As users have increasingly moved from desktop operating systems to mobile devices as their primary form of computing, cyber attackers have taken notice and malware has followed. While the total volume of mobile malware is a fraction of that created for desktops, it is nonetheless a growing security concern, as more and more high-value and sensitive tasks are performed on mobile devices.<\/p>\n
McAfee recently published a report<\/a> stating that mobile malware infections in the fourth quarter of 2020 surpassed 40 million after steadily climbing earlier in the year. More than 3 million of those attacks represented new types of malware.<\/p>\n Check Point published mobile security research<\/a> showing that 46% of respondents experienced employees downloading at least one malicious app during 2020. Another finding was that 97% of organizations dealt with mobile threats that used various attack vectors.<\/p>\n There are several different forms of mobile malware, including some that specifically target handheld gadgets.<\/p>\n There are a variety of mechanisms by which different forms of mobile malware infect and exploit mobile devices.<\/p>\n While malware can often be a payload in a mobile attack, non-malware-based attacks often hit mobile users.<\/p>\n There are several different ways to keep mobile devices and users safe from mobile malware. For organizations, the best approaches often involve implementing a formal Bring Your Own Device (BYOD) or Enterprise Mobility Management (EMM) system.<\/p>\n Learn more about BYOD and EMM in the\u202feSecurityPlanet\u202fguide to EMM<\/a>.<\/em><\/p>\n When employers review BYOD device policies with their workforces, the coverage should explain how these devices and their content could pose dangers to a workplace network. Employee awareness helps minimize possible malware infections, whether workers clock in from an employer\u2019s office or at home.<\/p>\n There are a few key things employees need to be understood when it comes to mobile malware. Following cybersecurity best practices is a business necessity<\/a> since it reflects positively on companies and could lead to new customers.<\/p>\n Additionally, while it is possible to become infected with malware via the authorized, official Apple App Store or Google Play, it is significantly less likely. Users can also take precautionary measures to further reduce the risk. Jailbroken or rooted phones and getting software from unknown third-party sources is typically how most mobile malware exploits users.<\/p>\n It\u2019s also useful to tell employees how certain industries may be more at risk for mobile malware than others. A 2020 report showed how three out of four phishing attempts targeting pharmaceutical employees<\/a> also delivered malware to victims. Additionally, of those attacks, 35% tried to steal credentials.<\/p>\n Mobile trojans can be used in some cases to create a zombie botnet that will attack a local network. Just like any other device connected to the network, mobile devices should always be monitored and logged for potentially malicious activities.<\/p>\nTypes of mobile malware<\/h2>\n
\n
How mobile malware infects users<\/h2>\n
\n
Mobile attacks beyond malware<\/h2>\n
\n
Creating a mobile device policy<\/h2>\n
Educating employees on mobile threats<\/h2>\n
Keeping your network safe from mobile malware<\/h2>\n