The Top 3 Mobile Security Threats & How to Combat Them

(written with Aaron Martin Olivares and Dan Bloom)

One of the most interesting things from my perspective at Allot is the view we have of the industry.

Over the last month, 3 new cyberthreats have risen to the top of our list because they are increasing in frequency and pose the biggest threat to mobile users throughout the world.

Thanks to our close relationships with our top-tier telecom customers, we have a unique perspective on what’s happening in the world.


Lately, most of the mobile cyber threats we are seeing are related to malicious adware and mobile trojans.


Mobile adware threats:

In regard to adware, it is very common, probably because, for cybercriminals, it was the best profit to risk ratio. It also comes in two main categories –

  • Adware only – this is used for sites with content that is mainly adware, popups or publicity
  • Adware virus – this is malware that behaves maliciously and has the “hidden” effect of opening adware sites


In applications classified as adware only, we encounter an app with a lot of advertisements. Adware viruses, on the other hand, may have no adware, but will infect devices, causing them to open browsers with a specified default domain in order to make victims watch advertisements. Adware viruses also modify some legitimate sites (such as Google, for example) to display ads or fake “results” from an adware website.


Mobile trojan threats

Trojans, on the other hand, get their name from the mythical Trojan Horse. Like the original story from ancient Greece, Trojans attack by stealth and disguise. They are programs that mislead people into thinking they’re something legitimate and harmless.

Trojans are often nestled within software bundles, or sent as email attachments that are harmful when opened. They can be destructive and can delete files or corrupt data. They can be used for phishing purposes, to steal data or money online, and they can be used for stalking and surveillance of unsuspecting users.


The top 3 mobile security threats facing customers

These are the top-ranked cyber threats we’re seeing.


This domain has been one of the most blocked among our mobile network operator customers.

How do subscribers typically get there?

People are typically forwarded to this domain through redirection from another website or through an adware virus already installed on customer equipment. This type of adware program is typically bundled with free software that subscribers download from the internet. Unfortunately, some free downloads do not adequately reveal that extra software will also be installed and users end up downloading adware without knowing it.

What is the behavior of this domain?

The function of this URL is to show unwanted ads and pop-ups to victims. However, even if it doesn’t have a direct malicious impact on user equipment, it can be very annoying because of the frequency of intrusive pop-up ads and redirections. Besides, this domain can redirect victims to other malicious sites.


2. AdWare.Script.Pusher.gen

This virus was one of the top-most blocked threats among our CSP customers.

How did subscribers download it?

Most commonly, this virus was included within a bundle of free programs downloaded from the internet. The software attempted to infiltrate user devices when people tried to load the programs.

What’s the impact?

Common symptoms include:

  • Advertising banners are injected into visited web pages,
  • Random text on web pages is transformed into hyperlinks,
  • Browser pop-ups appear that recommend fake updates or other software, and
  • Other unwanted adware programs get installed without the user’s knowledge.

What is the behavior of this malware?

The behavior of this virus is very aggressive. It’s much more intrusive than typical adware. Additionally, it attempts to infect the user with even more malware. That’s why it’s classified in the “pusher” category.


3. Trojan.AndroidOS.Boogr.gsh

This threat, intercepted by our platform, was also commonly found across most of our mobile network customers.

How did subscribers download it?

Like most Trojans, this malware is downloaded when users try to download a program or an app from a non-official source. According to some sources, it is disguised as a popular app or Android game. It is downloaded as well via a previous infection with the Trojan-Clicker.AndroidOS.Ubsod malware family.


What’s the impact?

This type of Trojan can download and install any type of content on infected devices.


What’s the behavior of this malware?

As Trojan malware, it can send SMS messages in order to subscribe to premium services, establish remote access connections, capture keyboard input, collect system information, download files, install additional malware, participate in distributed denial of service (DDoS) attacks, and more.


What can be done to combat mobile security threats?

Most of us are growing increasingly aware of the dangers and inconvenience of exposure to trojans, adware, data theft, phishing, ransomware, and other methods of mobile cyber attacks.


Cybercrime damages are anticipated to cost more than $6 trillion per year by 2021. This number, which comes from Cybersecurity Venture’s 2020 Annual Crime Report (ACR), is double their 2015 prediction of $3 trillion in cybercrime costs annually.


We see, more and more every day, that mobile subscribers and small businesses are extremely vulnerable to cyber attacks.


To combat the variety of threats out there, many top mobile operators, like Vodafone, Telefonica, and Hutchison Drei, are turning to network-based security to protect customers.


Network-based security stops threats at the network level, far from customer smartphones and computers. Because the protection runs on the network, no download is needed, it’s compatible with any range of devices and operating systems, and it’s always up-to-date to confront the latest threats, which is good news for mobile subscribers.


As a way to assure online security for every customer, many communication service providers are now relying on the NetworkSecure solution from Allot.


The good news is, at Allot, our network-based security platform is already protecting more than 23 million mobile subscribers.


Contact us for more details.

*** This is a Security Bloggers Network syndicated blog from Allot Blog authored by Juan Antonio Latasa. Read the original post at: