Whether a company gives them out or they're owned by the employees or students, mobile devices are like honey for cybercriminals. And the kicker? Most of these devices are not protected enough.
Just check out the following stats from last year:
- 18 percent of clicked phishing emails in 2022 came from a mobile device. (Verizon Mobile Security Index 2022)
- 46 percent of organizations that had suffered a mobile-related security breach in 2022 said that app threats were a contributing factor. (Verizon Mobile Security Index 2022)
- 9 percent of organizations suffered a mobile malware attack in 2022. (Check Point 2023 Cyber Security Report)
For Managed Service Providers (MSPs), these stats represent more than just figures; they underscore the need for proactive action across their customers’ mobile endpoints.
In this post, we’ll delve into mobile malware trends, gather critical insights, and anticipate future scenarios to prepare MSPs for the complex landscape of mobile malware.
Mobile devices: A new security frontier for MSPs
Understanding Android Droppers: A serious threat to mobile devices
In terms of malware, the most menacing of mobile threats MSPs need to watch out for are Android droppers.
“Mobile Droppers represent the most ‘Trojan’ of all the Trojan Horses,” said Nathan Collier, Senior Malware Intelligence Analyst at Malwarebytes. “Pretending to be an innocent app, like an app you have to pay for on Google Play found free on a third-party app store, tricks the user to allow [the malicious dropper] to enter onto their mobile device.“
Once installed, droppers secretly drop another piece of malware, often more vicious than the dropper itself. This could be any other type of malware, such as HiddenAds or Adware to generate money by ads-per-click. Or even scarier—a backdoor could be placed or a nefarious piece of spyware.
“Droppers can install copies of themselves, and because they can be used to drop software that downloads other malware, they can act as a permanent backdoor into a smartphone.”
According to our 2023 State of Malware Report, droppers accounted for 14 percent of Android detections.
Examples of recent Android malware
iOS isn't off the hook
While it's generally harder for malware to get a foothold on iOS, phishing attacks are still a threat. These scams trick users into visiting malicious websites that masquerade as legitimate ones, usually with the promise of a prize or with a request that users install a bogus security app.
“Another trick is a fake ‘You’re infected’ phishing site to install a fake security app,” Collier said. “Although the app you install, often from the Apple store, may be safe, the scammers still get paid-per-click for redirecting to the app.”
The number of phishing sites targeting mobile has shot up by 50 percent from 2019 to 2021. These scams come in all shapes and sizes, like email, banking, and SMS-based (smishing) threats. Some even try to con users into giving up legit two-factor authentication codes.
These scammers often pretend to be big-name companies like Apple, PayPal, or Amazon, making their scams harder to spot.
Predicting the future of mobile malware
Each year, we're seeing more and more mobile malware, and there's little evidence that trend will stop.
“Year over year, we have seen an increase of mobile malware since its induction,” said Collier. “As the use of mobile devices increases, so does mobile malware. This is a trend that will continue for the unforeseeable future.”
As an MSP, you need to stay one step ahead of mobile malware to help keep your clients safe. Collier is predicting an uptick in malware and potentially unwanted programs (PUPs) targeting the financial sector.
“This includes fake banking apps to steal online banking credentials, and fake credit loan apps to trick users into entering highly personal information as you would for a loan application,” Collier said. “More specifically, Android/Trojan.Bankbot and Android/PUP.Riskware.FakeCreditLoan.”
Understanding mobile malware trends and being proactive in defending against them is key, but what options are available for comprehensive combined endpoint protection?
Mobile Device Management (MDM) isn't the solution
A common misconception that we hear when we talk about mobile endpoint security is that MDM is the solution to all of our mobile malware and phishing woes.
Mobile device management services only secure use of corporate data, but are not designed to counter threats such as malware and phishing on iOS and Android devices.
MSPs should look beyond MDM platforms and toward mobile security products that use a variety of techniques, including behavioral analysis, to detect mobile threats. Some features of a robust mobile threat defense product include:
- 24/7 real-time protection against emerging threats
- Advanced antivirus, anti-malware, anti-spyware capabilities
- Malicious app protection
- App privacy audit
- Safe web browsing
- Block ads and ad trackers
- Filters suspicious fraudulent texts
- Spam call blocking
- Malwarebytes makes mobile device security easy
With Malwarebytes Mobile Security for MSPs, you can monitor and protect your clients’ mobile investments from a single pane of glass.
In OneView, our cloud-hosted security platform made for MSPs, all you have to do to get started is activate the endpoint agent for your clients' mobile devices.
From there, you set how your mobile endpoints behave by adding a new policy and selecting Web protection and Ad block for iOS and Behavior protection for ChromeOS and Android.
Once you save this policy, you’re set!
MSPs can easily begin protecting Chromebooks, Android, iPadOS, and iOS devices, guarding against the latest mobile threats such as ransomware, malicious apps, and PUPs.
With real-time protection, your customers can also prevent accidental access to harmful websites, safeguard against malicious apps, block unwanted in-app ads, and enable a secure mobile experience for their employees.
The Malwarebytes Mobile Security app on IOS (left) and Android (right)
The statistics don't lie—phishing and malware pose a big threat to mobile endpoint security in 2023. But with a mobile threat defense solution like Malwarebytes Mobile Security, MSPs can crush threats like these and more. Get a free trial and/or quote below!