Cybersecurity firm Kaspersky said it has detected five types of vicious mobile malware in the first half of 2022, which can potentially pose serious security threats to Philippine companies through personal devices of employees that are used for work.
Here’s a rundown of the types of mobile malware found by Kaspersky in work devices of its Filipino users:
- Generic Trojans may pass unnoticed when installed on your device, as it happens in many cases with different kind of malware Apart from stealing your data, Trojans can carry out a range other of functions, such as deleting, blocking, modifying or copying data, or disrupting the performance of computers or computer networks.
- Trojans cannot self-replicate or make copies of themselves but they delete, block, modify or copy data, and they disrupt the performance of computers or computer networks.
- Trojan-Downloader: This malware downloads and installs new versions of malicious programs on victim computers. Once downloaded from the Internet, the programs are launched or run automatically when the operating system of the computer boots up.
- Trojan-Dropper: This is designed to secretly install malicious programs built into their code to victim computers. A Trojan-Dropper saves a range of files that are hidden in the executable file to the victim’s drive and launches without any notification, which makes the malware protected from detection.
- SMS Flooder: This is a malware type designed to flood and clog text message channels with useless messages. This is a tool sometimes used by spammers.
- Backdoor: One of the simplest but possibly most dangerous types of Trojan. It allows an attacker to execute any command on a victim’s device.
In the thick of post-pandemic hybrid-remote work setup, Bring Your Own Device (BYOD) policies take on special importance for companies’ cybersecurity.
Kaspersky said the main idea behind proper BYOD security is that personal devices have to be treated in the same way as company-owned devices.
Not securing the devices of company staff whose own personal devices like laptops, tablets, and smartphones are used for work tasks and to access critical business information could be too risky for any organization, the company said.
According to Kaspersky, BYOD poses dangers by mixing corporate data and personal data on one device. Whenever personal data and corporate data are stored in the same mobile device, there’s the possibility of security risks. Separating corporate data and the user’s personal data can help businesses to apply special security measures for their confidential or business critical information.
Moreover, high-profile employees can become victims of cyber espionage. For instance, in 2020 Kaspersky found a new Android implant used by Transparent Tribe for spying on mobile devices. It was distributed in India disguised as a porn-related app and a fake national COVID-19 tracking app.
The app was able to download new applications to the phone, access SMS messages, the microphone, call logs, track the device’s location and enumerate and upload files to an external server from the phone. The malicious software discovered are in the form of Trojans disguised as legitimate, ordinary files created by cybercriminals to wreak havoc on the devices of its victims unnoticed.
Hackers often use these Trojans to steal private data, spy on users, and gain unauthorized access to corporate systems. These types of mobile malware get into computers through infected attachments, manipulated text messages, or fake websites and can read passwords, record keyboard strokes, or take the entire computer hostage.
