The more we depend on smartphones, the more attractive an attack vector they become. Android and iOS and devices have become common targets for cybercriminals, as people use them for work, communications, social media, travel, and important services like finance and healthcare.
"From an attack perspective … there's a lot of different ways malware gets onto a mobile device," says Adam Meyers, vice president of intelligence at CrowdStrike, who says the company has seen "every manner of actor" going after smartphones.
Cybercriminals use a wide variety of mobile malware families, which CrowdStrike breaks down into five categories: remote access tools (RATs), which are the most comprehensive threat to mobile devices, along with banking Trojans, mobile ransomware, cryptomining malware, and advertising click fraud.
One of the most common ways attackers get malware onto smartphones is via backdoored app stores and mobile apps, which has become "a very prevalent threat vector," Meyers says. In other cases, attackers try to convince users to download apps by sending phishing texts or emails that link to APK files hosted on attacker-controlled websites. Meanwhile, more targeted attacks may try to compromise a legitimate website to host a malicious application, adding a layer of legitimacy and possibly proving more successful if attackers knows their victims' browsing habits.
Some attackers fly under the radar; others leave clues behind. In some cases, your phone may be giving you hints it has been compromised. Here, mobile security experts share the red flags that may point to suspicious activity. Did we miss any? Feel free share them in the Comments section, below.