search

APTs Meet Mobile Devices

Mobile devices are an enticing target for a motivated attacker. This task introduces you to how threat actors shift gears and focus on these juicy targets.

hashtag
App Store Malware

You may recall cases of malicious apps disguising themselves as legitimate utilities (such as photo editors) being listed on app stores such as Google Play. While applications are vetted using automated scanners, as proven, much like anything in cyber security, these are not 100% proof.

While in most cases these malicious apps are used to collect information such as contacts, call logs, and clipboard contents, they can also have much more nefarious features, such as overlaying on top of other apps (such as the browser) to steal login credentials and act as spyware. The primary motivation for malicious applications like this is to harvest data and credentials at scale, usually for selling on notorious underground markets.

A famous example is a photo editing app that uploaded users' photos to the developer's systems without any notice or permission and injected adware to generate revenue. While these apps are usually not targeted, they reinforce that nothing is ever 100% safe. Below, we will discuss some examples of motivated attackers using targeted applications in their attacks.

hashtag
Spyware and Surveillance

The uncovering of Pegasus, a very sophisticated piece of malware designed for surveillance purposes, often gaining access via "zero-interaction", was capable of things such as:

  • Reading emails, accessing photos

  • Reading messages

  • Tracking via GPS

  • Recording phone calls, the microphone and camera without any user awareness

  • Capturing credentials

  • Having very little trace of presence

Pegasus used a combination of "one click" or "zero click" attacks, known as the "BLASTPASSarrow-up-right" exploit chain, requiring the user only to click a URL (or even none at all! Exploiting vulnerabilities within system applications such as Messages, WhatsApp, etc) to place itself within the device.

If you would like to learn more about this sophisticated malware, Citizen Lab published numerous research articles which can be found herearrow-up-right.

To put you at ease, sophisticated tooling such as Pegasus is not deployed lightly. Cases like this only add fuel to the debate between ethical and legal law enforcement techniques and user privacy.

Other notable malware used by attackers include banking trojan apps such as Anubis, Cerberus and Exodus.

PreviousChallenges With Mobile Device ForensicsNextAcquisition Techniques

Last updated