Updated: Jan 14
In this article we examine the different variants of mobile malware, and how one can prevent becoming infected with mobile malware by using a secure device.
Our phones store our most personal information, including photos, text messages and emails. Mobile malware can reveal directly what's going on in our lives, bypassing the encryption that protects data sent over the internet. Mobile malware can reveal extremely private and sensitive personal and company information. As mobile phones are becoming the main method of transmitting sensitive documents, mobile malware will continue to cause billions in losses from companies around the world.
One report found that for an enterprise, the economic risk of mobile data breaches, including direct operational costs, as well as potential maximum loss from non-compliance and reputational damage, could be as high as $26.4 million. It also found that mobile data breaches are more common than many may think. Two-thirds (67 percent) of organizations report having had a data breach as a result of employees using their mobile devices to access the company's sensitive and confidential information. With an average of 3 percent of employees' mobile devices infected with malware at any point in time, that's more than 1,700 mobile devices, in a typical organization, connecting to an enterprise network everyday.
"While many organizations still consider it 'early days' in their mobile deployments, this does not mean they should be 'early days' in their security," said Craig Shumard, former Cigna CISO and current cybersecurity advisor. "It's never been more clear that mobile devices can be a critical part of the attack equation. With the rise in access to corporate data via mobile devices, those devices will become bigger targets for the bad guys. And the cost to the enterprise will only increase. ( Report: The Economic Risk of Confidential Data on Mobile Devices in the Workplace ” https://prn.to/3HEJn6o )
Some of the more widespread mobile malware variants are from the Agent Tesla family which made up approximately 30% of all mobile malware attacks in 2021. Formbook malware was the second most common type found, followed by those from the LokiBot family. There are many additional mobile malware variants. Some more dangerous and insidious than others.
Mobile malware can be classified into different categories such as adware, backdoor, file infector, potentially unwanted application (PUA), ransomware, riskware, scareware, spyware, and trojan, trojan-sms, trojan-spy, trojan-banker, and trojan-dropper. Each malware category has some unique characteristics that differentiate it from other malware categories.
One of the more threatening types is one developed by Israeli cybersecurity firm NSO Group called Pegasus. Pegasus malware is the latest example of how vulnerable we all are to digital prying, and mobile malware in general
What is Pegasus?
Pegasus is NSO's best-known product. It can be installed remotely without a surveillance target ever having to open a document or website link, according to The Washington Post.
This would not be possible on a SecureCrypt device however; as SecureCrypt phones run on a secured and locked down operating system that does not allow for the installation of any apps unless otherwise approved by SecureCrypt. SecureCrypt devices also run on a private network, with network level protections which makes them immune to techniques used to spread mobile malware to begin with, such as through SMS. You can only obtain this level of protection by using a secure phone, which is what SecureCrypt offers.
Using a secure phone with network level, device level, and messaging level protections would prevent any important heads of state, diplomats, politicians, government employees, executives, activists, journalists or anyone else using a SecureCrypt device from being compromised by Pegasus malware. This unfortunately is not the case for those who do not use a secure. Communicating with a secure app is simply not enough. You need device and network protections like those offered by SecureCrypt.
Pegasus reveals all to the NSO customers who control it -- text messages, photos, emails, videos, contact lists -- and can record phone calls. It can also secretly turn on a phone's microphone and cameras to create new recordings, The Washington Post said.
Pegasus isn't supposed to be used to go after activists, journalists and politicians. "NSO Group licenses its products only to government intelligence and law enforcement agencies for the sole purpose of preventing and investigating terror and serious crime," the company says on its website. "Our vetting process goes beyond legal and regulatory requirements to ensure the lawful use of our technology as designed."
It has been reported that approximately 50,000 phones belonging to many political representatives and other VIPs around the world were targeted by the NSO Group’s Pegasus malware. The 50,000 phone numbers are connected to phones around the world, though NSO disputes the link between the list and actual phones targeted by Pegasus. The devices of dozens of people close to Mexican President Andrés Manuel López Obrador were on the list, as were those belonging to reporters at CNN, the Associated Press, The New York Times and The Wall Street Journal. Several phones on the list, including one belonging to Claude Mangin, the French wife of a political activist jailed in Morocco, were infected or attacked. Other cases of Pegasus infection have emerged since the initial revelations.
SecureCrypt also protects against attacks that simply target a phone number or SIM card as our devices operate on a private network, and our devices are not registered on any cellular network using any phone number at all. SecureCrypt SIM cards are encrypted, and have a separate additional dedicated VPN onboard our SIM cards.
Our devices cannot be simply “discovered” by an attacker who uses an automated process to send out malicious SMS messages to a list of phone numbers, which greatly reduces the risk posed by using an insecure line on a public cellular network.
Using an insecure phone on a public wireless network (Rogers/AT&T/Verizon) is by far the most unsecure way to communicate and opens you up to multiple methods of attack. SIM swapping is also not possible with SecureCrypt as we act as our own private mobile wireless provider. This gives us enhanced capabilities in terms of securing our networks, and securing our SIM cards.
What is NSO Group?
It's a company that licenses surveillance software to government agencies. The company says its Pegasus software provides a valuable service because encryption technology has allowed criminals and terrorists to go "dark." The software runs secretly on smartphones, shedding light on what their owners are doing. Other companies provide similar software.
