cxo voice
  • Home
  • Technology
    • AI
    • Cloud
    • Telecom
    • Data Center
    • BPM
    • Blockchain
  • Finance
    • Banking
  • Cyber Security
  • View Points
  • Leaders Talk
  • News
  • Press Release
    • Submit Press Release
No Result
View All Result
  • Home
  • Technology
    • AI
    • Cloud
    • Telecom
    • Data Center
    • BPM
    • Blockchain
  • Finance
    • Banking
  • Cyber Security
  • View Points
  • Leaders Talk
  • News
  • Press Release
    • Submit Press Release
No Result
View All Result
Leaders Talk and Latest Tech News | CXO VOICE
No Result
View All Result
Home News Cyber Security

The Emergence of Spyware, Zero Click Attacks, Smishing, and Store Security

Sundar Balasubramanian by Sundar Balasubramanian
September 20, 2022
Zero click attacks

Indeed, our 2022 Mid-Year Report revealed a 42% global year-on-year increase in Cyberattacks. And according to the World Economic Forum’s 2022 Global Risk Report, 95% of cybersecurity issues are traced back to human error. This should be a red flag for all businesses, especially with the shift to remote and hybrid work, where employees use mobile devices more often. These devices now access sensitive company data and direct connectivity to the enterprise network. Combine that with the key ‘human error’ ingredient, and you’ll see why mobile devices are a prime target for cybercriminals.

Here in India, Check Point’s Threat Intelligence reports that an organization in India has been attacked on average 1742 times per week in the last 6 months, compared to 1167 attacks globally, with 4.9% of malware attacks via mobile (Global 1.8%).

Despite this, many corporate cybersecurity strategies focus only on traditional endpoints like laptops. Do you know if all the mobile devices in your organization are safe from malware? Perhaps you have Mobile Device Management (MDM) and think that’s enough? Unfortunately, MDM does not provide intrusion detection or scan for malware. And with the mobile threat landscape constantly evolving, it’s never been more critical to have a robust solution. Let’s look at the current landscape and what you need to know to stay protected in 2022. 

Thriving spyware marketplace

The current mobile malware landscape is a minefield with more vulnerabilities and deployed spyware software. In our last security report, we noted that NSO Group’s notorious spyware, Pegasus, was wreaking havoc after it was discovered gaining access to the mobile devices of government officials and human rights activists. Unfortunately, 2022 was no different, with Pegasus found to have compromised the devices of Finland’s Ministry of Foreign Affairs, Spain’s Prime Minister, and multiple devices of UK officials.

In July, Apple introduced a ‘lockdown mode’ for its devices to protect against Pegasus hacks. Even though this mode will increase the security of the users who will use it, it will significantly reduce the user experience and limit iPhones’ functionality. However, while Pegasus is one of the most powerful tools currently on the market, the surveillance vendor ecosystem has also become more competitive. For example, Predator, spyware produced by commercial surveillance company Cytrox, infected iPhones towards the end of 2021 via single-click links sent over WhatsApp. As of today, the reach of these tools, let alone their mechanisms, is not yet fully understood by the cyber community despite extensive research efforts.

ADVERTISEMENT

Zero Click Attacks

In terms of techniques, this year, we have seen a surge in discovered  Zero click attacks. As the name suggests, these attacks require no input from the victim before deploying malware. This is because they exploit existing vulnerabilities in already installed apps, allowing threat actors to sneak past verification systems and begin their attack unnoticed. This technique mainly focuses on applications that accept and process data, for example, instant messaging and email platforms. 

We saw this in April when a new zero click iMessage exploit leveraged to install Pegasus on iPhones was discovered, running on some early iOS versions. HOMAGE’s exploit was used in a campaign against Catalan officials, journalists, and activists.

It’s important to emphasize that this technique isn’t just a threat to world leaders but everyday people and organizations. Our phones are hubs of confidential data, both personal data such as banking information and business data, with many employees now connected to their company’s networks and data via their mobiles, which multiplied over the pandemic with thousands working from home. Cybercriminals utilize this silent and persistent practice to gain as much access as possible.

Smishing attacks on the rise

In addition to Zero Click attacks, we have also observed a continuous uplift in the spreading technique known as “Smishing” (SMS Phishing), which uses SMS messages as the attack vector for malware distribution. These attempts often imitate trusted brands or personal contacts to entice the victim to click on a link or share personal details in confidence. This method has proven particularly successful as after one device has been compromised, its entire contact list is up for grabs, creating an endless cycle of possible victims. 

This is how the infamous Flubot was commonly deployed. Since its emergence in December 2020, it has been considered the fastest-growing Android botnet ever. The group is known to be particularly innovative and has claimed tens of thousands of victims, continuously seeking to improve its variants. As such, in June, an international law enforcement operation involving 11 countries led to its infrastructure being taken down and rendering the malware inactive.

