The world is witnessing a plague of mobile adware, one of the most common forms of cyberthreats designed to collect personal information from a user’s device, according to research from security specialist Check Point.
The company says that about 4-billion people are connected to the Internet via their smartphone, yet companies rarely prioritise mobile security. Check Point’s Cyber Security Report 2020 shows that in 2019, 27% of companies suffered a cyberattack because the security of a mobile device was breached.
“It only takes one compromised mobile device for cybercriminals to steal confidential information and access an organisation’s corporate network,” explains Pankaj Bhula, Regional Director: Africa at Check Point. “More and more mobile threats are created each day, with higher levels of sophistication and larger success rates. Mobile adware, a form of malware designed to display unwanted advertisements on a user’s screen, is utilised by cybercriminals to execute sixth-generation cyberattacks.”
The main problem with adware is pinpointing how a phone became infected. Adware is developed to sneak on to a device undetected without uninstallation procedures. Removing this type of virus can be extremely difficult and the information it collects, such as a devices operating system, location, images, can be a high security risk.
Adware is commonly distributed through mobile apps. According to Statista, there are 2,5-million apps available to Android and Google Play users and there are 1,8-million apps available on the Apple Store. These figures demonstrate the wide scope of this kind of attack, giving a clear indication as to why cybercriminals focus on mobile devices.
One example of the power of the adware plague is Agent Smith, a new variant of mobile malware detected last year by Check Point. Agent Smith infected roughly 25-million mobile devices worldwide, without being noticed by users. To do so, it imitated a Google application and exploited known vulnerabilities in Android systems, automatically replacing installed applications with versions containing malicious code, all without the user’s knowledge. It also exploited the devices resources by displaying fraudulent ads which could generate a profit by stealing bank credentials and eavesdropping.