ADVERTISEMENT
TechEconomy
Friday, June 6, 2025
No Result
View All Result
  • News
  • Tech
    • DisruptiveTECH
    • ConsumerTech
      • Accessories
      • Phones
      • Laptop
      • Gadgets and Appliances
      • Apps
    • How To
    • TechTAINMENT
  • Business
    • Telecoms
      • Broadband
    • Mobility
    • Environment
    • Travel
    • Commerce
    • StartUPs
    • TE Insights
    • Security
  • Partners
  • Economy
    • Finance
    • Fintech
    • Digital Assets
    • Personal Finance
    • Insurance
  • Features
    • IndustryINFLUENCERS
    • Guest Writer
    • Appointment
    • EventDIARY
    • Editorial
  • Apply
  • TecheconomyTV
  • Techeconomy Events
  • BusinesSENSE For SMEs
  • TBS
  • News
  • Tech
    • DisruptiveTECH
    • ConsumerTech
      • Accessories
      • Phones
      • Laptop
      • Gadgets and Appliances
      • Apps
    • How To
    • TechTAINMENT
  • Business
    • Telecoms
      • Broadband
    • Mobility
    • Environment
    • Travel
    • Commerce
    • StartUPs
    • TE Insights
    • Security
  • Partners
  • Economy
    • Finance
    • Fintech
    • Digital Assets
    • Personal Finance
    • Insurance
  • Features
    • IndustryINFLUENCERS
    • Guest Writer
    • Appointment
    • EventDIARY
    • Editorial
  • Apply
  • TecheconomyTV
  • Techeconomy Events
  • BusinesSENSE For SMEs
  • TBS
No Result
View All Result
Tech | Business | Economy
No Result
View All Result
Podcast

Home » Mobile Malware Landscape in 2022 – Of Spyware, Zero-Click attacks, Smishing and Store Security

Mobile Malware Landscape in 2022 – Of Spyware, Zero-Click attacks, Smishing and Store Security

Techeconomy by Techeconomy
September 16, 2022
in Security
0

RelatedPosts

Why Nigeria Must Embrace AI-Powered Cybersecurity Now

Why Nigeria Must Embrace AI-Powered Cybersecurity Now

June 5, 2025

Sophos Updates its Firewall Software to Enhance Protection, Incident Response Capabilities

June 5, 2025

Cyberattacks are increasing in number all the time. Indeed, our 2022 Mid-Year Report revealed a 42% global year-on-year increase in attacks and according to the World Economic Forum’s 2022 Global Risk Report, 95% of cybersecurity issues are traced back to human error.

This should be a red flag for all organizations, especially with the transition to remote and hybrid working, where employees are using mobile devices more often.

These devices now have access to sensitive company data and direct connectivity to the enterprise network.

Combine that with the key ‘human error’ ingredient and you’ll see why mobile devices are such a prime target for cybercriminals. 

Despite this, many corporate cybersecurity strategies tend to focus only on traditional endpoints, such as laptops. Do you know if all the mobile devices in your organization are safe from malware? Perhaps you have Mobile Device Management (MDM) and think that’s enough?

Unfortunately, MDM does not provide intrusion detection or scan for malware. And with the mobile threat landscape constantly evolving, it’s never been more important to have a robust solution in place. Let’s take a look at the current mobile malware landscape and what you need to know to stay protected in 2022.  

Thriving spyware marketplace 

The current mobile malware landscape is a minefield with more and more vulnerabilities being exploited and spyware software being deployed. In our last security report, we noted that NSO Group’s notorious spyware, Pegasus, was wreaking havoc after it was discovered gaining access to the mobile devices of government officials and human rights activists.

Unfortunately, 2022 was no different, with Pegasus found to have compromised the devices of Finland’s Ministry of Foreign Affairs, Spain’s Prime Minister as well as multiple devices of UK officials.

In July, Apple introduced a ‘lockdown mode’ for its devices to protect against Pegasus hacks. Even though this mode will increase the security of the users who will use it, but it will also significantly reduce the user experience and limit the functionality of iPhones.

However, while Pegasus is one of the most powerful tools currently on the market, the surveillance vendor ecosystem has also become more competitive. For example, Predator, a spyware produced by commercial surveillance company Cytrox, infected iPhones towards the end of 2021 via single click links sent over WhatsApp. As of today, the reach of these tools, let alone their mechanisms, is not yet fully understood by the cyber community despite extensive research efforts. 

Zero Click Attacks

In terms of techniques, this year we have seen a surge in discovered zero-click attacks. As the name suggests these attacks require no input from the victim before deploying malware. This is because they exploit existing vulnerabilities in already installed apps, allowing threat actors to sneak past verification systems and begin their attack unnoticed.

