In this weekly feature, we like to examine a single Android threat and try to figure out what it means for regular users like you (dear reader). But this week, we’re going to look at the four categories of apps security company Lookout recently named as the most “relentless.”
What does relentless mean? According to the folks at Lookout, it’s a mix of ubiquity and danger. Just the kind of threats we love at SecurityWatch.
The Four Threats
Lookout put what it calls “surveillanceware” on the top of the list, describing it thusly: “It can collect photos and videos, record audio conversations, and log websites visited.” According to Lookout’s data, tens of thousands of users in the US have been hit by this kind of malware.
To me, this sounds like the very broad category of Remote Access Trojans, or RATs, which I’ve written about extensively. Some of these apps are repackaged into more legitimate looking offerings that are marketed towards jealous spouses. As mobile threats go, these are insidious as they come since they’re both extremely powerful, and often involve a personal betrayal of trust.
Lookout lists ransomware as the number two threat to U.S. users, saying that this malware type has hurt over a million people. Readers are no doubt familiar with this category, as we’ve seen it quickly evolve since it made the jump to Android earlier this year. Thankfully, truly virulent versions have yet to appear, though other security experts seem to think the worst is yet to come.
Third on the list is NotCompatible, an interesting little bit of malware that conscripts infected phones into a botnet. Lookout believes U.S. infections number in the tens of thousands. The security company presents ticket scalpers as an example of attackers using infected phones to do their bidding. This one should give us all pause, since the sheer number of mobile phones should be an attractive target to attackers looking to build a better botnet. Assuming they want to do something besides mine Bitcoins, of course.
Adware has been something of a tent-pole issue for Lookout, and was fourth on the list. These are apps that aren’t necessarily dangerous, but do give advertising networks distressingly intimate access to your personal information. Lookout flags these intrusive apps, even ones available from the Google Play store, based on its own definition of adware in order to better protect user’s personal information.
Lookout previously told SecurityWatch that the company’s efforts had been largely successful, with many ad networks changing their tune and even Google adjusting its terms of service. Despite that, Lookout told SecurityWatch that it believes millions of people have been affected by adware.
Staying Safe is Simple!
Writing Mobile Threat Monday means I’ve seen a lot of reports about mobile malware, and Lookout’s list seems in line with what I’d expect. The threats facing most U.S. users are ones outside of Google Play, and generally focused on smaller-scale malicious operations. Thankfully, aggressive mobile banking Trojans and large-scale scams have yet to hit our shores en masse.
Fortunately, all four of these threats can be stopped with a healthy dollop of common sense. Lookout says surveillanceware can be stopped by keeping your phone locked with a passcode, and not sharing that passcode with anyone—not even a spouse. Ransomware, RATs, and NotCompatible can be thwarted simply by not installing apps from outside Google Play, and being very skeptical of links shared through email or social networks.
Adware is trickier since, in some cases, these apps are legit in the eyes of Google Play. Lookout advises reading user reviews to see if apps are too aggressive with their advertisements. I’d add that carefully reading the permissions each app requests is a good habit across the board, but it’s especially useful in filtering out apps that want to leech your personal data.
Of course, we also recommend installing security software on your Android. Lookout has its own option, along with Editors’ Choice winners avast! Mobile Security Antivirus and Bitdefender Mobile Security and Antivirus.