Mobile phone viruses remain the exception rather than the rule, but there are enough nasty examples to make it worth taking precautions. PC Advisor explains how
Malicious software is leaping from PCs to mobile phones, as malware makers target the increasingly popular mobile platforms. Examples include the infected DroidDream and Plankton Google Android apps. An infected app released into the Android Market can damage several thousand phones before anyone discovers the malware's presence.
In the DroidDream incident, several thousand people downloaded software infected with a Trojan horse. It rooted their phone and sent their location data, phone number and other information to a remote server. Google quickly removed the app from the Android Market and uninstalled it from individual handsets. It also issued an update to repair the damage DroidDream had done.
The way in which Android apps are built allows a malware writer to disassemble a popular app, repackage it with malware, then upload it to the Android Market with only a slightly different name.
Nevertheless, we've yet to see any mobile malware infestations on the scale of desktop PC problems. Thus far, all reported incidents have been small, isolated outbreaks, patched or identified within several hours of their appearance. According to security firm Symantec, it's still early in the smartphone malware game; although the threat may seem overblown today, outbreaks are very likely to increase in the future.
Mobile threats to watch out for
Malware makers favour Android because of its open-source nature, allowing you to load custom applications on to your smartphone. But other mobile platforms are at risk of malware, too.
Apple screens all third-party apps to ensure they don't contain objectionable content. But these checks aren't always as thorough as they ought to be.
In July 2010, the Handy Light app passed Apple's screening process and appeared in the App Store. Although it looked like a simple flashlight app, it contained a hidden unofficial tethering function that let you treat your iPhone as a modem. Handy Light wasn't malicious, but it showed that no vetting system is entirely safe.
The mobile malware we've encountered so far has been hidden in Android apps. For a phone to become infected, you must install the compromised app; smartphones aren't as vulnerable to drive-by downloads and other infection methods as PCs are. This may change as malware makers target other mobile platforms.
Ultimately, it's up to you to make the right decision when choosing where to download apps and which ones to install.
In June, McAfee Labs released a report that claimed third-party app stores contain more infected apps than the official Android- and Apple-sanctioned markets. The Gemini Trojan for Android, for example, was distributed exclusively through third-party app stores in China.
How to protect yourself
The safest course is to avoid apps that you've never heard of and to thoroughly research apps and their publishers before downloading them. When you install an app, you'll see a list of permissions for services that it can access on your device. An alarm clock app, for example, shouldn't need to access your contacts. If something here looks fishy, don't download the app.
You should also be wary of what you click while browsing the web. In June, mobile security company Lookout discovered malicious advertisements aimed at tricking smartphone users into installing infected apps. Some types of mobile antivirus software, such as Lookout Mobile Security, have features intended to protect you from phishing attacks such as these.
If possible, install antivirus software on your phone. Many big-name security companies, including AVG, McAfee and Symantec, have free mobile apps for protecting your smartphone. Besides guarding against malware, these apps often include features that can remotely lock or wipe your phone – useful if your handset is lost or stolen.
If you've just upgraded to an Android smartphone, install a security app before any other – just as you would with a PC.
This way, your phone will be protected against malware from the beginning.
Smartphone malware is relatively easy to avoid; but being aware that it exists is the first step in protecting yourself and your data from falling victim to it.
- Mobile security software is also available from Vipre Mobile Security Beta, Kaspersky Mobile Security 9.0, BullGuard Mobile Security 10.0, F-Secure Mobile Security and G Data MobileSecurity.