2020 changed the way we work, giving people the flexibility to work from remote locations.
In many cases, it also allowed them to work from devices that are not trusted or managed by their workplace. Cybercriminals have also changed the way they work, with attacks becoming more frequent and sophisticated.
In Australia, one cybercrime is reported every 10 minutes and malicious cyber activity is only increasing in frequency, scale, and sophistication, according to the Australian Cyber Security Centre 2020 report. Cybercrime is now one of the most pervasive threats facing the country and impacts both individuals and organisations at home and in the office.
Mobile phones have become an integral tool in the remote work set-up of many people and a new honeypot for criminals to target. Mobile attacks through sideloading are now looming as one of the biggest cyber security risks in Australia, but it is not often talked about because most victims do not even know it is happening.
Sideloading is an unauthorised upload, download or file transfer between two devices, such as a computer and a mobile, without the same security assurances that come with approved downloads from trusted sources such as the App Store or Google Play Store.
Cyber criminals are targeting unsuspecting victims with promises of money, VIP benefits and, in an increasing trend, “free” versions of premium mobile apps, such as Netflix or TikTok.
This could affect smartphone users on many fronts, from social and entertainment apps to those used for finance, healthcare, and insurance. These cyber criminals lure victims into clicking a link in an SMS or on a website, or downloading a free app from a third-party app store.
Sideloading apps or files onto a mobile from the open web, the files are not scanned and vetted. This paves the way for malware to be unwittingly installed onto the device. If people are not careful, they could be installing malicious spyware without realising it, and then using those infected devices on workplace networks.
Curious to know more about these malicious apps, I downloaded copies of a premium version of Netflix and TikTok. Unknown to the unsuspecting user, the TikTok app contained an Android Banker Trojan and the Netflix app contained a Remote Access Trojan (RAT).
The RAT can steal personal information, such as call log information, monitor SMS messages, access the microphone and camera to record audio or images as well as stealing contacts and other files that reside on the device. What is more concerning, the RAT remains even after intentionally rebooting and restarting.
Even more frightening, when financial malware programs such as Banker Trojan are active, it collects the user’s mobile number, mobile device serial number and SIM card serial number and uploads this to a hard coded command and control server.
This is concerning from a consumer’s perspective, but it also allows the attacker to steal the victim’s credentials, which are then sent to the command-and-control server, allowing the attacker to send new malicious actors to compromised computers. For example, in the “Shadows in the Cloud” cyber espionage campaign, an attacker used one Yahoo! Mail account to get access to three Twitter accounts, five Yahoo! Mail accounts, twelve Google Groups, eight Blogspot blogs, nine Baidu blogs, one Google Sites and sixteen blogs on blog.com to be used as part of the attacker’s infrastructure.
Sideloading is a threat to consumers personally, but it also significantly increases potential avenues for a hacker to infiltrate into corporate networks. To stay secure on your mobile when working remotely, there are a few important rules to follow:
- Only use the official app stores to download apps.
- Ensure Google Play Protect is always running on Android.
- Disable the installation of unknown apps across all applications.
- Ensure Android Developer Tools and USB debugging are disabled.
- Consider using an AI-powered mobile threat defense product to be alerted about potential threats on the device.
- For organisations managing mobile devices or work apps, ensure the configured compliance policies match the significance of the threats.
- Consider separating and securing work data from personal data using work containers.
Looking ahead, the uptake of 5G will increase the flow of information across mobile networks and devices, bringing with it heightened security risks. Cyber criminals will quickly find new ways to exploit vulnerabilities. Threats from sideloading should not be ignored in the changing mobile security landscape.
Adam Sloan is Principal Sales Engineer, BlackBerry Spark, Australia & New Zealand.
