By Drew M. Smith
Data loss has continued to be a worrying trend in the cyber world. Multiple large scale breaches have cost companies hundreds of millions of dollars in lost productivity, reputation and security upgrades. One thing that typically hasn’t been attacked has been cell phones. With most people’s lives now on their phones, it’s now considered more valuable than most possessions people own. Without being connected to a land line internet connection, hackers have, until recently, had an extremely tough time finding a way to get into phones.
Recently, Android phones were reportedly hacked by several different actors. What made these attacks unique was they didn’t just use one method of breaching the phone, they used three; Phishing, Credit Card Theft and Malware. Getting hit by one is bad enough, but getting hit by all three is debilitating, because you would never think the attack would come in sequence.
The name of the program is called the Marcher Android Trojan, a virus first spotted in 2013. The current campaign has been going on since January and specifically targeting Bank Austria customers. The first prong is the hackers send out a fake link to the Banks website. The links ask for the customer information including email and phone. Once they have that, they go to the social engineering phase which involves a fake company app. This app asks for the credit card information, disguising as a requirement in accordance to anti-laundering laws. Once in place, it asks permission to alter your security settings which allows it to upload itself onto the phone. Finally in place, they are in position to steal everything. Proofpoint, a cyber tracking company, believes over 20,000 people were compromised this way.1
While the number seems small, the mere fact that hackers now have a way to attack your cell phone is a worrying trend. Many people use their phones for everything and have many of their personal items on their mobile devices. If hackers can steal their information that easily, then they can also ruin their lives. Talk to your cyber insurance specialist about what steps to take with your phones and whether such protection can extend to your phones.