This technique is particularly focused on applications that accept and process data, for example, instant messaging and email platforms.  

We saw this in action in April when a new zero-click iMessage exploit leveraged to install Pegasus on iPhones was discovered, running on some early iOS versions. The exploit named HOMAGE was used in a campaign against Catalan officials, journalists and activists.

It’s important to emphasize however, that this technique isn’t just a threat to world leaders but to the everyday person and organizations. Our phones are hubs of confidential data, both personal data such as banking information as well as business data, with many employees now connected to their company’s networks and data via their mobiles, which multiplied over the pandemic with thousands working from home. Cybercriminals are utilizing this silent and persistent practice to gain as much access as possible. 

Smishing attacks on the rise 

In addition to Zero Click attacks, we have also observed a continuous uplift in the spreading technique known as “Smishing” (SMS Phishing), which uses SMS messages as the attack vector for malware distribution. These attempts often imitate trusted brands or personal contacts to entice the victim to click on a link or share personal details in confidence. This method has proven particularly successful as after one device has been compromised, its entire contact list is up for grabs, creating an endless cycle of possible victims.  

https://techeconomy.ng/2020/09/ncc-alerts-telecom-subscribers-on-vishing-scams-other-e-frauds/

This is how the infamous Flubot was commonly deployed. Since its emergence in December 2020, it has been considered the fastest growing Android botnet ever seen.

The group is known to be particularly innovative and continuously seeking to improve its variants, having claimed tens of thousands of victims.  As such, in June, an international law enforcement operation involving 11 countries led to its infrastructure being taken down and rendering the malware inactive. 

Evidently, Flubot’s position could not remain vacant for too long, as a new Android malware operation called MaliBot emerged in the wild soon after. MaliBot is targeting online banking and cryptocurrency wallets in Spain and Italy, looking to replicate the success of its predecessor. At the time of writing, MaliBot is already the third most prevalent mobile malware worldwide, despite being so new, with AlienBot taking the top spot. 

Safety on the App Store?

Many users turn to application stores to help keep their devices secure, however, unfortunately there are apps that claim to help manage security risks but which often contain malware themselves.

The most secured stores like Google Play Store and Apple App Store have thorough review processes to investigate candidate applications before they are uploaded and are held to high security standards once they are admitted onto the platforms. A recent report stated that throughout 2021, Google blocked 1.2 million suspicious applications and Apple blocked 1.6 million.

Resourceful cybercriminals continually try to bypass these security measures, though, with different tactics such as manipulating their code to pass through the filters or introduce initially benign applications and add the malicious elements at a later stage.

So, it’s not surprising to still find malicious applications hiding in these stores. In fact, these platforms remain the main infection vectors in mobile threats. For example, Check Point researchers recently analyzed suspicious applications on the Google Play Store and found a few of them masquerading as genuine Anti-Virus solutions, while in reality, once downloaded the apps installed an Android Stealer called SharkBot which steals credentials and banking information. And in February, an Android banking Trojan called Xenomorph was spotted lurking behind a fake productivity application on the Google Play Store. There were over 50,000 downloads.

It must also be noted that due to the pandemic fueling increased use of mobiles for work purposes over the last two years, leveraging mobile phones for work purposes suddenly became the new normal for many users and enterprises, which meant targeting the mobile devices became also the new normal for cybercriminals. 

Unfortunately, the general awareness of the users of mobile phones with regards to cybersecurity attacks is much lower, and even though, many of them have started leveraging their personal or work-provided mobiles for work purposes, many still do not view it as a sensitive corporate environment, being less careful of malicious emails or links they receive.  

Unfortunately, the threat landscape is evolving rapidly, and mobile malware is a significant danger to both personal and enterprise security, especially as mobile devices are vulnerable to several attack vectors, from the application to the network and OS layers.

To combat this risk, organizations should also be looking to instill proactive strategies that can keep staff and corporate data safe from a potential attack.

This must be a continuous journey as cybercriminals are relentless, always adapting and improving on their tactics. 

For mobile users themselves, we recommend additional safety measures such as downloading applications only from certified Google and Apple stores, and even while downloading them there – review the recommendations, and number of downloads of a certain application, to verify that the applications is legitimate.

https://techeconomy.ng/2019/03/understanding-a-cybercrooks-thinking-to-make-people-your-first-defence-against-phishing/

Mobile users should adopt on their mobile phones, the same rules they have as on their desktop devices such as not clicking on links from unknown senders, whether it comes via email, SMS message or messaging applications, and not to download files from untrusted sources.

For some businesses it may be beneficial to employ the help of tools that fortify endpoint resilience and secure remote users. 

Check Point Harmony  for instance, uses real-time threat intelligence to actively guard against zero-day phishing campaigns, and URL filtering to block access to known malicious websites from any browser.

