Halloween may be spooky, but it’s not the ghosts and goblins you need to worry about. Something much more sinister is waiting at your door–and it doesn’t want your candy. This zombie wants your mobile device. Zombie Botnets, worms, and viruses are much scarier than kids in rubber masks. They do not knock, they slide into your device and hijack your bank account, your personal information, and your hardware without you noticing. These security threats are all trick and no treat. Here are some of the spookiest ones to look out for this Halloween.

Phishing and SMiShing

Phishing and SMiShing - a credit card on a fishing hook

Phishing attacks involve a scammer who baits a user into clicking an unsafe link or sending sensitive information. SMiShing is a form of Phishing that takes place over text. The strategies involved are nothing new–people have been getting Nigerian Prince emails for years. However, text-based phishing has been growing ever stronger over time.

A recent SMiShing scam in the United States starts with a text message that tells you to log in to Venmo to cancel a withdrawal. The link sends the victim to a fake login page and asks them to enter their account information and verify bank details. While the scam seems obvious, more elaborate versions exist.

Some phishing scams are even more subtle. Recently, thieves have taken advantage of a google calendar setting that automatically adds events to a user’s calendar. Then all the scammer has to do is send out some calendar invites preloaded with phishing links.

How to Be Safe

There are several steps to take to avoid Phishing and SMiShing scams. The best way to stay safe is to approach any link with caution. While texts about lottery winnings or estranged billionaire relatives may be obvious, Phishing links can pop up in seemingly-innocuous texts from friends or emails from companies. If you are suspicious of a link, verify it in person or navigate to the page through the company’s website. For more ways to stay safe, read the FTC Phishing Prevention page.

Trojans

Trojans - a trojan horse

As their name suggests, Trojans function like the trojan horse: they disguise as friendly software only to sneak malware into your system. Trojans are often intertwined with phishing. After all, a user may receive a malicious link to download an application outside of the app store. However, many trojans hide in plain sight.

Perhaps some of the most common trojans are fake banking apps. In fact, the 2019 McAfee Threat Report has seen a 77% increase in banking trojans since 2018. Many of these trojans pose as legitimate banks or third-party financial services. However, after a user enters their financial information, the app ceases to function. While the Google Play store has taken down many of these apps, more certainly exist or will exist.

Several trojans have also tried to capitalize on the popularity of cryptocurrency. Apps like Trezor Mobile Wallet and Coin Wallet pretend to generate unique crypto wallets. However, the crypto simply transfers into the attacker’s account.

How to Be Safe

Trojans, like Phishing scams, are not always obvious. To avoid them, never install an app from an external link. If an application wants you to change permissions to install an app from outside the app store, there’s a good chance that it is a trojan. Use this guide for more trojan prevention methods.
However, even these steps may not be enough to avoid trojans. The best way to be safe is to install an antivirus program on your mobile device. Avast and Bitdefender are both great mobile options but do your own research before choosing an antivirus.

App Clones

An app clone, as the name suggests, is a copy of a real application. Some app clones are nothing more than sloppy versions of the actual application, though they still pose a security risk. The popularity of FaceApp, for instance, resulted in a huge spike of clones. These FaceApp clones won’t steal your data, but they are certainly not safe. Many lack even the most basic functionality and fill your device with adware. Even the ones that function normally will often go years without updates, leaving vulnerabilities for hackers.

However, these FaceApp clones are relatively harmless compared to more sophisticated malware. A more malicious virus called Agent Smith replaces other apps with corrupted clones. The virus itself hides within a bad SDK. Once an infected app installs onto a device, it scans the other applications that have already been installed on the system. When it finds one on a specific list, Agent Smith triggers a false update that installs adware into the application and blocks future updates. In effect, the program infects other applications.

How to Be Safe

Avoiding app clones involves many of the same steps as avoiding Trojans; however, some extra precautions are necessary. Always verify the publisher of an app before installing it. Many clones will change a letter or add an exclamation mark, so little tweaks may be a dead giveaway. The best way to avoid clones is to download apps directly from the app store instead of third party sources. Simply installing an app from the source will help you avoid the overwhelming majority of clones.

Internet of Things Attacks

Attacks directed at the Internet of Things, or IoT, have tripled in the past year alone. In fact, F-Secure’s network of honeypots discovered a record-breaking 2.9 billion attempted attacks in the first half of 2019 alone. IoT attacks are growing more popular, so look out!

One of the most obvious security vulnerabilities is your smart home device. It’s no secret that Amazon listens to your audio recordings, but that’s not all. To make matters worse, smart home devices can easily be hacked to record you at all times. Stay aware of spyware!

But spyware is far from the only threat. Smaller IoT devices, such as smart locks, smart fridges, smart alarms, and smart cameras, have much weaker security controls than computers and phones. After all, who thinks to put antivirus on a smart light bulb? That makes smart devices easy targets. Once a single device is compromised, nothing will stop it from spreading to your home wifi. The botnet ADB Miner, for instance, uses this exact strategy to infect phones, TVs, and other smart devices on your network. It then secretly uses your processor to mine cryptocurrency without your knowledge. In fact, the threat is so huge that many companies segment their network.

How to Be Safe

While you can’t install antivirus on a smart outlet, you can definitely take steps to protect your smart devices. The easiest way to protect all your devices is to secure your Wi-Fi. Simply using a better password can protect your entire system. For more complicated smart devices, such as smart homes, update your software. These simple steps will keep your devices much safer. If that’s not enough, read this guide.

How to Protect Your Mobile Device

These security threats are only a small sample of what’s out there. Anything from a bad password to a corporate data breach could jeopardize your personal devices. Taking a few small precautions can make all the difference.

Change Your Passwords

We cannot stress this point enough: if your password is “Password 1” or “12345,” you may as well not have a password at all. It’s also super important to use a different password for every account in case one is compromised. If all those passwords are hard to remember, use a password manager. We recommend LastPass, though you should pick the option that suits your security needs.

Track Data Breaches

Even if your password is a hundred-digit alphanumeric with tons of random symbols, it may not be secure. In the event of a data breach, your account information could be compromised without you knowing. Make sure to track data breaches so you know when your information needs to be changed. Several websites, like Have I Been Pwned, will notify you in the event of a breach–even before the company does.

Update Your Software

Updates often come with important security patches and bug fixes. By simply turning on automatic updates, you significantly reduce the risk of an attack. Hackers will no longer be able to exploit certain bugs to harm your system, so keep it up to date.

Install an Antivirus

No matter how cautious you are, there’s always a chance you could catch a virus. To fix the problem, install an antivirus. Here’s a list of the best antivirus programs of 2019.

Protecting yourself from viruses is a difficult challenge, but building an app without security vulnerabilities can be even more challenging. However, thanks to our rigorous pre-development planning, we build safe and secure applications that protect your user’s data. To chat about app security, drop us a line or call us at 844.526.2253.