Sophie's Diary

Let’s begin today’s article with a little bit of ancient history. The world’s first smartphone took the world by storm 18 years ago, back in the year 2000, when Ericsson launched their now-legendary-among-geeks R380 model. This proto-smartphone ran on Symbian OS, and it was nothing short of revolutionary at the time. A little bit later, Nokia acquired the company behind Symbian, and started producing smartphones which dominated the mobile industry for almost a decade. Obviously, at the time, Symbian was what Android is now, i.e. the king of the hill, or the standard mobile operating system if you like. The problem with smartphones, even with the first generations, was that they were, well, too smart for their own good. What mobile app developers and users alike failed to anticipate was the rise of  malware attacks, also known as viruses.

First Smartphone Malware

Considering the fact that a smartphone is basically a portable computer (a smartphone has a CPU, RAM, a hard-drive of sorts and runs a complex operating system, just like your PC/laptop), it’s quite amazing that smartphones were believed (and still are) to be relatively immune to malware. It’s true that the first years of  Symbian’s golden age were relatively hassle-free with regard to mobile application viruses, as mobile internet was a rarity, and the app ecosystem was pretty closed and well regulated by Nokia, hence there was little need for mobile security. However, the first smartphone virus was created in 2004, or at least that’s the first we know of. The virus-software was written by a team dubbed 29A and it was designed to target specifically Symbian running devices. And Cabir was its name, also known as Caribe.  Cabir was transmitted via Bluetooth and it was classified as a worm, while the team who created it claimed they’ve only did it as a “proof of concept” kind of a thing, i.e. they just wanted to see if it can be done (putting malware into smartphones that is). However, Cabir proved once again the truth behind the myth about Pandora’s box: as soon as Cabir’s source-code was leaked on the internet (an inevitability if you ask me), unsavory individuals started using it to infect “other people’s cell phones” on a global scale.

Types of Mobile Application Viruses

We live in a day and age when smartphone ownership is, how I should put it, almost ubiquitous, and we are increasingly dependent on our devices for various daily activities, including mobile payments. Here is where things get very interesting for mobile apps viruses developers. The name of the game is money, obviously. There are 3 main types of mobile apps viruses, or malware:

  • Spyware, which is used to spy on the victim’s activities, as per its name, and to secretly gather personal/private/sensitive data, which is further relayed to 3rd parties
  • Trojans, which cause unauthorized/stealthy actions on your smartphone, like popping ads (which is extremely annoying) or installing unwanted software on your device, to name just a couple of things a respectable Trojan can do.
  • Phishing attacks, which are usually trying to steal your bank account/credit card credentials (again, it’s about money) while posing as a trustworthy entity

How Viruses Get Inside Your Smartphone

The most common way  malware enters one’s smartphone nowadays is via infected applications downloaded  by the victim from unofficial and legitimate places alike. Mobile app malware can be downloaded from Google’s Play Store for example, which was repeatedly found to contain malicious apps, not to mention unofficial/pirated apps downloaded from dubious 3rd party sites. There are also examples of malicious apps finding their way into Apple’s App Store, so nothing’s really 100 percent safe.

How to Protect Against Smartphone Malware

Let me give you an interesting factoid: according to Zonealarm, it is estimated that less than 15 percent of Americans have antivirus software installed on their smartphones. You see where this is going, right? Remember my previous comparison between a smartphone and a PC/laptop? Now, do you have antivirus software installed on your PC? How about your smartphone? And if the answer to the latter is “no”, can you explain why? As I already told you, most people still believe smartphones to be invulnerable to viruses/hack attacks, yet this type of “magic thinking” is plain wrong. Just like with your home-computer, antivirus software is your first line of defense against mobile malware. If you treasure the safety of your device and your data, get educated on smartphone security.

Antivirus software or not, always remember that the biggest risk with regard to getting infected with smartphone malware is represented by 3rd party apps, i.e. most viruses/malicious software are found in pirated/Trojanized apps downloaded from dubious websites. To make a long story short: always go for an official app store to get your mobile applications (Google Store, Apple Play Store). These guys regularly check their products for malicious behavior, and even if they’re not 100 percent safe, they’re much safer compared to getting mobile apps from outside official app stores. Also, don’t “jailbreak” your smartphone. The thing is, official mobile operating systems come with top notch built-in security. Hacking them via 3rd party software , also known as jail-breaking, removes some of these restrictions put in by the OS manufacturer, thus undermining the layers of security on your smartphone, rendering it vulnerable to malware. Also, remember to always keep your operating system updated, and the same goes for your antivirus software.

Be careful before you tap, as many account security breaches exploit you as the weakest link in the system. For example, if an unusual (as in probably malicious) login screen or pop-up ad suddenly appears on your screen, asking you to submit your (credit card/mobile banking/PayPal stuff or login information on social media, to give you a few examples)) credentials (these attacks are usually exploits which target a certain service to gain access to one’s information, but it’s really complicated),well, look before you tap, as in try not to be the weakest link in the chain. Don’t fall for social engineering tricks. Legitimate companies will never ask you to introduce your credentials via pop up ads and things of that nature.

Final Words

After all is said and done, common sense and thinking before you leap will go a long way.