Phone malware basics – what it is, what it does and why you don’t want it

Phone malware is unpleasant stuff. Unfortunately, unless you understand what it is and what it does, you face an unquantified risk. Not knowing how much risk you’re taking means you can’t make the right investments. It’s not hard to understand, but, unfortunately, very few people ever put the effort in to finding out what malware is.

If you want to know what malware can do to your phone, read our exploration of the topic below. It’ll take you a few minutes and then you’ll know what you’re dealing with.

Mobile Phone Antivirus - How Knowledgable Are People On The Risk

 

What is Mobile Phone Malware ?

Malware short for ‘malicious software’. It’s software which has been written to do you, your computer or your mobile phone harm. It could have been written especially for a phone like yours, especially for a desktop computer or especially for both.

Malware is a blanket term for software which comprises a number of different potential ( nasty ) intents. And it is far from rare. Microsoft suggest that around 10% of all internet downloads are of malware. The same company has suggested that more likes of illicit software code are written under the banner of Malware than there are lines of code written for legal purposes.

The list of what phone malware does is not pleasant reading

Malware which finds its way on to your mobile phone might have been written to establish and steal your personal information. Those who write this software are often clever, inventive and driven by the lure of significant sums of money. Some specific intents that Malware might have are to :

  • Spy on you :
    Some malware is designed to be difficult to detect on your mobile phone and to use the phone’s capabilities to extract some of your privacy. There are examples of Malware spying on your behavior, either what you’re saying or what you’re doing. The phone features you enjoy the most are those which are turned against you in this sort of pernicious attack. Hackers have been found using the microphone of your phone to eavesdrop on your conversation ( and you don’t even have to be making a call at the time. ) The camera can be used to take pictures of you ( we have an interesting example of this being turned against the criminals below. ) Location information can also be made available to the hardware on your phone for distribution to interested third parties, to target adverts to you based on your location or, theoretically, for aggregation in order to provide broader data sets, again for sale.
  • Defraud you :
    Then there are the more directly obvious threats. Malware can be created with the goal of tracking required in order to obtain your banks or credit card numbers. Once they’ve been established, criminals can then pilfer from your accounts until either you or your financial institutions realise and correct the matter. Mobile phone passwords can be checked against other account. Many people re-use their passwords across multiple accounts. This information may be used to hack your desktop computer and the information that’s stored on it.
  • Take ransom money from you :
    Mobile phone malware can be designed to hold your phone to ransom. There have been gruesome examples of desktop malware which, when downloaded encrypt your key files and refuse to unlock them until perpetrators have run amok. In this case, hackers often extort payment from unsuspecting victims to unlock the phone and your files. Think this one couldn’t affect you ? You might be surprised to hear that there are several recorded examples of police departments being forced to pay to unlock their own information. If they can fall for it, you almost certainly could.
  • Pretend to be you :
    Less vicious but still concerning software can imitate a human user often without their knowledge. This software has been found clicking on links while users browse, or adverts when the phone is and is not in use by its owner. The resulting clicks generate a payment for the software’s writer or owner. The effect is known as ‘click-fraud’ – a term you may have heard before.
  • Steal your information :
    Hackers have been known to target social media accounts because of the valuable information they contain. With access to Facebook or Instagram, they can establish social network data which is then applied to other aspects of a bigger scheme. Many people post their holiday plans, pets names, have their mother as a social media contact as part of their network. Unfortunately, these data points are also, often the answers to their ‘secret’ password questions for sites like eBay or personal internet Email accounts. Tracing the thread of someone’s life like this can secure a clear picture of many details they themselves might find intimate and far too revealing, very quickly.
  • Lure you :
    Malware can be designed to trick you in to downloading a virus, Trojan horse or other malicious new software element. Often, intriguing links in the body of online copy are used to ‘sucker’ the unsuspecting. Simply click to follow the link and you’ve installed the software on your phone. In one example from overseas, users received an email ( purportedly ) from their local authorities. The correspondence included a letter pretending to be the police and suggesting that the victims have been caught speeding. When they clicked a link to pay the fine, malware was automatically downloaded to their machine.
Mobile Phone Threats and AntiVirus Software

 

What is antivirus software for a mobile phone ?

The best antivirus software detects malware ( which, as we’ve said, includes antivirus ) and in addition offers other features to assist you. They tend to be bundled cleverly alongside the antivirus software. The result is that you get protection for your online privacy and security for your device as well as just the antivirus support.

Antivirus software helps you avoid downloading malware which might cause your phone to behave in some of the ways we’ve identified. It may also have other components which assist you in identifying threats to your privacy. Example might include threats you might encounter while using social media. Other software may assist in helping your phone run faster or make your battery last longer.

The new way antivirus software works on your phone makes it a lot safer

Once it’s installed, antivirus software checks the behavior of your phone while you’re conducting your day to day business. When your phone is accessing a file, or undertaking an action ( for example, turning on the camera ) the antivirus software checks what’s happening to ensure nothing untoward is happening.

If a known piece of Malware is detected or a pattern of behavior indicates a virus is performing an unauthorized action, the user can be notified and something appropriate to stop the threat can be implemented. For example : the file involved could be deleted, the action can be prevented and in many cases the malware can be removed entirely. Put together with regular scans of the phone, this can eliminate the threat almost entirely. Sometimes the big companies work together to fix known issues quickly.

