The first week of April was a very special time for my family as we prepared our hearts and minds for the celebration of Jesus’ resurrection.  The meaningful week was shared with lots of family.  During one of our dining room table discussions, I was asked by one of my siblings about my familiarity with a certain antivirus app for Android.  I was not familiar with it, which made me skeptical, and unfortunately, for the life of me I can’t remember the name of it anymore, as the product name was suspiciously generic.  But I removed it immediately for her and installed our trusted Thirtyseven4 Total Security Mobile App.  Her question about the app surfaced because a week or so prior, she was alerted by a warning message on her Samsung Galaxy S4 that her phone was infected with twenty virus threats, and that downloading this free security app would resolve her issue (Textbook Scareware!!  Do NOT fall for these!  Never a good idea!).  Upon my investigation of her phone, I quickly found that this “security app” was not the app it pretended to be but rather an adware driven app that continually served unwanted advertisements to her phone.  Over the years, we have grown leery of such “Scareware” threats on the Windows side of things, but cybercriminals are now using this same scare tactic with mobile security apps in alarming numbers.

Unfortunately, situations like this on smartphones and other mobile devices are becoming very common, and to test your knowledge on just how serious the threat of malicious Android based malware is, we have used our Thirtyseven4 real-world statistics generated by our Virus Lab to create a quick quiz.  Let’s take a quick multiple choice test.

 

Question 1:  How many Android-based samples were received into our Thirtyseven4 Virus Lab in the 1st Quarter of 2015 (Jan-March)?
A)1,700
B)17,000
C)170,000
D)1,700,000

Question 2:  The number of samples in Question 1 resulted in roughly what percentage of increase over the same period last year?
A)0%
B) 20%
C) 100%
D) 200%

Question 3:  True or False:  Android-based samples received into our Thirtyseven4 Virus Lab in the 1st Quarter 2015 outpaced Windows-based malware.
A)True
B)False

 

If you answered D, D, A– Congratulations!  Mobile malware is on the increase.  In fact, of the Android samples our Thirtyseven4 Virus Lab received last Quarter, we discovered roughly 160 new malware families and over 200 new variations of existing malware families.  And drilling deeper into those statistics, Android Adware samples were the most common form of malware received (at over 50%!).  Navigating the Internet on your mobile devices, clicking on ads and links, and downloading free Apps (even for a noble reason like keeping your child occupied) should no longer be taken lightly.  Even ransomware (i.e. CryptoLocker, CryptoWall) threats now have mobile app counterparts (Android.Simplocker).  And the scariest aspect of the 1st Quarter findings was that a high number of mobile malware received into our Team were originally downloaded from Google Play.  This means that hackers are now reaching their victims over trusted platforms!

Given the alarming 1st Quarter statistics and the Android-targeted trends that were anticipate will significantly increase in 2015 for mobile malware, here are five suggestions for Securing your Galaxy (and other Android-based devices).  And while this may appear to some as simply a shameless plug to promote our Thirtyseven4 Total Security solution for Android—it is not.  There are a plenty of other trusted security apps available, however, I will use Thirtyseven4 Total Security as an example when necessary.

 

  1. Install a trusted mobile Total Security app.  The mobile security app should be downloaded from a genuine source and should do more than simply detect existing threats.   For all the reasons and stats provided above, conventional scanning no longer cuts it.  The selected app must implement aggressive and specialized detection and prevention methodologies against new and existing mobile threats.   Also because mobile malware authors are continually implementing new techniques, the following features are also very important to look for (and are included in Thirtyseven4 Total Security). Parental Controls- this setting blocks malicious and potentially dangerous websites. With this feature, a parent can block user specified websites based on their category such as adult, gambling, pornography, violence, etc.  Secure Data- this backup feature allows a user to backup their data to the Cloud or restore lost data from the Cloud. Privacy Blocker- safeguards against unknown callers or unknown texts. Many of today’s threats are a result of unsolicited links in texts.   Privacy Advisor- notifies and allows a user to do a quick inspection of apps that might affect your privacy.  Security Advisor- guides you about settings that can enhance the overall security of your mobile device (i.e.  “Screen lock” setting is not enabled on your phone, and then the Security Advisor will instruct you to enable it.).  The good news is that mobile security apps are typically available at low costs. For example the Thirtyseven4 solution is only $5.00.
  2. Avoid accessing public Wi-Fi.  Unlike websites, mobile apps don’t encrypt data properly, so the information shared while on public Wi-Fi networks can be easily intercepted and stolen by a hacker.  A good rule of thumb is if the website you are accessing on public Wi-Fi requires you to log-in with your user credentials think twice and do not proceed.  All information shared over public Wi-Fi can be viewed and then potentially used against you in a targeted attack.
  3. Armor your Android (or other mobile platform) with a password.  A recent published study found that close to 40% of mobile device owners don’t password protect their device.  Without a password, if your phone is lost or stolen all your information- including banking apps, email accounts, and so much more- is at the mercy of the finder or thief.  Even if you password protect your phone, the auto-save password feature can come back to bite you.  This is the main driving force behind the Anti-Theft module in Thirtyseven4 Total Security.  With the Anti-Theft module configured, if your phone is lost or stolen, you have the ability to remotely lock your phone or wipe all the data from it, thus protecting your data from falling into the wrong hands.
  4. Never click on links or open attachments received in unwanted or unexpected emails and text messages. Access websites directly.  If there is an app you are curious about, research it thoroughly and then visit a genuine app store directly (i.e. Google Play or Apple Store).  Fake Amazon or Costco coupon advertisement are a dime a dozen.  Don’t be fooled!
  5. Before installing a new app, read the required permissions carefully before proceeding.

 

It is my intent each month to educate CCM Readers about Tech Issues and Topics that are relevant and helpful.  It is not my intent to shamelessly pitch Thirtyseven4 to said Readership.  But as a Security Expert, and in discussion about a topic that I see changing in a volatile nature in a matter of a few months—I feel it is in your best interest for me to advise you on acting proactively.  There are other solid mobile-security products out there (email me and I will verify before you purchase!), but I created Thirtyseven4’s Mobile Security and I know it will keep you, your phone and your data safe, so it is what I recommend.

My scripture memorizations brought Paul’s words to mind: (14) I do not write these things to shame you, but to admonish you as my beloved children. (I Corinthians 4:14).  My heart is truly to help educate the public on the dangers/vulnerabilities that our virus labs monitor.  In my case I am not trying to scare anyone, but rather educate that things are getting worse on smartphones.

And so that is how our Easter dinner-table discussion went: computers are my thing, and so my sibling asked my advice.  As we explored the situation, I realized she had downloaded a scareware wolf in sheep’s clothing.  Which is exactly the plan for virus-writers.  Join me in thwarting their plans.  We are more educated than that, and you can install a trusted Mobile Security App before they prompt you to install their “security”, which does quite the opposite of keeping you and your information safe.

Now that we have Mobile Security covered, can someone please Pass the Rolls?