Wrapping up 2020: Top 5 Android Threats You Need to Know

Above – Photo by Lisa Fotios from Pexels

With people working from home more this year the opportunity for hackers to use mobile connectivity to gain access to personal and work systems has increased massively.

The creativity that is involved is amazing and cybercriminals continue to develop new ways to attack our systems and steal data.

Whilst Android devices appear to be attacked much more due to their popularity, in fact, analysts also say that Apple users often have an unwarranted sense of security as these issues can also happen to them.

In this article, we’re looking at some of the trends that have emerged in mobile cybercrime in 2020 and highlighting some of the ways you can defeat online hackers.

Threat 1 – LeifAccess or Shopper

According to the McAfee 2020 mobile threat report this malware first appeared in 2019 and has become more prevalent during 2020.

Spreading quickly across the US and South America, it produces spurious ‘threat reports’ that encourage the user to click on links that then set off a chain of malware downloads.

These can range from auto-downloading apps, generating fake clicks on websites and creating accounts and posting fake reviews.

One of the worst aspects is that it uses some of the features required for accessibility that allow people who face obstacles to using their device to do so.

Features such as voice command and the automation of background tasks mean that click fraud and app downloads can be activated by the malware.

The answer to this one is to make sure that you download and install any Android patches that will have methods of combating common new threats.

Threat 2 – Smishing

With more than 23 billion text messages being sent worldwide every day and a massive open rate of 98% SMS has been a happy hunting ground for cybercriminals and 2020 saw no signs of it abating.

This year we saw smishing attacks that have purportedly come from tax authorities, banks, social security departments and many more and yet all feature the same themes.

The user is encouraged to click on a link using social engineering techniques. These will often include a denial of service, a promise of money or voucher, a chance to win a valuable prize or the threat of something bad happening.

Normally these will also feature a time-based encouragement such as a limited time offer or a service switching off after a short period if no action is taken.

Smishing attempts will come from unknown numbers that generally won’t look like a real phone number and the simple rule is don’t click on any link that you are not confident in or that is contained in an SMS you weren’t expecting.

Threat 3 – All aboard the MalBus

The Korean based information app was compromised in an attack that inserted malware onto users devices and began to harvest data.

This is a new method of operating as instead of developing and promoting a fake app with the malware attached, these criminals infiltrated an already popular app and piggybacked off their downloads.

Once installed the app downloads another infection that contains the malware.

The MalBus starts by searching for specific information including keywords associated with military or governmental documents including “National defense,” “National Intelligence Service,” “Defect,” “Military operation,” and then uploading these to a cloud location once they are found.

It will then attempt to log into the user’s Google account, harvest personal data and then change the recovery email address. The malware then changes the password on the account giving it complete control. If the user tries to regain control of their account they are unable as the password recovery email has been changed.

Sympathy has to go out to those affected by this attack as it piggybacked on a reputable and genuine app that they downloaded so it is understandable that they were infected but again, it is important to download and install Android updates when then appear to combat known threats.

Threat 4 – Wifi piggybacking, evil twins and man in the middle attacks

The majority of businesses implement security procedures that secure their networks and wifi access however with people moving to their home or remote environments these can often be bypassed.

Despite the many warnings to users that “password123” is not secure, the ubiquitous password still abounds as do default passcodes such as “000000”.

This means that attackers find it extremely simple to access a home wifi set up from outside the building (piggybacking) and then either gain access to devices that are connected to the network or use the internet access to log into a company network.

When users are outside the home then they are vulnerable to logging on to fake Wifi hotspots that can be used to carry out keylogging or inserting malware onto the device that can then harvest personal data.

So-called ‘evil twins’ have names that look very similar to the wifi that the user is intending to use in that location but is in fact operated by a cyber-criminal.

A man in the middle browser can also be used here as a way of getting the device user to log on to their accounts using a browser that looks like the real thing but is, in fact, a fake page sitting between the account owner and the real browser.

Changing network passwords is probably one of the easiest things to do and the application of a complicated, random code stops most piggybacking. A VPN that works with Android devices can secure users when connecting over public wifi.

Threat 5 – Fake apps

This is an old one but still features a great deal in 2020.

People will be asked to download an app to their mobile and this will include a trojan with a malware payload.

In April this year, Cybernews uncovered a list of 27 developers that had 101 fake apps resident on the Google Play store, all of which have now been removed. These had a total of 69 million downloads!

Often these will be free versions of very popular paid-for apps and when downloaded will set about gaining access to the mobile device.

Being charitable, many of these were just designed to get the users to spend more money on other apps by serving ads but in some cases, there were other motives.

These Android apps tried to;

* Gain access to the device’s exact location
* Record audio
* Access photos and camera
* Gain access to files
* Gain access to networks
* Gain access to personal data

Many of the permissions seem fairly innocuous but in turn, they allow the app to download further malevolent software that can do much more damage.

Advice here has to be to only download apps from a genuine source and make sure you read the reviews. Often users will highlight any strange behaviour long before the app gets removed from the store.

The message from 2020? Stay vigilant

Cyber threats never go away, they just change their form.

One of the marks of a cybercriminal is the level of creativity that they employ in an attempt to get access to your data and by extension, your money.

Making sure you update your device and use simple security measures such as using hard passwords and a VPN can help you stay safe.