Why nation-state hacking groups are increasingly turning to mobile malware

State-backed campaigns increasingly use mobile devices to gather intelligence because smartphone security isn't taken seriously enough.
Written by Danny Palmer, Senior Writer

Nation-state hacking groups are increasingly targeting mobile devices in an effort to conduct espionage, intelligence gathering and sabotage of selected targets.

Mobile malware is being deployed by certain nation-states to monitor dissidents, journalists and others. While the scale of these attacks is limited for now, a new research paper warns that nation-state backed hacking operations are increasingly focused on mobile attacks.

The shift is partially being driven by the increased adoption of security on desktop computers and partially by the way many users remain naive about securing their smartphones.

SEE: Mobile device security: Tips for IT pros (free PDF) (TechRepublic)

That's despite smartphones containing vast amounts of personal data about users, information detailing who they're in contact with and when. The GPS tracker of mobile devices also provides attackers with an opportunity to monitor the exact location of their victim, which could pose a physical threat to those targeted.

The warning comes from researchers at Crowdstrike, who've detailed current trends in attacks targeting Android and iOS users in the new Mobile Threat Landscape Reportand the rise in nation-state campaigns targeting mobile devices is one of the biggest trends.

Hacking groups working on behalf of China, North Korea, India, Pakistan and others are known to have distributed mobile malware to target individuals both within and outside of their own borders.

For example, one North Korean campaign targets defectors and their supporters with trojan malware for the purposes of spying on them.

Meanwhile, the Syrian Electronic Army – which works in support of Syrian President Bashar al-Assad – has targeted opponents of his regime with trojanised versions of messaging applications, including WhatsApp and Telegram, which conduct surveillance on victims.

The report also notes that Fancy Bear, the infamous Russian hacking group, is also known to have dabbled in mobile malware with X-Agent, which can run on Windows, Linux, iOS and Android.

"We've been seeing more and more threat actors targeting these mobile endpoints," Adam Meyers, vice president of intelligence at Crowdstrike told ZDNet.

"There's lots of reasons a nation-state would target a mobile platform – certainly to get to communications that are otherwise not something they can view, secure messages through applications like WhatsApp, Telegram and Skype."

The research paper suggests the rise in attacks against smartphones will see hacking groups port families of targeted trojan malware to aid intelligence gathering.

While the vast majority of users won't find themselves targeted by nation-state backed hacking operations, there are simple things users can do to avoid falling victim to other cyber-criminal groups.

For example, users should be mindful about what they download and where they download it from, as well as being wary of applications with excessive permissions – many malicious apps demand permissions they don't need in order to provide the malware with the tools required to be effective.

"Be sensitive to what permissions you allow applications to have. Does a flashlight app need access to your text messages? Certainly not. Look at the permissions the apps ask for and be diligent what you do and don't allow," said Meyers.

"Remove applications you don't need. It's really the safest thing you can do," he added.


Editorial standards