Skip to main content
Sep 18 2018

Malware detection: are your apps cheating on you?

In my previous blogs, I talked about the new era of endpoint attacks, especially for weakly secured IoT devices, and how cybercriminals are quickly learning to leverage botnets, orchestrate them and run very focused and destructive attacks. However, it’s not just vulnerable IoT devices that are ingress points, but also highly secured smartphones that are now being targeted at scale.

Growth in smartphone attacks

In the last three years, our Nokia Threat Intelligence Center has recognized a scary growth in smartphone attacks that malware writers and scammers love to employ. In addition to the traditional SMS Trojans, spy phone apps, banking Trojans, information theft and ransomware, we are now seeing bitcoin mining added to the smartphone attack repertoire.

Most smartphone malware is distributed as trojanized applications or games from third-party app stores — that is, not from Apple’s App Store or Google Play, which tend to be better policed. So it is concerning when a major game distributer chooses to bypass Google Play. We recently saw that Epic Games’ decided to publish an Android version of “Fortnite” on their own homepage and not via Google Play. Sure, Epic Games isn't the first major company to circumvent the 30% Play Store tax, but from a security perspective, they left their smartphone players vulnerable to malicious copycat apps downloaded from the wrong site.

With Fortnite being released to iOS users months before it was released on Android, Epic Games created a window of opportunity for hackers to exploit. Impatient Android users, hungry to get their hands on the new game, were ripe for the picking. Hackers used the interim period to spread fake videos with advice on how to download Fortnite Android before the official launch. These videos just directed users to install malware-filled fake apps or hand over payment details to scammers.

Another recent example of smartphone spy-malware is HeroRat. The malware has a wide array of spying and file exfiltration capabilities, including intercepting text messages and contacts, sending text messages and making calls, audio and screen recording, obtaining device location, and controlling the device’s settings. Once downloaded it then leverages the bot functionality of the hugely popular Telegram app (more than 200 million users per month) to control the device and communicate with the malware owner.

And I could go on, warning you about Mysterybot or Frankenstein, but the list of sophisticated smartphone malware is endless, and it is getting more and more sophisticated, even bypassing the security checks of the Google Play Store.

NetGuard protects 100+ million smartphone users

NetGuard
Figure 2: Nokia NetGuard Endpoint Security Solution

 

In this environment, it is good when smartphone subscribers have a trusted communication service provider (CSP) that has deployed modern network-based malware detection software. These CSPs are able to warn their user base immediately when a traffic anomaly is detected. It can also assist them with the remediation process. For instance, Nokia has deployed Netguard Endpoint Security for smartphones and IoT devices in CSP networks around the globe — we are helping to protect more than 100+ million mobile users worldwide today.

What makes NetGuard Endpoint Security unique?

So why is Netguard Endpoint Security so awesome? It’s a signature-based detection technology used in network-based sensors. It scans network traffic looking for known malware patterns or ‘signatures’ that provide indisputable evidence that the user is infected. It identifies the malware involved based on its large and ever-growing library of known bots and malware. It leverages the best features of a number of detection technologies to provide accuracy and coverage that individual techniques cannot provide on their own.

NES
Figure 3: Direct comparison of various detection techniques against various malware types.

The Nokia Netguard Endpoint Security solution is based on proven intrusion detection technology that combines analysis of packet headers and content, flow state, traffic thresholds, IP address and DNS blacklists to positively identify the C&C (command and control) traffic associated with malware activity. Basically, it provides CSPs — and especially their smartphone customers — with the best malware detection available.

New white paper

Download our new white paper that compares NetGuard Endpoint Security to other malware detection methods.

Nokia has extensive experience in helping companies secure multi-vendor and multi-technology networks. Contact us to learn how our security solutions can help with analytics and automation to modernize your security strategy and respond early in the cyber kill chain.

Share your thoughts on this topic by joining the Twitter discussion with @nokia and @nokianetworks using #security #netguard #5G #cloud #IoT # IoTsecurity #CyberSecurity #databreach #hack #hacking

About Gerald Reddig

Gerald leads the global portfolio marketing efforts for Nokia’s security solutions. He is a member of the broadband forum, directs Nokia´s membership in the IoT Cybersecurity Alliance and steers Nokia´s Security center in Finland. Gerald is on the speaker’s circuit at international conferences and a recognized author on the topics he’s passionate about: cybersecurity technology, data privacy and finding the right solutions to prevent vulnerabilities, hacker trojans or man-in-the-middle attacks.

Tweet me at @geraldreddig