The smartphone itself is an incredible tool. It’s essentially a computer in your pocket, with access to all of the information of the internet. The ultimate communication and productivity device.
But when a phone houses malware, it can be weaponised against the user, costing them time and money and even impacting their ability to use the internet. Some phones even have malware from the outset meaning a supposed bargain may actually be a menace.
Why Fraudsters Target Smartphones
Despicable as their actions are, it makes sense for fraudsters to target smartphone users for a host of reasons:
— The dramatic increase in smartphone use, with many estimates suggesting there are more smartphones than PCs in the world. That’s driven by emerging markets where a smartphone is the only way many people can afford to get online. Often this means low-cost handsets with little or no built-in security.
— More use of mobile for financial transactions, particularly in emerging markets where full-blown computer use is less common. Wherever there’s a financial transaction, there’s a target for fraudsters.
— The increasing sophistication of smartphones creating more opportunities for malware to flourish. The sheer range of apps and activity in a phone mean malware can remain hidden: even if users notice the effects such as slow performance or overheating, it can be difficult to isolate the cause.
Why Malware Is So Destructive
Arguably the biggest problem with mobile malware is that it comes in so many diverse forms with differing effects. Examples include:
— Malware that targets the user by stealing personal data.
— Malware designed to carry out fraudulent transactions, particularly on systems with direct carrier billing. That’s where the payment is made through the phone service bill rather than a bank account or payment card.
— Malware that targets advertisers by using the phone to make bogus ‘visits’ to sites hosting pay-per-click or pay-per-view advertising. While the phone user isn’t the target, they can suffer by the malware’s activities eating into valuable data allowances, slowing down the phone, or even overheating the battery.
Cheap Handsets Could Be Infected From Day One
Most mobile security advice is about how to avoid downloading and installing rogue apps but there’s a growing problem with phones having malware pre-installed. That’s a particular problem with cheap Android phones where manufacturers have a great deal of control over what is on a handset, a process that’s open to abuse and security breaches by people who can get into the supply chain.
Secure-D has come across numerous examples of malware being active on phones right out of the box. These include Android handsets such as Alcatel’s Pixi 4 and A3 Max models.
One piece of malware, named com.rock.gota, downloads ads in the background (using up data allowances) and collects personal data. Another, titled com.tct.weather, poses as a legitimate weather tool but is secretly trying to carry out fraudulent transactions. Secure-D has so far stopped more than 27 million such attempted transactions.
Sometimes the malware isn’t even hidden. Some cheap handsets are configured to display advertising in almost every app.
When buying a cheap phone, there’s a few ways to protect yourself. Search online for any mentions of unusual activity on the handset model in question. Be wary if a handset price seems too cheap to be true.
Another tip is to always check a new handset has Google’s Play Protect certification. You can do this by opening the Google Play Store app and then selecting the settings option. If the device is listed as Play Protected, it means Google has checked it is compatible with Android and any pre-installed Google apps are licensed.
If the device is listed as not being Play Protected, it may not be secure. There’s also a good chance any supposed Google-owned apps are bogus. In such cases Google advises contacting the manufacturer to ask for a Play Protected certified device as a replacement.