Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Malware & Threats

Malware Targeting Social Networks Emerging as a Major Mobile Security Threat

Malware targeting social networks appears to be the latest growing threat to mobile security. With people being “always connected” on mobile devices, and often not a full screen to easily see URL’s and click through destinations, it’s no surprise that mobile devices are appearing as the first device users are responding to threats with.

Malware targeting social networks appears to be the latest growing threat to mobile security. With people being “always connected” on mobile devices, and often not a full screen to easily see URL’s and click through destinations, it’s no surprise that mobile devices are appearing as the first device users are responding to threats with.

According to security software provider, BitDefender, a recent large-scale Facebook scam promising to show users a girl’s Facebook status which got her expelled from school generated 28,672 clicks, 24% of which originated from mobile platforms. Users who clicked on the link — whether on their PC or mobile device — downloaded a Facebook worm and fell victim to an adword-based money grabbing scheme. While this particular scam didn’t result in direct malware or a fraud scheme, it does illustrate the dangers as clicking on links so freely can often result in much worse things.

“When data security researchers focus on finding malware specifically designed for mobile platforms, they lose sight of an important mobile platform threat source — the social network,” said George Petre, BitDefender Threat Intelligence Team Leader. “Statistics indicate that malware targeting social networks may be the biggest current threat for mobile devices.”

Social Media Networks such as Facebook and Twitter to continue to post a threat to businesses across the board. In 2010, Panda Security reported that one third of small-to-medium-sized businesses (SMBs) experienced a malware or virus infection via social networks through July, and 23 percent actually lost sensitive data via these networks, according to Panda Security’s first annual Social Media Risk Index.

LinkedIn users have also been a target of several attacks, including a massive-scale attack in October 2010, when users of the popular business-focused social networking site began receiving emails with a fake contact request containing a malicious link.

PCs are no longer being the dominant form of computing and threats targeting the smartphone and tablet markets top the list of cyber concerns in 2011, according to several recent reports. Respondents to a 2010 Mobile & Smart Device Security Survey recognize the quickly growing world of connected smart devices and acknowledge that device security problems are not only inevitable, but serious.

Terry Cutler, a Certified Ethical Hacker and regular SecurityWeek contributor, says that more people are flocking to their smartphones and tablets, leaving their notebooks behind and that attackers are certain to try to profit from this trend. “There’s seemingly no end to the productivity gains from smartphones and tablets. With the anywhere access to email, applications, and data, workers are using their devices to do everything from staying in touch with co-workers on social networks to accessing and adding data to their CRM applications. Where people go, attackers follow,” Cutler writes. “We’re already seeing malware specifically designed to attack mobile devices. Although such malware is not a dire threat now, in the months and years ahead it most certainly will be. While such attacks are specific to mobile phones and some tablets, expect the same types of attacks that have plagued PCs for years to also hit mobile devices—namely, viruses, spyware, worms, and Trojans—designed to snoop, steal, or destroy data.”

Advertisement. Scroll to continue reading.

More Mobile Security News & Insights

Written By

For more than 10 years, Mike Lennon has been closely monitoring the threat landscape and analyzing trends in the National Security and enterprise cybersecurity space. In his role at SecurityWeek, he oversees the editorial direction of the publication and is the Director of several leading security industry conferences around the world.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.

Register

Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.

Register

Expert Insights

Related Content

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Mobile & Wireless

Infonetics Research has shared excerpts from its Mobile Device Security Client Software market size and forecasts report, which tracks enterprise and consumer security client...

Cybercrime

No one combatting cybercrime knows everything, but everyone in the battle has some intelligence to contribute to the larger knowledge base.

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

Malware & Threats

Threat actors are increasingly abusing Microsoft OneNote documents to deliver malware in both targeted and spray-and-pray campaigns.

Malware & Threats

Unpatched and unprotected VMware ESXi servers worldwide have been targeted in a ransomware attack exploiting a vulnerability patched in 2021.

Malware & Threats

A vulnerability affecting IBM’s Aspera Faspex file transfer solution, tracked as CVE-2022-47986, has been exploited in attacks.