The Singapore police and the Cyber Security Agency of Singapore (CSA) has issued an advisory to remind the public of the dangers of downloading files from unknown sources that can lead to malware installation on victims’ mobile devices.
This may result in confidential and sensitive data, such as banking credentials, being stolen.
Don’t download things from sketchy sources
The advisory said malware may infect mobile devices through various means, including through the downloading of free software from unknown sources, opening of unknown email attachments and visiting of malicious websites.
Users should also be wary if they are asked to download unknown or suspicious Android Package Kit (APK) files onto their mobile devices.
This files may appear with seemingly genuine naming conventions, such as GooglePlay23Update.apk or GooglePlay.apkUpdate.apk.
These are not official APK files released by Google even though they contain the references to “GooglePlay”, the advisory warned.
Plenty of risks
Upon installation of the mobile malware, users’ mobile devices may be exposed to the following risks:
• Significant decline in the mobile devices’ performance
• Unauthorised access to the mobile devices’ systems/ data that allow attackers to remotely control infected mobile devices, possibly resulting in loss of user control
• Unauthorised installation or uninstallation of applications
• Interception of SMSes
• Receipt of unwanted push notifications or warnings
• Exfiltration of confidential and sensitive data stored in infected mobile devices such as banking credentials, stored credit card numbers, social media account credentials, private photos and/ or videos, among other information.
Attackers can use such information to gain unauthorised access to users’ social media accounts to perpetrate impersonation scams or perform fraudulent financial transactions that results in reputational and monetary losses.
Prevention methods
Members of the public are advised to take the following steps to ensure that their mobile devices are adequately protected against malware:
• Only download and install applications from the official app stores (i.e., Google Play Store for Android and Apple App Store for iOS), and check the developer information on the application listing and confirm it is the official developer before proceeding with the download
• Review the security permissions required by application and/ or its privacy policy before installation
• Avoid clicking on pop-up ads, suspicious links or opening files or email attachments from unknown senders
• Ensure that your mobile devices are installed with updated anti-virus and anti-malware applications that can detect and remove malware
• Ensure that your mobile devices’ operating systems and applications are updated regularly to be protected by the latest security patches.
Users are advised to perform an anti-virus and anti-malware scan on their device if they suspect that their mobile device might have been exposed to malware infection.
They are also advised to uninstall any unknown applications that are found in their devices immediately.
Users can contact their vendor for assistance directly or consider reformatting the affected device to factory default if their mobile device still shows signs of infection.
They are advised to back up the data from their device on an external storage device before reformatting.
To find out more about mobile malware and the preventive steps that users can take to protect their mobile devices, please refer to CSA’s SingCERT advisory.
Top photo via Unsplash
