Imagine if your mobile phone could be used to spy on you, listen to your conversations, and send information and images from your device to a third party. This is not an imagined dystopian future, it is the story of Pegasus spyware installed on mobile devices by customers of the Israeli spyware company NSO.
Although Pegasus spyware is intended to be used solely by law enforcement agencies and is aimed at high value individuals, this story offers food for thought, as mobile malware and spyware are not just aimed at the wealthy and important. but they can have a serious impact. impact on the life of any person.
Other mobile threats like banking malware, for example, use a process similar to Pegasus spyware to reach user devices. For example, many of these types of malware are installed when people click on a link they received via SMS or WhatsApp and end up downloading a malicious application that could result in ad fraud, mobile ransomware, banking Trojans, or in some cases Even Roots or Jail breaks your phone to get full remote control over the device. The malware then allows criminals to listen in on calls, take screenshots, and see what the user types: capture of passwords and bank details.
Criminals use social engineering tools and approaches to lull users into a false sense of security. Pretending to be anything from a package tracking link to a bank confirmation link, these malware messages are designed to cause people to make impulsive mistakes. And these errors can completely compromise your device, putting you and your financial security at risk.
These smart malware infiltrations are designed to bypass people’s defenses. Another form of distribution is to take advantage of devices that have not been updated or to exploit vulnerabilities in the phone or in applications that are not yet patched. It is very important to make sure your mobile devices are up to date and to minimize risk by removing unnecessary apps, only downloading apps from official app stores, and avoiding clicking links from your mobile device.
Unfortunately, people are more likely to click on a link with their mobile device because they think it is more secure than a computer. You have to be careful and make sure that if you don’t know the sender, then you don’t download anything or click anything. It does not create an SMS message telling you to update your WhatsApp software or a link telling you to update an application that comes through a social media platform. Always update from the App Store or Google Play, nowhere else.
Also, beware of clickjacking, which is a form of mobile phishing that comes with an invisible link, which is covered in a “annoying” graphic element that is made to look like a small hair or a speck of dust. This tricks the user into cleaning hair or dust from the mobile screen, which triggers the link and launches a connection to the phishing site.
Keeping your mobile device infection-free means that you watch what you click, don’t trust unexpected links from unknown sources, don’t share information with anyone, especially if you call and pretend it’s from your mobile provider or bank, and do so. Do not provide people with your OTPs unless you have initiated the transaction yourself with a trusted agent. Mobile devices are just as at risk as computers, so stay alert, stay alert, and stay safe.
Anna Collard, SVP of Content Strategy and Evangelist at KnowBe4 AFRICA.