SecureCrypt devices have all GPS, Bluetooth, NFC, and Wi-Fi sensors disabled from within the firmware at the kernel level of the operating system, which makes tracking SecureCrypt devices impossible; perfect for travelling government employees, diplomats, embassy employees, HNWIs, VIPs and more.
Chief Executive Shalev Hulio co-founded the company in 2010. NSO also offers other tools that locate where a phone is being used, defend against drones and mine law enforcement data to spot patterns.
NSO has been implicated by previous reports and lawsuits in other hacks, including a reported hack of Amazon founder Jeff Bezos in 2018. A Saudi dissident sued the company in 2018 for its alleged role in hacking a device belonging to journalist Jamal Khashoggi, who had been murdered inside the Saudi embassy in Turkey that year.
Whose phones did Pegasus infect?
In addition to countless unidentified victims, two journalists at Hungarian investigative outlet Direkt36 had infected phones, The Guardian reported.
A Pegasus attack was launched on the phone of Hanan Elatr, wife of murdered Saudi columnist Jamal Khashoggi, The Washington Post said, though it wasn't clear if the attack succeeded. But the spyware did make it onto the phone of Khashoggi's fiancee, Hatice Cengiz, shortly after his death.
Also affected were French President Emmanuel Macron, Iraqi President Barham Salih and South African President Cyril Ramaphosa. Also on it are seven former prime ministers and three current ones, Pakistan's Imran Khan, Egypt's Mostafa Madbouly and Morocco's Saad-Eddine El Othmani. King Mohammed VI of Morocco also is on the list.
Seven people in India were found with infected phones, including five journalists and one adviser to the opposition party critical of Prime Minister Narendra Modi, The Washington Post said. And six people working for Palestinian human rights groups had Pegasus-infected phones, Citizen Lab reported in November.
Edward Snowden, who in 2013 leaked information about US National Security Agency surveillance practices, called for a ban on spyware sales in an interview with The Guardian. He argued that such tools otherwise will soon be used to spy on millions of people.
State Sponsored APTs & Cyber Espionage
Advanced Persistent Threats (APTs)
If there's one thing that keeps corporate cybersecurity professionals awake at night, it's the thought of an attack employing a range of sophisticated techniques designed to steal the company's valuable information.
As the name "advanced" suggests, an advanced persistent threat (APT) uses continuous, clandestine, and sophisticated hacking techniques to gain access to a system and remain inside for a prolonged period of time, with potentially destructive consequences.
Because of the level of effort needed to carry out such an attack, APTs are usually leveled at high value targets, such as nation states and large corporations, with the ultimate goal of stealing information over a long period of time, rather than simply "dipping in" and leaving quickly, as many black hat hackers do during lower level cyber assaults.
APT is a method of attack that should be on the radar for businesses everywhere. However, this doesn’t mean that small- and medium-sized businesses can ignore this type of attack.
APT attackers are increasingly using smaller companies that make up the supply-chain of their ultimate target as a way of gaining access to large organizations. They use such companies, which are typically less well-defended, as stepping-stones.
SecureCrypt uses Triple-Layered Encryption, secure devices, and network connections, to ensure you are protected from the usual methods of attack, such as SMS messaging and email based attacks. Because SecureCrypt operates on a private network using private Access Point Names (APNs), regular SMS is not possible and has been disabled at the network level. Our SIM cards also have a VPN on board which protects against any initial foothold an attacker may get, as protecting your identity 100% of the time if an attacker is trying to use social engineering techniques to find out how to contact you. Your private ECC ID can only be given out by you, it is not discoverable on any network like a phone number is.
Vietnam’s OCEANLOTUS has been conducting mobile malware operations since at least early 2014, pre-dating the identification of the group by a year. A new OCEANLOTUS campaign BlackBerry researchers identified as a new mobile malware family that was propagated via fake apps available in well-known app stores.
A newly identified Chinese APT named BBCY-TA2 by BlackBerry researchers utilized a new Windows malware family dubbed PWNWIN1. Along with another new Chinese APT group named BBCY-TA3, these threat
actors engaged in economic espionage against
Western and South Asian telecom companies and
nearly every large chemical company outside of China.
• OPERATION DUALCRYPTOEX uses new malware families that
target both Android and Windows® by a newly identified Chinese APT.
• OPERATION OCEANMOBILE by APT group OCEANLOTUS
delivered malware via a sophisticated trio of fake mobile apps.
• OPERATION DUALPAK by APT group BITTER targeted Pakistani
military with a new mobile malware family distributed via fake
apps, SMS, WhatsApp® and other social media platforms.
• OPERATION DUALPAK2 by APT group CONFUCIUS targeted
Pakistani government and military with a new Windows malware
The only way to protect against these types of attacks is by using a secure, encrypted device which operates on a private network. Our locked down and containerized operating system prevents users from accidentally installing malicious apps, or being coerced via social engineering attacks to install malicious apps. Our locked down operating system provides many more security features that most commercial level mobile security solutions do not.
When it comes to sensitive phone calls between business, government, or political associates you cannot afford to have your calls intercepted and your secrets discovered.
APTs are actively targeting all types of businesses, small to large for a variety of reasons. Ransomware, surveillance, and data theft/extortion being the most dangerous to a company.
SecureCrypt devices are all FIPS 140-2 compliant for both enterprise and government use.