Cybersecurity researchers detected a 500% jump in attempted mobile malware attacks during the first few months of 2022, with significant peaks at the beginning and end of February. It’s huge leap and signals just how keen cyber villains are to steal sensitive information including passwords and bank details.
  • Both Apple and Android smartphones are targets for cyber criminals, but the more open nature of the Android marketplace and the ability to download apps from third-party app stores makes devices using Google's operating system more vulnerable to being compromised.
  • In contrast Apple’s iOS operating system is proprietary which means it’s harder to hack than Android operating systems. Further Android has a much larger user base compared to Apple’s iPhones. That said iPhones are not impervious to attacks.
  • Users of both Apple and Android smartphones can also find themselves the victim of SMS phishing (smishing) attacks, which sees text messages, containing malicious links, sent to users.
  • These SMS messages are designed to people into entering bank details or login credentials into a fake website for cyber criminals to steal. Common lures include fake missed delivery notifications and fake alerts related to the COVID-19 pandemic.
The following are particularly pernicious, widespread and well-known mobile malware:
  • FluBot has been active since November 2020. It’s designed to steal usernames and passwords from banks and other sites the user visits. Its equipped with a worm-like ability to spread itself by accessing the infected user's address book and sending SMS messages to their friends, making it deadly.
  • Another form of mobile malware causing problems for smartphone users is TangleBot. It first appeared in 2021 and is delivered mainly via fake package-delivery notifications. In addition to being able to steal sensitive information and control devices, it can intercept camera footage and audio recordings.
  • Moghau is another dangerous SMS-based malware threat. It deploys multi-lingual attacks to target users around the world with fake landing pages based on the country of the recipient. It’s designed to trick victims into downloading trojan malware.
  • TianySpy is malware that infects both Apple and Android users by spreading via messages that claim to come from the victim's mobile network operator.
Steps to protect yourself

Some SMS phishing tricks can be obvious but others can be sophisticated. With this in mind it’s a good idea to treat mobile messages that come from unknown sources with scepticism.
  • Never click on links in text messages, no matter how realistic they look.
  • If you want to contact the purported organisation sending you a link, do so directly through their website and always enter the web address manually.
  • It's also important that you don't respond to strange texts or texts from unknown sources. Doing so will often confirm you're a real person to future scammers.
  • If you receive a suspected malicious text message you can forward it to 7726, a free spam-reporting service provided by UK phone operators. After doing so delete the message.
  • Other countries have similar spam reporting services. Simply contact your mobile network operator and they will give you the number.