Mobile threats, malware pose significant risks within Android OS. With the right mobility tools security and privacy advances can be accelerated in offering opportunities. Security solutions and tools should drive overall focus on the organizations outcome. Having more standardized tools that leverage both privacy and security advances best.
FireEye malware researcher, Hitesh Dharmdasani, contributed to our story:
What other sorts of mobile threats should Android users look out for?
“ I would say communications surveillance apps like Android.HeHe and Fake Banking applications such as Android.KorBanker are the two main categories of threats to look out for, although like I said before, keeping yourself to trusted stores can go a long way in staying safe,” said Dharmdasani.
What is different about this new threat from other malware?
“We have seen SMS surveillance in the past with Android.MisoSMS, what makes this threat unique is the selective call disconnection that it performs by maintaining an internal database,” said Dharmdasani. He also saw Android malware sending premium rate SMS messages to the attackers number so that the attacker has monetary benefit. Dharmdasani states“Slowly, Android malware seem to be moving towards advanced techniques at par with what we observe in the Windows environment.”
What is the purpose of new malware intercepting a message or call? What type of significance does this have?
Dharmdasani said, “The purpose of the malware collecting SMS messages is unclear; It could be for a variety of reasons namely, gathering of two-factor authentication codes or gathering other private information that is sent over SMS.” “On the other hand, intercepting phone calls selectively and disconnecting them is more interesting because it feels more targeted, Although the phone numbers that it disconnects calls from are unknown since there was no response from the Command-and-Control server,” he said.
Limiting risk is important for these security issues with PINS and password management. With minimizing risk in PINS, like most security issues being able to balancing risk against convenience is important. Finding ways to ease PINS risk with organizations using helpful tools and articles such as these are great information to know.
Divided loyalty and conflicting identities in determining adversary is a security concern. Compromise of information is a threat. These types of change with priorities question loyalty standards. Security challenges arise in risk reaching users and driving innovation. Organizations have to find out the best ways to minimize security risks while at the same time leverage their technologies to benefit the company.
What can Android owners do to make sure they are not “HeHe victims?”
“Only installing apps from sources you trust would be the first thing, Most malware relies on luring the user into a “OS Update” as in the case of Android.HeHe. Also, a little more careful observation into the permissions being granted to an app while installation can tell a lot about the intentions of the app, “ said Dharmdasani.
Data security and breaches are a known fact. Amongst all types of organizations to date. The majority of these attacks can be prevented by implementing basic security measures. There has to be faster adoption to learning how to deal with these issues and more aggressively.
Educating end users on best practices is crucial. Now is an important time to do so. Performing risk assessments is a good way to mitigate. Understanding where a lot of the risk and vulnerabilities are can add to prevention and identify problems. Good risk management practices can prevent emerging security risks and threats.
Acknowledging and setting such industry standards will boost confidence as well. Concern and Trust within security has had dramatic effects. A lot of the changes also result due to corporate governance, regulations, etc. It’s critical that organizations still must continue and learn to adapt, thrive and grow in these circumstances. Technology’s role is critical to enable such strategies.