  • The older way :
    The way Malware used to be spotted and dealt with was similar to the way police deal with criminals. In the same way that police can identify a criminal could be tried for a crime using their fingerprint, When a virus attack happened, those in charge of the antivirus platforms would establish the ( technology ) ‘fingerprints’ of the malware involved. Whether it was particular words in the text of the malware which could be scanned for, elements of computer code that were consistent between different instances of the software, or whether it undertook consistent actions ( e.g. always wanted to send an SMS to a particular phone number ) the scanners would recognize those things and throw whatever file, app or code was attempting to do the same thing the code was.

The problem, of course, was making sure that the database of the ‘fingerprints’ of all the latest viruses was up to date. Realizing a potential flaw in the system of the people chasing them, hackers then wrote software which changed it’s ‘fingerprints’ more regularly than the database was updated to elude their captors.

  • The new way :
    Advanced analytics techniques are used by antivirus companies to spot trends occurring on the internet in real time and deal with them before they become an issue.

Who says there is a threat from mobile phone viruses

There are a number of sources of information which talk with some authority on the subject of the threat level imposed by mobile phone viruses.

  • US-CERT :
    The United States Computer Emergency Readiness team says that the relatively lax security of mobile phones have made them ‘attractive targets for attackers’. The fact that government institutions exist around the world such as US-CERT to defend against threats to national interests on the internet suggest that there’s something to it.
  • Google :
    On the other hand, Google themselves have gone to some lengths to reassure their Android customers, perhaps as you might expect ( Google, the search engine people also make the phone software used by most phone users – Android ) that the threat posed by mobile phone viruses is small.

So, there are arguments for and against installing antivirus software on your phone. What should you do to avoid the threats which are undeniably out there ?

You’ll get some virus protection without installing any software

Out of the box, any mobile device you have will have some basic antivirus facilities :

  • Common sense :
    Remember, you have to install the software on your mobile phone so that it can work on your device and achieve these goals for the hacker. The best way to think about things is simply not to install software from an unrecognized location. The best advice is don’t click on links you weren’t expecting or download a file you didn’t expect to get. To a degree it depends on how comfortable you are with technology or the worst happening when it was least expected.
  • Free Android Weekly scan :
    Android phones are usually scanned once a week. This free capability is undertaken as part of the basic software capabilities and won’t cost you a penny.
  • Google ‘Bouncer’ :
    Google have installed a ‘Bouncer’ facility in to their Google Play store. ( That’s a real thing, it really is called Google ‘Bouncer’ ) This automatic facility scans apps and software uploaded to the Google Play store. Everything you get from this sort of online store has been thoroughly checked and you’re unlikely to have a problem with it.

However, there is a major financial incentive to get in to your device and get hold of the information which is on it. As a result, the list of ways that hackers are trying to get hold of your information has grown.

What should I look for in my AV software for Android and iOS?

Any antivirus problem has to do the basics : pick out, identify, section off and deal with the malware and virus nasties we’ve discussed here. Table stakes for being defined as antivirus software is the ability to deliver against these essential requirements. In addition to those fundamentals, the best antivirus software applications you’ll find for your phone often benefit from the facilities and capabilities we explore in this section. Our suggestion is that you read them, decide what’s important to you and review the antivirus software you choose against them.

  • Easy to use :
    Most of us are far from experts when it comes to managing threats from hackers. Tying together a firewall, password manager and software to secure your personal information sounds like a job for a professional, not a working mum. But everyone has a smartphone these days. Usability is a computer industry term. A product is considered ‘usable’ when the interface the user has access to involves well considered design principals which make it easy to do what you want to do. Bigger companies are better funded and resourced and tend to do this better. The mobile phone antivirus software you pay for is likely to be easier to use than the free versions.
  • False positives :
    As we’ve said, to be considered worthwhile as antivirus software, whatever you buy must be able to thoroughly assist you in identifying malware or viruses on your phones. One feature of the better antivirus software on the market it its ability to avoid false positives. False positives are where the software detects and stops a ’threat’ which is not a realistic problem for you, the user. Getting constant ‘reminders’ that your banking application is trying to access the internet ( of course it is, that’s where your bank details are ) is annoying and ruins productivity.
  • Uses processor power :
    Better antivirus software is efficient. This is especially important in mobile phones. Make sure you choose software which is efficient in it’s power usage so you’re not exposed to running out of battery unnecessarily.
  • Cost :
    In some senses, it’s true that you get what you pay for when it comes to antivirus software. But you don’t want to pay too much. Expect to pay in the region of $20 to $30 per year for antivirus software for your phone. Look out for deals, specials and discounts. There are often special circumstances which will help you get money off or back. Shop around.
  • Brand you trust :
    People go to brands they trust for the things they buy because they know the problem they have will be solved. You buy Colgate because you know it’s good toothpaste. You’ve been using it all your life. The same is true for antivirus software brands. Pick one from a company whose reputation you trust.

If you’ve got this far, you succeeded

Malware is not good stuff. Originally, it was invented by computer programmers who wanted to prank and impress each other. With the incentives around at the moment, their ideas have been hijacked. There is simply so much money to be made spying on people, stealing their bank details and extorting ransom money from them that there are organized and sophisticated groups of people dedicated to writing and using this code.

Serious international government bodies have been established to combat the threat. That they have had to be set up validates the risks. And while there are some free protections in place for your phone, it may make sense to investigate and purchase antivirus software for your phone. There are different sorts. You can choose free antivirus software or paid antivirus software. We recommend you consider what elements of the available solutions appeal to you and invest, now that you understand the risks involved.

 

Neil Aitken

Having worked in 3 countries for 4 telcos on both voice and data products, Neil is in a position to give you the inside track. Get beyond the marketing messages to the best plan for you.