Login
By 2030, experts predict that there will be 5 billion devices connected to 5G.1 For the general population, this connectedness means better access to information, communication with far-flung loved ones, greater convenience in everyday tasks … and more hours devoted to everyone’s favorite pastime: scrolling through funny online videos.
For cybercriminals, this vast mobile population fills their pool of targets with billions. And criminals are getting better at hiding their schemes, making threats to mobile devices seem nearly invisible.
When undetected, cybercriminals can help themselves to your personal information or take over your expensive mobile device for their own gains. The best way to combat criminals and protect your mobile device is to know their tricks and adopt excellent online habits to foil their nefarious plots.
Here are the tips you need to uncover these four hard-to-spot mobile threats.
Spyware’s main ability is right in the name: it spies on you. Spyware is a type of malware that lurks in the shadows of your trusted device, collecting information about your browsing habits, personally identifiable information (PII), and more. Some types, called key loggers, can keep track of what you type. The software then sends the details and movements it collects about you to the spying criminal. They can then use this information to steal your passwords and waltz into your online accounts or steal your identity.
Malicious downloads are often the origin of spyware getting onto your mobile device. The spyware hides within “free” TV show, movie, or video game online downloads; however, instead of getting the latest episode you’ve been dying to watch, your device gets spyware instead.
Have you visited risky sites recently? Is your device running slowly, overheating, or suddenly experiencing a shorter-than-usual battery life? One or all of these signs could indicate that your device is working overtime running the spyware and trying to keep up with your everyday use.
Safe downloading habits will go a long way in protecting you from spyware. While streaming from free sites is less expensive than paying a monthly membership to a legitimate streaming service, you may have to pay more in the long run to reverse the damage caused by unknowingly downloading spyware. If you’re unsure if the sites you visit are safe, a safe browsing tool like McAfee WebAdvisor will alert you to untrustworthy sites.
Malicious apps are applications that masquerade as legitimate mobile apps but are actually a vessel to download malware onto your mobile device. For example, when Squid Game was all the rage in 2021, 200 apps related to the show popped up on the Google Play store. One of these themed apps claiming to be a wallpaper contained malware.
Similar to spyware, a device infected with malware will overheat, load pages slowly despite a solid Wi-Fi connection, and have a short battery life. Also, you may notice that texts are missing or that your contacts are receiving messages from you that you never sent. Finally, your online accounts may have suspicious activity, such as purchases or money transfers you didn’t authorize.
Avoiding malicious apps requires that you do a bit of research before downloading. Even if you’re using an authorized app store, like Google Play or the Apple Store, apps with hidden malware can pass the vetting process. One way to determine if an app is risky is to look at the quality of its reviews and its number of star ratings. Approach an app with less than 100 ratings with caution. Also, read a few of the reviews. Are they vague? Are they written poorly? Cybercriminals may pad their apps with fake reviews, but they’re unlikely to spend too much time writing well-composed comments. Finally, do a background check on the app’s developer listed in the app description. If they have a criminal reputation, a quick search will likely alert you to it.
Perusing the reviews isn’t a guaranteed way to sniff out a malicious app. In 2020, McAfee discovered that one bad app had more than 7,000 reviews. To help prevent malware from taking hold of your device, consider investing in antivirus software. Antivirus software isn’t just for your desktop. Mobile devices benefit from it, too! McAfee antivirus is compatible with any operating system and offers 24/7 real-time threat protection.
A botnet is a vast collection of malware-infected devices controlled by a cybercriminal. The criminal uses their network of bots to proliferate spam or crash servers.
Malware is a broad term that encompasses dozens of specific strains of malicious software, several of which are capable of recruiting your mobile device to a cybercriminal’s army of bots. Without your knowledge, the criminal can force your phone to message your contact list or divert your device’s computing power to overload a server in a cyberattack.
All the telltale signs of malware are applicable here if your phone is part of a botnet. A botnet commander grants themselves the highest admin access to any device they take over. That means you may also see new apps on your home screen that you never downloaded or messages sent by text, email, or social media direct message that you never wrote.
Criminals recruiting devices to their botnet can embed the necessary malware anywhere malware typically lurks: in fake apps, dubious streaming and file-sharing sites, phishing emails, risky links, etc. The best way to avoid becoming a member of a botnet is to watch what you click on, stay away from risky sites, and treat any message from a stranger with suspicion.
Cybercriminals can conceal their malware within fake software updates that look official. Fake updates often pose as Microsoft updates because of the company’s huge user base. Java and Android operating system updates have also been impersonated in the past.
The common signs of malware apply to fake software updates too. Also, if a fake update was widespread, you’ll likely receive an official correspondence from the software provider issuing a patch.
The best way to avoid being tricked by a fake update is to enable automatic updates on all your devices. When your devices auto-update, you can ignore any pop-up, email, or text that urges you to click on a link to update. Auto-update is a good practice to adopt anyway, as it ensures that you have the latest software, which often means that it’s the most secure.
