Smartphones have become an integral part of our lives. From children, teenagers, adults and the elderly, globally, the average user now spends almost four hours daily looking at his cell phone. There's really no need to list all the things people can use their cell phones for. From social interaction to shopping, gaming and so on… you know what they can do.
These capabilities, however, come at a price. The plethora of things people can do on their mobiles creates a vast, cyber threat landscape with criminals trying to steal victims' money, data and identities, sometimes demanding a ransom for their return.
Ας δούμε μερικά παραδείγματα αυτών των απειλών, όπως τις περιγράφουν οι ερευνητές της εταιρίας λογισμικού ασφαλείας ESET. Όπως θα δείτε, ορισμένες από αυτές δεν είναι απλές απάτες που μπορούν εύκολα να εντοπιστούν, αλλά αντίθετα είναι εξελιγμένες, πολυεπίπεδες και καθοδηγούμενες από Τεχνητή Νοημοσύνη επιθέσεις που απαιτούν πολύ ισχυρότερη άμυνα από ένα άγρυπνο μάτι και ένα απλό antivirus.
Ο long list of ESET investigations on this particular topic shows how carefully the company studies these threats.
Table of Contents
Anyone can be a target
There are 4,8 billion smartphone users, i.e. more than half of the world's population of 8,2 billion people. Statista she appreciates that smartphone users will reach 6,4 billion by 2029.
According research by 2024 conducted by data management company Harmony Healthcare IT, mobile screen time is increasing with each generation. While American baby boomers (people born from 1946 to 1964) spend 3,5 hours a day on their phones, millennials' phone use is up by one hour, while Generation Z spends an average of 6 hours and 5 minutes on her cell phone every day.
As smartphone usage increases, so does the overall volume of Android malware. The number of malicious programs Android detected increased from 1,7 million in July 2014 to 35,2 million in July 2024, according to data from the AV-TEST Institute.
As the use of mobile phones grows, so does the possibility of users being subjected to phishing attacks. The data collected internationally in 2022 show that mobile phones experiencing phishing attacks increased from 35,46% in 2020 to 53% in 2022, while the percentage of mobile users who clicked on six or more phishing links almost doubled from 14,3% to 27,6 % within this time period.
Threats are everywhere
Let's look at some of the latest examples of mobile threats, some of which are featured in the last one ESET threat report (First Semester 2024).
ESET experts contributed to the research conducted by Threat Intelligence unit of Group-IB, describing the GoldPickaxe malware family that affects iOS and Android mobile phones and has victims in the Asia-Pacific region.
Αυτό το κακόβουλο λογισμικό μπορεί να υποκλέψει ευαίσθητες προσωπικές πληροφορίες του θύματος από οικονομικές εφαρμογές όπως η Digital Pension for Thailand, παρά την προϋπόθεση οι χρήστες να καταγράφουν ένα σύντομο βίντεο του προσώπου τους από διάφορες γωνίες χρησιμοποιώντας την μπροστινή κάμερα της κινητής συσκευής τους ως μορφή ασφαλούς control identity.
To achieve this, cybercriminals steal victims' biometric data and use AI-based services to create deep imitations of victims' faces.
Ένα άλλο παράδειγμα δείχνει ότι οι απατεώνες δε διστάζουν να βάλουν στο στόχαστρο ακόμη και παιδιά. Σύμφωνα με την τελευταία Έκθεση Απειλών, η τηλεμετρία της ESET εντόπισε απάτες phishing που εκμεταλλεύονται το Roblox, μια platform games sandbox which is very popular with children and is available on many operating systems (including Apple and Android). Roblox also has a virtual currency called Robux that can be bought with regular money, which makes it attractive to cybercriminals. The Roblox community has created a long list of threats here.
Επίσης, χρησιμοποιώντας τις μηχανές ανίχνευσης της ESET σε συνδυασμό με άλλες πηγές, οι ερευνητές της ESET εντόπισαν πρόσφατα εκστρατείες espionageς που διέσπειραν ψεύτικες εφαρμογές ή τροποποιημένες νόμιμες εφαρμογές σε χρήστες Android στην Αίγυπτο και την Παλαιστίνη. Οι φορείς της απειλής χρησιμοποίησαν ειδικές ιστοσελίδες phishing για να διανείμουν κακόβουλες εφαρμογές που παρίσταναν νόμιμες εφαρμογές συνομιλίας, μια εφαρμογή για εξεύρεση work και μια εφαρμογή ληξιαρχείου.
Another malicious campaign in the Czech Republic recently uncovered by ESET researchers targeted customers of three banks and was used for unauthorized withdrawals ATM from the victims' bank accounts.
Cybercriminals first tricked victims into thinking they were contacting their bank, then tricked them into downloading and installing a fake banking app with the malware ESET called NGate. The malware then cloned Near Field Communication (NFC) data from victims' cards using NGate and sent that data to an attacker's device, which is then able to impersonate the original card and withdraw money from an ATM.
This series of recent examples alone shows the full range of tools cybercriminals have at their disposal. Notice the variety of their targets – kids playing games or adults looking for work, wanting to chat or do financial transactions.
Be ready for anything
With a wealth of features and capabilities, mobile devices should make our lives easier and not cause cyber-threat headaches. This is why multi-layered protection is required with an emphasis on prevention using reliable mobile security software.