The experts at G DATA CyberDefense counted more than 2,5 million malicious apps for Android devices in 2021. According to the G DATA Mobile Security Report, the number of attack attempts that were averted has also increased by 21 percent within a year. Methods to infiltrate smartphones with malware are app stores, SMS phishing or the spy software Pegasus.
Attacks on smartphones with the Android operating system increased again in 2021 compared to 2020. According to an analysis by G DATA CyberDefense, the number of repelled attack attempts increased by 21 percent. The pace of the attackers is still high: every twelve seconds a new defective Android app appears. There are many different ways of attacking: Via app stores, via SMS phishing, through manipulation at a repair service provider and through updates. Other security-related problems in the past year were security gaps in iOS and the spy software Pegasus, which some countries used against the political opposition.
Pegasus spy software, SMS phishing and more
"We are storing more and more personal data on smartphones, such as access information for our social media channels or online banking through to the payment app for contactless payments," says Stefan Decker, security researcher in the mobile team at G DATA CyberDefense. “It is precisely such information that is attractive to cybercriminals and can be monetized in underground forums. There are always new tricks to install malware on Android devices. But even well-known attempts at attacks, such as the wrong SMS with a link to track the parcel, even though nothing was ordered, still lead to the goal if people are careless.”
The fight against windmills
Security researchers repeatedly unmask fake apps in the app stores. These look harmless, but contrary to the official description, they contain malicious code. If the users then grant extensive permissions during the installation process, the attackers read out personal data or access the operating system remotely. Google has invested heavily in the security of its app store and removes malicious apps immediately. However, if you install applications from a third party, you should take a closer look when in doubt, because other app stores carry out far less strict controls.
Beware of phishing via SMS
However, installation via an app store is just one of many gateways for cybercriminals. Another popular scam in 2021 was phishing via SMS. The attackers took advantage of the fact that many people work from home and the trend towards online orders. The criminals sent masses of SMS with delivery instructions for parcels. However, the link in the SMS led to a fake website from which visitors downloaded and installed malware onto their devices.
You should also be careful with updates. Here, the attackers send fake messages and request an installed app to be updated. The download link then leads back to the wrong website, from which users install an app with malicious code.
A key rule for smartphone users is: never give your unlocked cell phone to a third party. A fraction of a second is enough for criminals to manipulate mobile devices. This can also happen when the Corona-Warn-App is checked or when your own device is repaired by a service provider.
"If you want to be on the safe side, you should install a security solution that also controls access by apps to your own data," says Stefan Decker. “Many users consider iOS to be a safer alternative to Android. But Apple's operating system also revealed numerous vulnerabilities in the past year that were only fixed by updates. Again, users need to remain vigilant and install security updates as soon as possible.”
The spy on the smartphone
Another excitement: The spy software Pegasus. Pegasus is actually used to fight terrorism. However, investigations have shown that customers of the Israeli manufacturer NSO also used Pegasus to monitor and spy on non-criminals, including voices critical of the regime, such as members of the political opposition, journalists and people associated with or supporting human and civil rights movements.
Cyber criminals will continue to attack mobile devices to harm users in the years to come. Especially with Android devices, cybercriminals benefit from the large number of operating versions that are still active. However, some of them do not have the latest security updates, which makes access easier. Anyone who uses a smartphone without a current security update should be aware of the danger and take precautions to protect their personal data.
More at GData.de
About G Data With comprehensive cyber defense services, the inventor of the anti-virus enables companies to defend themselves against cybercrime. Over 500 employees ensure the digital security of companies and users. Made in Germany: With over 30 years of expertise in malware analysis, G DATA conducts research and software development exclusively in Germany. The highest standards of data protection are paramount. In 2011, G DATA issued a “no backdoor” guarantee with the “IT Security Made in Germany” seal of trust from TeleTrust eV. G DATA offers a portfolio from anti-virus and endpoint protection to penetration tests and incident response to forensic analyzes, security status checks and cyber awareness training to defend companies effectively. New technologies such as DeepRay use artificial intelligence to protect against malware. Service and support are part of the G DATA campus in Bochum. G DATA solutions are available in 90 countries and have received numerous awards.