally locked down (Apple doesn’t let you change the default email app from its own Mail, for example) but an ideal breeding ground for cyber thieves looking for a pay day.
“Most mobile malware is still downloaded from app stores but over the past year or so, we’ve seen an increase in campaigns that use SMS/mobile messaging as their delivery mechanism,” Proofpoint explained in its blog post. “For better or worse, Android takes a more open approach. The platform is open to multiple app stores. And users can easily sideload apps from anywhere on the internet. It’s this last feature that makes the platform popular with bad actors, who know that Android phones can be compromised in just a few steps.”
So, what are the current threats Android owners need to be aware of, and how can you avoid them?
Perhaps the most concerning are the latest FluBot and TeaBot bugs which are both capable of stealing user names and passwords which can then be used to access bank accounts.
FluBot can also let hackers view the websites users are visiting, send messages to contacts on the device and even make phone calls without the owner’s consent. Other credential-stealing threats include TangleBot, Moqhao, KeepSpy and TianySpy.
Then there’s the vicious BRATA malware which has been slowly creeping across countries including Italy with this mobile banking malware using an SMS to lure Android users into downloading fake security apps.
Once installed it can steal user data (including usernames and passwords) and intercept multi-factor authentication passcodes.
Speaking about the threats, Jacinta Tobin, vice president of Cloudmark Operations for Proofpoint, said: “Consumers need to be very sceptical of mobile messages that come from unknown sources. And it’s important to never click on links in text messages, no matter how realistic they look.
“If you want to contact the purported vendor sending you a link, do so directly through their website and always manually enter the web address/URL. For offer codes, type them directly into the site as well. It’s also vital that you don’t respond to strange texts or texts from unknown sources. Doing so will often confirm you’re a real person to future scammers.”
Proofpoint says it’s vital to safeguard your device, be wary of any unexpected or unrequested messages with links, URLs or requests for data of any type. And just as with desktops and laptops, it’s a good idea to use a mobile antivirus app from a trusted source. A recent Security.org study found that 76 percent of users don’t have one installed on their smartphone.
Published at Thu, 10 Mar 2022 06:46:00 +0000