Mobile attacks are on the rise
There is no doubt that mobile devices continue to be a prime target for hackers, malware authors, and attackers. Android and iOS devices often store large amounts of sensitive data, especially within emails and attached as files, and have access to corporate resources and applications.
A particularly menacing mobile attack we have seen recently: attackers using social engineering to take advantage of the COVID-19 pandemic to prey on the vulnerable and unsuspecting through fake contact tracing apps.
When SophosLabs took a closer look, these fake apps turn out to be malware packed with various malicious capabilities, including access to messages and phone calls, and the ability to steal credentials.
Another recent threat involves legitimate apps being modified to include Trojanized content. The apps have been modified to perform all levels of device surveillance before exfiltrating user data to command and control servers.
In addition to app-level threats, mobile devices can also be targeted through other routes, such as phishing sites, Wi-Fi traffic interception, and operating system vulnerabilities.