At a ground level, almost everyone nowadays has a smartphone and nearly every popular website has a mobile version. Let us not forget popular mobile messengers WhatsApp, Viber and Google Hangouts that are very popular. But be warned; attackers are exploiting this popularity by spreading fake notifications from mobile apps. According to security firm Kaspersky Lab, in the first quarter of 2014 spammers started imitating messages from mobile apps. They especially like internet properties such as WhatsApp, Viber, Google Hangouts. Notifications purportedly sent from these apps were used to spread both malware and harmless adverts. Kaspersky Lab especially warns die-hard Apple fans of phishing attacks targeting Apple IDs, which the security firms feels will become more frequent in the times to come.
Let’s face it: when it comes down to it, spam and phishing scams rely primarily on exploiting trust. If the attacker can find a way to make the message appear to be from a known source, the odds that a user will take the bait are much higher. This has led to malware infections that access your contacts and send out infected emails on your behalf to everyone you know, and those same basic techniques have been adapted for instant messaging, social networks, and even SMS text messaging. In other words, Kaspersky Lab warns that mobile apps are the new frontier.
In a related incident concerning popular apps, Symantec came across scammers from India who managed to fool fellow Indians in the name of ethical hacking. The scammers tricked the users by claiming to offer a tool that could hack Facebook in order to obtain passwords belonging to the users’ friends with a disclaimer stating that it was for ‘education purposes’ only. For the same, the users needed to copy paste the code on browser console window and wait 120 minutes before the hack will supposedly work.
Unknowingly during this time, users ended up hacking their own accounts for the scammers and exposed their friends in the process. In the background, the account was used to follow lists and users, and give likes to pages in order to inflate the followers and like counts defined by the scammers. Additionally, it also tagged all their friends in the comments to maximise the reach of the scam.
Back to the malicious activity targeting mobile devices. “Recently we have seen a growth in the number of attacks targeting mobile users,” says Darya Gudkova, head of content analysis & research department at Kaspersky Lab. “Gadgets have become popular even among those who had little interaction with computers and are less familiar with computer security. This opens up new vectors of attacks for spammers and phishers.”
In order to protect themselves, the Kaspersky Lab specialist advises that users should remember not to open emails from unknown senders and especially not to click any links in these emails, which inevitably pose a risk to user security. Clicking unsafe links threatens user security regardless of which device is used—they pose a danger to desktop computers and mobile gadgets alike.
Many gadget owners are used both to synchronisation of their contacts and to the fact that messages from mobile apps can arrive via email, so few would be suspicious of the fact that WhatsApp is not directly linked to an email service. This lack of caution could prove costly, since the attached archive contained the notorious Backdoor.Win32.Androm.bjkd, whose main function is to steal personal data from users.
“The bad guys constantly develop new ways to attack your smartphones and computers in order to steal personal information,” says Altaf Halde, managing director, Kaspersky Lab—South Asia. “Most popular malicious programs are now multifunctional, they can steal data from the victim’s computer, make the computer part of a botnet or download and install other malicious programs without the user's knowledge. This is why it is extremely critical to update your operating system, web browser and to keep security software up-to-date,” he suggests.
“This will reduce the probability of cybercriminals running bad programs onto your computer or mobile device,” the Kaspersky Lab MD says. “Kaspersky Lab would also like to remind users that hacked email accounts can allow attackers access to all the information stored in your mailbox including other logins and passwords. We recommend you to use strong passwords and two-factor authentication if possible.”