Games, apps, websites… anything can be abused. How to protect your family from mobile threats

ESET levels up its Mobile Security app to be even more effective against phishing.

Smartphones have become an integral part of our social lives. From children to teens and on to adults and the elderly, globally, the average user now spends almost four hours daily staring at their mobile phone. There’s really no point in naming all the things people can use their mobile phones for. From social interaction to shopping, gaming, and so on… you know what they are capable of. 

These capabilities, however, come at a price. The variety of things people can do on their mobile phones creates one huge, messy cyberthreat landscape with criminals trying to steal victims’ money, data, and identities, sometimes demanding a ransom for their return.

This blog will show you some real-life examples described by ESET researchers of what such threats look like. As you will see, some of them are no longer simple scams that can be easily spotted, but are instead sophisticated, multi-staged and AI-driven attacks that require much stronger defenses than a watchful eye and simple antivirus.

The long list of ESET research pieces on this topic demonstrates how carefully ESET studies these threats. And ESET experts are not just watching. More than ten years ago, ESET created award-winning multilayered protection against a multitude of Android security issues called ESET Mobile Security, which has been protecting millions of people around the globe. Now ESET is coming forward with improved Phishing Protection, extending threat coverage even more.

There are 4.8 billion smartphone users, which is more than half of the current global population of 8.2 billion people. Statista estimates the smartphone user base to reach 6.4 billion by 2029.

According to a 2024 survey conducted by the data management firm Harmony Healthcare IT, phone screen time increases with every generation. While U.S. baby boomers (people born from 1946 to 1964) spend 3.5 hours per day with phones in their hands, millennials’ use of phones is one hour longer, and Generation Z spends an average of 6 hours and 5 minutes on their phone daily.

And just as smartphone usage is rising, so is the total volume of detected Android malware, increasing from 1.7 million in July 2014 to 35.2 million as of July 2024, according to the AV-TEST Institute’s data.  

While the usage of mobile phones grows, so does the increase in user susceptibility to phishing attacks. Global data gathered in 2022 shows that encounters of personal mobiles with phishing rose from 35.46% in 2020 to 53% in 2022, and the percentage of mobile users who tapped on six or more phishing links almost doubled from 14.3% to 27.6% within this time period.

Let’s see several of the latest examples of mobile threats, some covered by the latest ESET Threat Report (H1 2024).  

ESET experts complemented the research conducted by Group-IB’s Threat Intelligence unit, describing the GoldPickaxe malware family available for both iOS and Android, targeting victims in the Asia-Pacific region.

This malware can steal a victim’s sensitive personal information from financial apps such as Digital Pension for Thailand despite a requirement that users record a brief video of their face from various angles using the front camera of their mobile device as a form of secure authentication.

To achieve that, threat actors steal victims’ biometric data and utilize AI-driven face-swapping services to create deepfakes.

Another example shows that scammers don’t hesitate to even target children. According to the latest Threat Report, ESET telemetry detected phishing scams abusing Roblox, a sandbox gaming platform very popular with kids and available on multiple operating systems (including Apple and Android). Roblox contains virtual currency named Robux that can be purchased with real money, which makes it attractive for cybercriminals. The Roblox community has created a long list of Roblox threats here.

Also, using ESET detection engines in combination with other sources, ESET researchers recently discovered espionage campaigns spreading fake apps or trojanized and reverse-engineered legitimate apps to Android users in Egypt and Palestine. Threat actors used dedicated phishing websites to distribute malicious apps impersonating legitimate chat apps, a job opportunity app, and a civil registry app.

Another recent malicious campaign uncovered by ESET researchers and run in the Czech Republic targeted clients at three Czech banks to facilitate unauthorized ATM withdrawals from the victims’ bank accounts.

At first, cyber criminals deceived victims into believing that they are communicating with their bank, and then tricked them into downloading and installing a fake banking app with the unique malware that ESET named NGate. The malware then clones near field communications data (NFC) from victims’ payment cards using NGate and sends this data to an attacker’s device that is then able to imitate the original card and withdraw money from an ATM.

Just this handful of recent examples shows how large of a portfolio of tools cybercriminals have at their disposal. Notice the variety of their targets – children playing games or adults seeking a job, wanting to chat, or doing financial operations.

To deal with these scenarios, both individual users and households need a reliable security solution capable of stopping threats, ideally before they execute and cause any harm.

ESET Mobile Security provides award-winning protection against a multitude of Android security issues such as viruses, ransomware, adware, and other malware, or unwanted permissions given to applications. It also offers multilayered protection against phishing, smishing, and scams.

Here is a brief list of some features:

Antivirus – Protects against malicious app installs and from malicious apps downloaded from app stores. With permission, Antivirus can also check all files on the mobile device.

Anti-Phishing – Protects against malicious websites attempting to acquire users’ sensitive information on the most used browsers and social networks including Facebook, Facebook lite, Instagram, and Facebook Messenger. SMS notifications are also covered. It also protects from accessing phishing or fraudulent sites that can be used, for example, to distribute malicious apps.

Link Scanner – This year, ESET introduced Link Scanner, which allows ESET Mobile Security to check every link a user tries to open, not only those coming from supported websites and social network apps. For instance, if a user receives a phishing link in a game app and opens it, the link is first redirected to the ESET Mobile Security app, where it is checked before being redirected to the browser.

Remember the Roblox attacks? Some of them start exactly with phishing links received via in-game messages or found in fake profiles used by scammers.  

Adware Detector – Sometimes a user cannot identify which app is causing annoying unwanted pop-ups. The ESET Adware Detector functionality tracks all apps that are shown on the screen so the user can easily identify the app that should not be running and delete it.

Payment Protection – This is a safe launcher for financial apps, ensuring that other apps on your device will not be able to recognize the launch of a sensitive app, nor allow other apps to replace or read the screens of the financial app in question. This makes use of finance or other sensitive apps safer.

Anti-Theft – The ESET Anti-Theft feature protects your mobile device from unauthorized access, enables you to monitor foreign activity, and tracks your device’s location. You can also display a message to the finder if your device is lost.

There may be some iOS users who still hold on to the myth that their devices are secure simply because of the way these operating systems are built – applications on iPhone or iPad devices run in their own separate virtual spaces and can communicate with each other to a very limited extent. This environment also prevents external antivirus apps for iOS from working properly.

However, there are notable cyber incidents, proving that iOS is not impenetrable. Therefore, iOS users should enhance the security of their devices with additional layers such as VPN , Identity Protection*, and Password Manager.

All of these are available for both iOS and Android users via ESET HOME Security, the recently upgraded all-in-one solution created for consumers who want to protect their household against all kinds of cyberthreats.

Packed with tons of features and capabilities, mobile devices should make our lives easier, and not trigger headaches due to cyberthreats. That is why multi-layered protection focusing on prevention is needed.

Being a security leader with more than three decades of experience, ESET protects smartphone users of all generations whether they are browsing the internet, chatting, shopping, playing games, or executing financial operations.

* ESET Identity Protection is available only in selected countries.