relentless mobile threats to avoid
DESCRIPTION
Lookout analyzes more than 30,000 apps every day. Although most are safe, there are a few categories to watch out for. Here's Lookout's list of mobile threats to avoid.TRANSCRIPT
RELENTLESS MOBILE THREATS TO AVOID
By Lookout, Inc.
Every day, Lookout analyzes more than 30,000 apps from around the world.
While most apps are safe, a handful of them pose notable risks.
APPS THAT SPY ON YOU
1
It sounds like the stuff of James Bond, but some apps
can spy on everything you do with your phone.
WE CALL THIS
SURVEILLANCEWARE
1
Apps that spy on you
WHY IT’S DANGEROUS The malware accesses personal data stored on the device
and continues to collect new information based on your
activity on the phone (envision a husband looking for
evidence of his spouse’s cheating). This can put you at risk of
identity fraud and result in your pictures, videos, browser
history, call history, and more falling into the wrong hands.
1
Apps that spy on you
HOW YOU ENCOUNTER IT Surveillanceware is effectively spyware that is sold with a warning: in
order for you to use the product legally, you must inform the person
that they are being watched. Surveillanceware gets on your phone
when someone takes your device and downloads the software.
!
In 2014, we found tens of thousands of people affected by
Surveillanceware.
1
Apps that spy on you
SAFETY TIP: !
• Setting a pin or passcode on your device is your first line of defense against an unauthorized third-party, making it that much harder for someone to install unwanted software on your phone.
1
Apps that spy on you
APPS THAT HOLD YOUR PHONE FOR
RANSOM
2
One of the worst feelings is being forced into doing something you don’t want
to do. Unfortunately, there are mobile applications that do just that. This type of
malware locks a victim’s device, demanding money in return for access.
WE CALL THIS RANSOMWARE
2
Apps that hold your phone for ransom
WHY IT’S DANGEROUS It often uses fear to get what it wants. A user might lose their data or
the use of their device overall as many of these pieces of malware
are extremely difficult to remove (oftentimes because victims give
the ransomware “device admin” privileges). If the victim gives in to
the ransom, they can be out hundreds of dollars with no guarantee
that their device’s activity will be restored.
2
Apps that hold your phone for ransom
HOW YOU ENCOUNTER IT Recently, we’ve seen ransomware targeting the U.S. through drive-by
downloads, or when a victim has malware secretly downloaded to their
device when they visit a “malicious” or infected website. It is also likely
distributed through spam campaigns.
!
In 2014, we believe over a million people have encountered ransomware.
2
Apps that hold your phone for ransom
SAFETY TIPS: • Avoid awarding device administrator to applications
unless you’re really sure of what they do
• Only download applications from developers you know and trust
• Download a mobile security app such as Lookout, which can detect these threats before you ever open them
2
Apps that hold your phone for ransom
MALWARE THAT USES YOUR PHONE WITHOUT
YOUR PERMISSION
3
We discovered malware that infects its victims by secretly
downloading the malware to your phone when you visit bad websites.
Once on your phone, the malware lets criminals send things like
scalped tickets or send spam campaigns through your phone.
WE CALL THIS NOTCOMPATIBLE
3
Malware That Uses Your Phone Without Your Permission
WHY IT’S DANGEROUS You don’t want activity you didn’t approve happening on your device.
NotCompatible has the ability to trick websites into thinking that web
traffic is coming from your phone when it’s actually coming from
another destination. For example, ticket scalpers use Not Compatible
to buy tickets through your phone to later be resold. When they use
your phone as a “proxy” to access, say, TicketMaster, that website then
believes it’s you accessing it and not the real culprits -- the scalpers.
You’re caught in the middle of the scheme without ever knowing it.
3
Malware That Uses Your Phone Without Your Permission
HOW YOU ENCOUNTER IT NotCompatible is downloaded to a person’s phone after they access a
website that is secretly harboring malware. This is called a “drive-by
download” and is only possible when the “unknown sources” setting on
an Android is enabled. We’ve also seen links to sites secretly
downloading NotCompatible in phishing emails.
!
In 2014, we found hundreds of thousands of people affected by
NotCompatible.
3
Malware That Uses Your Phone Without Your Permission
SAFETY TIPS: • Avoid opening spam email. Unexpected emails from long lost
friends with generic titles such as ‘hot news’ ‘You Won $1000” are normally a good indication that an email is spam.
• Use common sense when clicking on links. If it’s not a website name that you recognize, err on the side of caution. Be especially careful when receiving links that have been ‘shortened’ (e.g. bit.ly/ABCD), as it stops you from seeing what website you might be traveling to.
• If your mobile device unexpectedly starts downloading a file that you weren’t expecting, don’t click on it – delete it!
• Download a mobile security app like Lookout that scans for malware
• Disable the “unknown sources” setting in your Android
3
Malware That Uses Your Phone Without Your Permission
AGGRESSIVE AD NETWORKS
4
Advertisements fuel the mobile ecosystem and allow us to enjoy
free apps like Candy Crush and Instagram, but some mobile
advertising practices cross the line and put your privacy at risk.
WE CALL THIS ADWARE
4
Aggressive ad networks
WHY IT’S DANGEROUS Adware grabs a lot of highly personal information about you
(like email, location, and contacts) that you might not realize is
being taken. It can also modify phone settings and desktops
without properly notifying you or getting your consent. Just
because it’s tracking you for seemingly innocuous “advertising
reasons” doesn’t mean you shouldn’t be informed.
4
Aggressive ad networks
HOW YOU ENCOUNTER IT Adware is often added to what can seem like a normal app that you
download from an app store. Lookout flags adware based on these
guidelines.
!
In 2014, millions of people were affected by Adware.
4
Aggressive ad networks
SAFETY TIPS: !
• First things first, check the app reviews – make sure there aren’t complaints about overactive, intrusive, or privacy-breaching advertisements. !
• Before hitting install, review what personal information the app collects. If you’re uncomfortable with what’s being harvested, don’t use the app.
4
Aggressive and pushy ad networks
For more mobile security tips, follow