By: Dr. Michael J. Garbade
July 25, 2018
A Brief History of Mobile Malware and How to Protect Your Apps
By: Dr. Michael J. Garbade
July 25, 2018
The digital space has, in recent times, experienced an increase in the number of threats that have led to fraudulent activities.
Scammers and hackers usually prey on gullible individuals, swindling them of their hard-earned money as they make vendor payments or online investments.
Sunil Kumar, who is an experienced cybersecurity analyst and currently teaches how to perform penetration testing on Android, says that “when people use their mobile devices to carry out transactions online, then, if not checked, they end up falling prey to malicious mobile software.”
What is the history of mobile malware, and how can mobile app developers protect their apps?
A Brief History of Mobile Malware
Smartphones have become a significant aspect of people’s lives, making it difficult for some to operate without them.
But these devices can be easily manipulated by malicious persons, especially where there’s monetization on popular digital platforms.
Malware authors usually prey on unsuspecting mobile owners and develop a variety of attack vectors to derive confidential information and data with the aim of extorting money from them.
The year 2004 was when malware attacks began on digital devices using the Symbian OS with the mobile worm virus called the Cabir. The virus, a proof of concept, was created by an international virus creator group called 29A.
Despite being malware, Cabir did not cause any harm to mobile devices, since it was never launched into the wild.
However, in August of the same year, the malware authors released a Trojan, which was discovered in the illegitimate version of Mosquito, a mobile game in the Symbian OS.
The malware would take money from users with each game that a victim played. The Trojan would take the money by sending a premium short message to an identified number.
With time, more scrupulous hackers laid their hands on the Cabir and started working their way towards more notorious variations of the illegitimate software.
Later in 2004, another Symbian Trojan by the name of Skuller was released into the wild to join Mosquito and Cabir.
Skuller worked by infecting and corrupting user files before finally deleting their application files.
In 2005, a Trojan virus called Pbstealer was released. Its aim was to scan a user’s phone address book before relaying the data found to a different device via Bluetooth.
The year 2006 saw the spread of mobile malware to other platforms. Different operating systems became targets of malware attacks, with threats on Windows Mobile and Windows CE being more rampant. The Java system was not spared either, with attacks on J2ME becoming more prevalent.
As a new decade was fast approaching, new platforms began to emerge, and so did new threats. By 2009, mobile malware was full-blown, with SMS fraud reaching unprecedented heights.
The Symbian S60 Virus known as Chinese SexySpace was released with the aim of sending pornographic links in text messages to all contacts in a user’s phone book.
In 2010, the Android operating system became a prime target for mobile malware, with the first malware attack on the platform being a Trojan for SMS fraud applications.
For example, the Tapsnake mobile game was infected with a Trojan that could transmit the GPS location of the user’s mobile phone.
And the malware threats kept intensifying.
As recently as 2016, more malware programs were released to bring havoc to users. A notable example is the SMS Thief, which appears as an uninstaller of mobile apps, and it works by stealing all personal data and sending them to third parties. It uses premium SMS rates, causing the victims to incur huge bills.
The mobile malware industry seems to be advancing with the growth in popularity of smartphones. Therefore, mobile app developers and security experts need to brace themselves and come up with efficient ways of protecting apps and mobile users from potential fraud.
How to Protect Your Apps
App developers need to think ahead if they are to outsmart the malware authors.
Here are a few app security measures that developers can employ to protect their apps.
Inform App Users of the Risks of Mobile Malware
Educating mobile app users on the range of attack techniques used by malware authors to steal data and money goes a long way in protecting the apps from threats.
For example, advising app users to acquire and download apps only from authentic sources will help them to avoid falling victim to unscrupulous dealers.
Some of the ways that attackers are known to strike include
Phishing Sites - Where malware authors dupe their victims through illegitimate app sources that resemble the authentic ones.
Spyware - The malware is released to steal credentials and sensitive data from users.
Running Malicious Background Processes - The mobile malware uses hidden programs to access users’ sensitive information as soon as certain actions are completed.
Trojans - Allow unauthorized access to programs and perform illegal actions that result in huge losses to users who fall victim.
Encrypt User Data
To prevent digital threats on mobile apps, the users’ data should be stored in a secure environment.
For example, when transmitting data, the authentication details of mobile device users should be encrypted to protect their sensitive information from malware attackers.
Securely Code Mobile Products
Implementing mobile app security best practices when programming can help in preventing attackers from accessing users’ information for manipulation.
Frequently Test Apps for Flaws
It is not enough for app developers to create and launch their products in an environment that is secure enough for users.
It is necessary for them to ensure they are able to identify weaknesses and flaws by conducting frequent testing.
For example, you can scan the codes used in the development of apps after each stage to ensure any loopholes are sealed from mobile malware.
Perform Frequent Updates on Apps
As malware authors keep engineering new digital threats, developers should release updates to reinforce their app security measures.
App users should be prompted to frequently update apps to keep them from falling prey to mobile malware.
Complicate the Process of Reverse Engineering on Your App
Mystification of your app coding will make it impossible for malware attackers to translate your code and create an illegitimate version.
Narrow Down App Features
Malware attackers are likely to look for loopholes in software with extensive capabilities; therefore, limiting your app features to what is necessary and beneficial to users reduces the chances of digital threats.
As the brief history of mobile malware has shown, the end of this menace cannot be ascertained in the foreseeable future.
App developers should therefore up their game and protect the users of mobile devices from unscrupulous malware authors and fraudsters.
Also, employing mobile app security best practices is the best way of fending off attacks.