It also enforces conditional access, ensuring that if any device does become infected it will be unable to access corporate applications and data. Harmony Mobile achieves all of this – and more – without disrupting employees or hampering their productivity.

Loading

Advertisements
MTN ADS

Author

  • Techeconomy
    Techeconomy

    View all posts
0Shares
Tags: smishingSpywareStore SecurityZero-Click attacks
Previous Post

Understanding the Value of Predictive Modelling for Business Optimisation in Uncertain Times

Next Post

N2.3m Flight Ticket to London a Rip off on Nigerians, Air Peace CEO Laments

Techeconomy

Techeconomy

Related Posts

Why Nigeria Must Embrace AI-Powered Cybersecurity Now
Security

Why Nigeria Must Embrace AI-Powered Cybersecurity Now

by Techeconomy
June 5, 2025
0

As someone who recently analyzed TSAN’s performance on industry-standard datasets like NSL-KDD, I found that it consistently outperformed older detection...

Read more
Sophos Launches New XGS Series of Desktop Firewalls

Sophos Updates its Firewall Software to Enhance Protection, Incident Response Capabilities

June 5, 2025
Aminu Maida and Judiciary | Cybersecurity Framework

NCC Unveils Cybersecurity Framework to Strengthen Nigeria’s Digital Space

June 5, 2025
Phishing, vishing, and smishing attacks

How to Spot Phishing, Vishing and Smishing

June 4, 2025
SMS Scams on the rise

SMS Scams Surge 73% | Data Finds Key Trends

June 2, 2025
IHS Nigeria and Tower sites security

IHS Nigeria Commissions 65 Patrol Vehicles to Enhance Telecoms Tower Site Security

June 2, 2025
Next Post

N2.3m Flight Ticket to London a Rip off on Nigerians, Air Peace CEO Laments

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

I agree to the Terms & Conditions and Privacy Policy.

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Techeconomy Podcast

Techeconomy Podcast
Techeconomy Podcast

Infowave is brought to you by TechEconomy. Every week we will bring new stories from startups and influencers who are shaping and changing the world we live in. We’ll also bring you reports on topics you should know.

Follow us @techeconomyng for more.

TECH TALK EPISODE 2
byTecheconomy

PRODUCTIVITY AND WORK-Life Balance

TECH TALK EPISODE 2
TECH TALK EPISODE 2
May 22, 2025
Techeconomy
CYBERSECURITY ESSENTIALS
April 24, 2025
Techeconomy
Digital Marketing Trends and strategies for 2025 and beyond
February 27, 2025
Techeconomy
Major Lesson for Techies in 2024 and Projections for 2025
December 6, 2024
Techeconomy
Major Lessons for Techies in an AI-Driven World | Techeconomy Business Series Highlights
November 26, 2024
Techeconomy
Maximizing Profitability Through Seasonal Sales: Strategies For Success
November 8, 2024
Techeconomy
Techeconomy Business Series
October 15, 2024
Techeconomy
PRIVACY IN THE ERA OF AI: GETTING YOUR BUSINESS READY
May 30, 2024
Techeconomy
Unravel the Secrets of Marketing Everywhere All At Once with Isaac Akanni from Infobip | Infowave Podcast Episode 1
February 9, 2024
Techeconomy
The Role of Ed-tech in Life Long Learning and Continuous Education
October 19, 2023
Techeconomy
Search Results placeholder

WHAT IS TRENDING

https://www.youtube.com/watch?v=g_MCUwS2woc&list=PL6bbK-xx1KbIgX-IzYdqISXq1pUsuA4dz

Follow Us

  • About Us
  • Contact Us
  • Careers
  • Privacy Policy

© 2025 Techeconomy - Designed by Opimedia.

No Result
View All Result
  • News
  • Tech
    • DisruptiveTECH
    • ConsumerTech
      • Accessories
      • Phones
      • Laptop
      • Gadgets and Appliances
      • Apps
    • How To
    • TechTAINMENT
  • Business
    • Telecoms
      • Broadband
    • Mobility
    • Environment
    • Travel
    • Commerce
    • StartUPs
    • TE Insights
    • Security
  • Partners
  • Economy
    • Finance
    • Fintech
    • Digital Assets
    • Personal Finance
    • Insurance
  • Features
    • IndustryINFLUENCERS
    • Guest Writer
    • Appointment
    • EventDIARY
    • Editorial
  • Apply
  • TecheconomyTV
  • Techeconomy Events
  • BusinesSENSE For SMEs
  • TBS

© 2025 Techeconomy - Designed by Opimedia.

Translate »
This website uses cookies. By continuing to use this website you are giving consent to cookies being used. Visit our Privacy and Cookie Policy.