Hey, smartphone users! It is time to get some malware protection for your smartphone. According to Sophos, these are the top 5 malware exploits written for the Android platform.
“1. Andr/PJApps-C. When Sophos Mobile Security for Android detects an app as Andr/PJApps-C it means that we have identified an app that has been cracked using a publicly available tool. Most commonly these are paid for apps that have been hacked. They are not necessarily always malicious, but are very likely to be illegal.
2. Andr/BBridge-A. Also known as BaseBridge, this malware uses a privilege escalation exploit to elevate its privileges and install additional malicious apps onto your Android device. It uses HTTP to communicate with a central server and leaks potentially identifiable information.
These malicious apps can send and read SMS messages, potentially costing you money. In fact, it can even scan your incoming SMS messages and automatically remove warnings that you are being charged a fee for using premium rate services it has signed you up for.
3. Andr/BatteryD-A. This "Battery Doctor" app falsely claims to save battery life on your Android device. But it actually sends potentially identifiable information to a server using HTTP, and aggressively displays adverts.
4. Andr/Generic-S. Sophos Mobile Security generically detects a variety of families of malicious apps as Andr/Generic-S. These range from privilege escalation exploits to aggressive adware such as variants of the Android Plankton malware.
5. Andr/DrSheep-A. Remember Firesheep? The desktop tool that can allow malicious hackers to hijack Twitter, Facebook and Linkedin sessions in a wireless network environment? Andr/DrSheep-A is the Android equivalent of the tool.”
Sophos does offer a free security app, Sophos Mobile Security, for Android on the Play Store. My favorite security company, AVG, offers both a free and a Pro version that cost $9.99. Whatever you do, you need to get set up with something before it is too late.
ShareJUN
About the Author:
I am a cybersecurity and IT instructor, cybersecurity analyst, pen-tester, trainer, and speaker. I am an owner of the WyzCo Group Inc. In addition to consulting on security products and services, I also conduct security audits, compliance audits, vulnerability assessments and penetration tests. I also teach Cybersecurity Awareness Training classes. I work as an information technology and cybersecurity instructor for several training and certification organizations. I have worked in corporate, military, government, and workforce development training environments I am a frequent speaker at professional conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference in 2016, 2017, 2018, 2019, the (ISC)2 World Congress 2016, and the ISSA International Conference 2017, and many local community organizations, including Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2006 at http://wyzguyscybersecurity.com