Despite mobile malware normally targeting personal data, it may increase risks for enterprises with BYOD policies

Five types of vicious mobile malware detected by Kaspersky in the first half of 2022 potentially pose serious security threats to companies through personal devices of employees that are used for work.

In the thick of post-pandemic hybrid-remote work setup, Bring Your Own Device (BYOD) policies take on special importance for companies’ cybersecurity.

BYOD possible security risks 

The main idea behind proper BYOD security is that personal devices have to be treated in the same way as company-owned devices. Not securing the devices of company staff whose own personal devices like laptops, tablets, and smartphones are used for work tasks and to access critical business information could be too risky for any organization.

BYOD poses dangers by mixing corporate data and personal data on one device. Whenever personal data and corporate data are stored in the same mobile device, there’s the possibility of security risks. Separating corporate data and the user’s personal data can help businesses to apply special security measures for their confidential or business critical information.

Moreover, high-profile employees can become victims of cyber espionage. For instance, in 2020 Kaspersky found a new Android implant used by Transparent Tribe for spying on mobile devices. It was distributed in India disguised as a porn-related app and a fake national COVID-19 tracking app. The app was able to download new applications to the phone, access SMS messages, the microphone, call logs, track the device’s location and enumerate and upload files to an external server from the phone.

Transparent Tribe is not the only one example; other similar campaigns were detected by Kaspersky researchers over the years – for example, such as GravityRAT, Origami Elephant and SideCopy.

BYOD also brings IT teams more platforms to manage. With the average employee now using two or three different mobile devices to access the corporate network, BYOD brings IT and security departments the challenge of having to implement and manage mobile security across an almost limitless range of devices and operating systems, including:

  • Android
  • iOS
  • Windows Phone
  • Windows Mobile
  • BlackBerry
  • Symbian

An IT department has to keep in mind that in the modern environment employees will work with corporate data anywhere they want, on a variety of devices. What has to be done is proper control of software and apps, web and e-mail as well as protection from malware and loss/theft using modern methods.

Malicious malware found in Filipino devices

The malicious software discovered are in the form of Trojans disguised as legitimate, ordinary files created by cybercriminals to wreak havoc on the devices of its victims unnoticed. Hackers often use these Trojans to steal private data, spy on users and gain unauthorized access to corporate systems. These types of mobile malware get into computers through infected attachments, manipulated text messages or fake websites and can read passwords, record keyboard strokes or take the entire computer hostage. 

Here’s a rundown of the types of mobile malware found by Kaspersky in work devices of its Filipino users:

  1. Generic Trojans may pass unnoticed when installed on your device, as it happens in many cases with different kind of malware Apart from stealing your data, Trojans can carry out a range other of functions, such as deleting, blocking, modifying or copying data, or disrupting the performance of computers or computer networks. 

Trojans cannot self-replicate or make copies of themselves but they delete, block, modify or copy data, and they disrupt the performance of computers or computer networks. 

  1. Trojan-Downloader: This malware downloads and installs new versions of malicious programs on victim computers. Once downloaded from the Internet, the programs are launched or run automatically when the operating system of the computer boots up. 
  2. Trojan-Dropper: This is designed to secretly install malicious programs built into their code to victim computers. A Trojan-Dropper saves a range of files that are hidden in the executable file to the victim’s drive and launches without any notification, which makes the malware protected from detection.
  3. SMS Flooder: This is a malware type designed to flood and clog text message channels with useless messages. This is a tool sometimes used by spammers.
  4. Backdoor: One of the simplest but possibly most dangerous types of Trojan. It allows an attacker to execute any command on a victim’s device.  

A backdoor is often used to set up botnets, or robot networks — networks of infected computers remotely controlled by cybercriminals. Without your knowledge, your device becomes part of a zombie network used for mass attacks such as data theft, server crashing and malware distribution. Once installed, backdoors can be instructed to send, receive, execute, and delete files, harvest confidential data from the computer, log activity on the computer and more. 

The same set of mobile malware types were identified in devices of Kaspersky users in the Philippines for two consecutive years since 2021. The Backdoor malware type replaced the less powerful Trojan-Proxy, which is typically used to send out mass spam mailings.

A look into Kaspersky’s telemetry from January to June this year shows that Trojans identified in mobile work devices in other countries in the Southeast Asian region are closely similar. 

Top 5 types of mobile malware detected in H1 2022

CountryTop 5
IndonesiaTrojanTrojan-DownloaderTrojan-DropperTrojan-SpyBackdoor
MalaysiaTrojanTrojan-DownloaderTrojan-SpyTrojan-DropperTrojan-SMS
PhilippinesTrojanTrojan-DownloaderTrojan-DropperSMS-FlooderBackdoor
SingaporeTrojanTrojan-DownloaderTrojan-SpyTrojan-SMSTrojan-Dropper
ThailandTrojanTrojan-DownloaderTrojan-DropperTrojan-SpyBackdoor
VietnamTrojanTrojan-DropperTrojan-DownloaderTrojan-BankerTrojan-Spy

Among these countries, Indonesia ranked 5th in Kaspersky’s list of countries around the world with the most mobile malware detections in 2021. Four out of five Trojans found in Indonesia in the same period are noticeably the same set of mobile malware found in the Philippines with the exception of Trojan-Spy. 

“Our security experts recently revealed active cybercriminal campaigns targeting mobile device users here in our region – Harly, Anubis and Roaming Mantis. Harly is a Trojan subscriber targeting users in Southeast Asia countries. It signs up for paid services without the user’s knowledge. Anubis combines mobile banking Trojan with ransomware functionalities to squeeze more money out of their victims while Roaming Mantis, a notorious gang, is actively targeting both Android and iOS users,” said Yeo Siang Tiong, General Manager for Southeast Asia at Kaspersky.

“This goes to show that regardless of the type of device we use, cybercriminals can infect our smartphones, steal all data and money in them, and even access or even wipe out our messages, emails, private photos and more. With the hybrid remote work which also allows employees to access their work mails through their mobile devices, the risks extend from individual to a wider enterprise- level breach. Such can be avoided if we do the basic act of installing legitimate security solutions in our smartphones,” adds Yeo.

To help enterprises secure their data amidst a post-pandemic BYOD set-up, Kaspersky experts suggest:

  • Automatically enforced security policy. Company rules are inefficient if they are just printed and signed by employees. A worker does not have to think if a certain app or website is appropriate, restricted or plain dangerous. He or she is usually not an expert in this. Automated control on software, devices and web is the only solution to prevent accidental loss of data.
  • Inventory. The IT department has to know exactly which devices are allowed certain privileges to access corporate data and be able to revoke the access rights or block the device completely.
  • Beyond anti-malware. When talking about protection from threats, effective, industry-leading anti-malware protection is a must, but it alone cannot guarantee security. While a traditional anti-virus engine is fine with generic viruses and Trojans, targeted attacks require more sophisticated techniques. Among them are solutions designed to directly combat new and unknown exploits, vulnerability assessment tools and frameworks that will automatically install and control software and push updates for critically vulnerable applications.
  • Mobile Device Management. A security policy has to be enforced on all devices, regardless of platform, and traditional business security suites are not capable of applying the rules and security features for smartphones and tablets. Modern mobile platforms like Android and iOS do have to be supported, and managed centrally just like traditional laptops.
  • Further protection of data using encryption. It reduces the chance of sensitive data loss even in a case where a personal device was compromised or stolen.

Liked this post? Follow SwirlingOverCoffee on Facebook, YouTube, and Instagram.