Given the rise of smart mobile devices and digital era, cyber-security is becoming a matter of increasing importance. 10 years ago, if you had to book travel tickets, you’d drive down to some travel agency to book your tickets. Now you do it from your house, without even leaving your comfortable cozy bed! You can do almost anything without having to leave your house. Book a reservation, order food, buy clothes, hell, I took a job interview over the internet last week. Apparently, as for everything, there is an app for that!
With our lives becoming more and more digital, we are in a stage where we can no more avoid the important question: How private is our private life?
Recently, we wrote about the ways you can protect yourselves from malware. The intent of this article is to give an insight to our readers about the possible threats they could encounter in their digital life. Knowledge, indeed, is power, don’t you agree?
What is Malware?
A malware is a piece of software with malicious content. A malware can be of many forms – viruses, worms, Trojans, spyware, adware and more.
The Point of nearly all malware is to make money.
Different malware affect your devices differently. At the end of the day, one way or another, it is all about the money. Some cause your device to slow down, some steal personal information out of your device and store it in some remote servers in China (true story). These are just some of the potential consequences.
1. Ransomware – Holding Your Device Hostage:
Ransomware is an interesting malware. We have seen a lot of hostage scenarios in the movies (thank you, Hollywood). What Ransomware does is that it holds your device (and in turn you) as a hostage. It locks down your phone completely making it unusable until you pay the hostage takers. This type malware hit Android back in 2014, in large numbers.
Svpeng is a type of malware (which was originally created targeting Russians) which combined ransomware and credit card theft. For Russians, it would display a screen to input card details every time the user visit Google Play and when the user enters the details, it will be sent back to the cyber criminals that created it.
In US and European countries, it would present itself as the FBI, locking down the infected device stating that the device has child pornography in it. Then it would ask the user to pay a ‘penalty’ or ‘fine’ in order to have the device released.
The creator of Svpeng, a 25-year-old guy, stole as much as $930,000. Over 350,000 Android devices were affected. Eventually, he was arrested in the month of April that year.
2. Apps Installing Without Your Consent:
Have you heard of Android Webview? Even if you have not, I am sure that it is most definitely installed on your Android device (and no, Android webview IS NOT a malware). You can find it under the name ‘Android System Webview’. See the screenshot below:
What is this webview and what does it do? Do you have any app in your phone that allows you to open a web link within itself without having to open in an external browser? That is exactly what Android Webview does and the particular app is making use of to achieve that.
The problem here is Android System Webview is not so secure in Android phones running Android 4.3 and below. Currently, over 900 million devices are running Android 4.3 or below. In these devices, a potential intruder could use an attack called ‘Universal Cross-Site Scripting (UXSS)’ to manipulate the user and take control of the device and install any app they want without the user consent.
If you are still running the above mentioned, outdated version of Android, we urge to update immediately.
3. Your Phone is Switched-off… Not really!
PowerOffHijack is a malware which takes control of and manipulates the shutdown process of your phone. To the user, the phone will appear to be switched off but, actually, it will remain completely functional. That way, the intruder can secretly make phone calls, take photos, record audio through the microphone, etc.
Unlike the above-mentioned malware, this one affected the newer versions of Android. Android 5.0 and above and it requires root access. As long as you are not downloading apps from a third-party app store and Chinese app stores/websites, you’re probably safe from this threat, I hope.
4. Not So Innocent Apps:
There are so many fun apps on Android. An IQ test, a history app, a very simple flash based game – all sounds innocent. Not all of them are bad or have malware. But the ones that do, they don’t attack immediately. They wait for a month or so before they begin their work. What these apps do is that they will present a fake pop-up saying ‘Your phone is slow. Click here to clean’ or ‘Virus found. Click here to protect your device’. When you click on them, you will be taken to some random fake web page and app will start downloading/installing. None of the messages these apps display are true. Google had recently cracked down on these apps and removed them from Play Store for good.
It won’t hurt to repeat a good advice, do not download apps from Chinese app stores. Stay away from them.
5. Malware for Sextortion:
South Korean cybercriminals have created fake profiles of beautiful women to lure in innocent users into cybersex and then they blackmail to release the video on YouTube. This is where they use the malware.
First, they will ask you to download an app to communicate with the user. When the user installs the app, all his/her contacts will be stolen. Then they will threaten to share the video with the user’s close friends and family unless a ransom is paid.
Does malware really matter?
Yes. Of course, YES! According to a report from Alcatel-Lucent, over 16 million mobile devices were hit by malware as of 2014 and the count is growing steadily.
Do read our article on how to protect yourself from malware on Android. The digital world is as bad as the real world, if not worse. We hope this knowledge article helps you in some way in making your Android (and in turn, you) safe.
Have you personally encountered any kind of digital threats? You have any tips you wanna share with us? Let us know in the comments below.
Here’s to a safer Android, Cheers!