Guarding Against Android Cyber Threats  

Posted by:

|

On:

|

When thinking about security measures to fight against malicious activity, rarely do people consider cellular security on the same level as network security. Social engineering techniques used by threat actors including phishing, vishing, and smishing should not be the end of where protection for mobile devices stops at. Identity theft and other types of exploits such as malicious malware are all things to keep in mind when thinking about security measures to protect your devices. Android devices experience a lot more security incidents compared to Apple iOS. Hackers have more opportunity to distribute malware through malicious applications on the open Google Play Store marketplace used by Android compared to the smaller and more thoroughly inspected Apple App Store. We will explore the significance behind good mobile security practices and recent cyber-attacks involving Android devices. 

Importance 
Statistics show that more people use cellular devices than computers in everyday life for business or pleasure, contributing to the need for protection stronger than you might think. As technologies such as AI (Artificial Intelligence) become more advanced and threat actors continue to evolve to match the common needs of people, attacks on cell service providers and owners will become more prevalent, especially when considering how often people choose to browse the internet and social media accounts on these devices. In-app advertisements and links to websites can prompt victims to accidentally allow their device to become a playground for malicious activity, even without realizing it. SIM swapping, a form of identity theft where a threat actor swaps SIM card information digitally, is another major threat cellphone owners must think about as more of these types of attacks are being seen daily. By allowing your personal device to not be secure, you are inviting threat actors to gain information about you through photographs stored on your phone all the way to PII (Personally Identifiable Information) including birthdays, social security numbers and even bank information.  

Recent Attacks  
As of recently, there have been an increase in threat actors attacking cellular devices almost as often as we see networks become victims. On May 2nd an attack nicknamed “Dirty Stream” was brought to light as a vulnerability was shown causing malicious Android apps the ability to overwrite common files from a user’s home directory. Due to the flaw in Android’s content provider system, malicious applications can bypass security procedures and successfully implement manipulated file paths or names to a different application leaving room for malicious activity to occur. Over four billion applications with Dirty Steam affiliations have been downloaded from the Google Play Store with Xiaomi’s File Manager and WPS Office being highlighted as two of the main applications.  

Brokewell, a new malware released by Baron Samedit, is a banking trojan targeting Android devices by impersonating fake Google Chrome updates further pushing information stealing malware to the cellular devices. Including both device takeover and remote control capabilities, Brokewell can mimic login screens, extract cookies from legitimate sites, capture all screen interactions, figure out the physical location of the victims’ devices, screen streaming capabilities, and among others being able to execute swipe and taps movements remotely not limited to pressing buttons. Due to the malware’s creator, Baron Samedit, selling the stolen credentials on the dark web, it can only be assumed that this is only his beginning when it comes to finding new ways to exploit cellular devices.  

SoumniBot is another notable Android banking trojan discovered earlier this past month exploiting weaknesses in Android security measures allowing for malicious information stealing attacks to occur. The malware can trick the victim’s cellular devices due to its presence of using various compression tricks and extracting manifest files (‘AndroidManifest.xml’). Manifest files contain pertinent information regarding an application’s database, permissions and content components and can be found in every application’s root directory, leaving no application safe. The threat that SoumniBot resembles is one that should create a concern for better security practices. Immediately after infection, the banking trojan will send profiling information for the victim’s device and within 16 minutes the malicious code will be reset if prompted that the action has been stopped as well as transmitting stolen data every 15 seconds.  

Mitigation Techniques 
To ensure mobile phones are just as protected as your networks are, employ the same procedures you would for the latter while incorporating system-specific security measures. Monitoring the applications you download and making sure to not download additional add-ons or files including APKs from unofficial third-party applications or other poorly vetted sources can be a good measure to follow. Enabling multi-factor authentication (MFA) and other applications such as Play Protect for Android users, can also come in handy and contribute to protecting your cellular device from malicious activity. Avoid connecting to unsecure or unknown WI-FI networks due to the level of anonymity these networks provide as you could be inviting malicious activity to your device by being complacent. A common technique for all devices, cellular or not, is creating a strong passcode that is hard to crack, including at least 8-10 characters in length and making sure to not involve any form of PII in your creation. Also, after creating a strong passcode, ensure that you are resetting it at least every 6 months to further strengthen the security of your accounts.