Another excellent habit that’ll prevent you from compromising your device with a fake software update is to always preview where links will take you. You can do this by tapping and holding the link. Check the hyperlink for typos or for pages that direct away from the organization’s official website.
Cybercriminals are getting craftier by the day, employing new tools (like ChatGPT) and new strains to trick people and infect mobile devices for their own gains. To safeguard all your devices, consider investing in a solution that’ll protect you from every angle. McAfee+ Ultimate is the all-in-one device, privacy, and security service that helps you confidently live your best online life. The proactive monitoring features stop threats in their tracks, saving you a massive headache and guarding your finances and PII. If any online scheme does compromise your identity, the Family Plan offers up to $2 million in identity theft restoration.
Mobile malware doesn’t always scream “suspicious!” As long as you arm yourself with the right tools, practice good habits, and keep your eyes peeled, you should be able to spot malicious software.
1GSMA, “The Mobile Economy”
The post 4 Mobile Malware Threats You Can’t Even See appeared first on McAfee Blog.
Denis Emelyantsev, a 36-year-old Russian man accused of running a massive botnet called RSOCKS that stitched malware into millions of devices worldwide, pleaded guilty to two counts of computer crime violations in a California courtroom this week. The plea comes just months after Emelyantsev was extradited from Bulgaria, where he told investigators, “America is looking for me because I have enormous information and they need it.”
A copy of the passport for Denis Emelyantsev, a.k.a. Denis Kloster, as posted to his Vkontakte page in 2019.
First advertised in the cybercrime underground in 2014, RSOCKS was the web-based storefront for hacked computers that were sold as “proxies” to cybercriminals looking for ways to route their Web traffic through someone else’s device.
Customers could pay to rent access to a pool of proxies for a specified period, with costs ranging from $30 per day for access to 2,000 proxies, to $200 daily for up to 90,000 proxies.
Many of the infected systems were Internet of Things (IoT) devices, including industrial control systems, time clocks, routers, audio/video streaming devices, and smart garage door openers. Later in its existence, the RSOCKS botnet expanded into compromising Android devices and conventional computers.
In June 2022, authorities in the United States, Germany, the Netherlands and the United Kingdom announced a joint operation to dismantle the RSOCKS botnet. But that action did not name any defendants.
Inspired by that takedown, KrebsOnSecurity followed clues from the RSOCKS botnet master’s identity on the cybercrime forums to Emelyantsev’s personal blog, where he went by the name Denis Kloster. The blog featured musings on the challenges of running a company that sells “security and anonymity services to customers around the world,” and even included a group photo of RSOCKS employees.
“Thanks to you, we are now developing in the field of information security and anonymity!,” Kloster’s blog enthused. “We make products that are used by thousands of people around the world, and this is very cool! And this is just the beginning!!! We don’t just work together and we’re not just friends, we’re Family.”
But by the time that investigation was published, Emelyantsev had already been captured by Bulgarian authorities responding to an American arrest warrant. At his extradition hearing, Emelyantsev claimed he would prove his innocence in an U.S. courtroom.
“I have hired a lawyer there and I want you to send me as quickly as possible to clear these baseless charges,” Emelyantsev told the Bulgarian court. “I am not a criminal and I will prove it in an American court.”
RSOCKS, circa 2016. At that time, RSOCKS was advertising more than 80,000 proxies. Image: archive.org.
Emelyantsev was far more than just an administrator of a large botnet. Behind the facade of his Internet advertising company based in Omsk, Russia, the RSOCKS botmaster was a major player in the Russian email spam industry for more than a decade.
Some of the top Russian cybercrime forums have been hacked over the years, and leaked private messages from those forums show the RSOCKS administrator claimed ownership of the RUSdot spam forum. RUSdot is the successor forum to Spamdot, a far more secretive and restricted community where most of the world’s top spammers, virus writers and cybercriminals collaborated for years before the forum imploded in 2010.
A Google-translated version of the Rusdot spam forum.
Indeed, the very first mentions of RSOCKS on any Russian-language cybercrime forums refer to the service by its full name as the “RUSdot Socks Server.”
Email spam — and in particular malicious email sent via compromised computers — is still one of the biggest sources of malware infections that lead to data breaches and ransomware attacks. So it stands to reason that as administrator of Russia’s most well-known forum for spammers, Emelyantsev probably knows quite a bit about other top players in the botnet spam and malware community.
It remains unclear whether Emelyantsev made good on his promise to spill that knowledge to American investigators as part of his plea deal. The case is being prosecuted by the U.S. Attorney’s Office for the Southern District of California, which has not responded to a request for comment.
Emelyantsev pleaded guilty on Monday to two counts, including damage to protected computers and conspiracy to damage protected computers. He faces a maximum of 20 years in prison, and is currently scheduled to be sentenced on April 27, 2023.
FreshRSS 