Evidently, Flubot’s position could not remain vacant for too long, as a new Android malware operation called MaliBot emerged in the wild soon after. MaliBot is targeting online banking and cryptocurrency wallets in Spain and Italy, looking to replicate the success of its predecessor. At the time of writing, MaliBot is already the third most prevalent mobile malware worldwide, despite being so new, with AlienBot taking the top spot.

Safety on the App Store?

Many users turn to application stores to help keep their devices secure; unfortunately, some apps claim to help manage security risks but often contain malware themselves. The most secured stores like Google Play Store and Apple App Store have thorough review processes to investigate candidate applications before they are uploaded and are held to high-security standards once they are admitted onto the platforms. A recent report stated that throughout 2021, Google blocked 1.2 million suspicious applications, and Apple blocked 1.6 million. Resourceful cybercriminals continually try to bypass these security measures with different tactics, such as manipulating their code to pass through the filters or introducing initially benign applications and adding malicious elements later.

So, it’s unsurprising to still find malicious applications in these stores. These platforms remain the main infection vectors in mobile threats. For example, Check Point researchers recently analyzed suspicious applications on the Google Play Store and found a few of them masquerading as genuine Anti-Virus solutions, while in reality, once downloaded, the apps installed an Android Stealer called SharkBot, which steals credentials and banking information. And in February, an Android banking Trojan called Xenomorph was spotted lurking behind a fake productivity application on the Google Play Store. There were over 50,000 downloads.

It must also be noted that due to the pandemic fueling increased use of mobiles over the last two years, leveraging mobile phones for work suddenly became the new normal for many users and enterprises, which meant targeting mobile devices also became the new normal for cybercriminals. Unfortunately, the general awareness of the users of mobile phones with regards to cybersecurity attacks is much lower, and even though many of them have started leveraging their personal or work-provided mobiles for work purposes, many still do not view it as a sensitive corporate environment, being less careful of malicious emails or links they receive. 

Unfortunately, the threat landscape is evolving rapidly. Mobile malware is a significant danger to personal and enterprise security, especially as mobile devices are vulnerable to several attack vectors, from the application to the network and OS layers. Organizations should also be looking to instill proactive strategies to keep staff and corporate data safe from a potential attack to combat this risk. This must be a continuous journey as cybercriminals are relentlessly adapting and improving their tactics.

For mobile users themselves, we recommend additional safety measures such as downloading applications only from certified Google and Apple stores, and even while downloading them there – review the recommendations, and the number of downloads of a particular application, to verify that the application is legitimate. Mobile users should adopt on their mobile phones the same rules they have as on their desktop devices, such as not clicking on links from unknown senders, whether it comes via email, SMS message, or messaging applications, and not downloading files from untrusted sources.

For some businesses, it may be beneficial to employ the help of tools that fortify endpoint resilience and secure remote users. Check Point Harmony, for instance, uses real-time threat intelligence to actively guard against zero-day phishing campaigns and URL filtering to block access to known malicious websites from any browser. It also enforces conditional access, ensuring that if any device does become infected, it will be unable to access corporate applications and data. Harmony Mobile achieves all of this – and more – without disrupting employees or hampering their productivity.

Also Read: Banking-as-a-Service (BaaS) Will Hit Mainstream Adoption Within Two Years

Sundar Balasubramanian

Sundar Balasubramanian

Managing Director at Check Point India & SAARC. www.checkpoint.com

Related Posts

Business

Ericsson Strengthens ASIC Development in India with Major R&D Expansion

June 27, 2025
Osaka Sakai Data Center
Technology

HPE and KDDI Partner to Launch Osaka Sakai Data Center for AI Innovation by 2026

June 26, 2025
Tata Hackathon
Technology

Tata Technologies with AWS to Launch Engineering Hackathon Focused on Smart Mobility Innovations

June 26, 2025
Fujitsu
Press Release

Fujitsu’s Uvance Wayfinders consulting empowers customers to evolve business foundations leveraging data and AI

June 26, 2025
HCLTech AMD
Technology

HCLTech and AMD Unite for Next-Generation Technology Solutions across AI, digital and cloud

June 25, 2025
Infosys
Business

Infosys Announces Strategic Collaboration with Zoetis to Enhance IT Operations

June 25, 2025
Tech Mahindra Security
Cyber Security

Tech Mahindra Launches Managed Services for Cisco Multicloud Defense to Enhance Cloud Security

June 24, 2025
Toshiba
Business

Toshiba Begins Sample Shipments of its Smart Motor Control Driver “SmartMCD” Series

June 24, 2025
Load More
ADVERTISEMENT

Latest Updates

Ericsson Strengthens ASIC Development in India with Major R&D Expansion

by News Desk
1 day ago

Osaka Sakai Data Center

HPE and KDDI Partner to Launch Osaka Sakai Data Center for AI Innovation by 2026

by Deepa Sharma
2 days ago

Tata Hackathon

Tata Technologies with AWS to Launch Engineering Hackathon Focused on Smart Mobility Innovations

by News Desk
2 days ago

Fujitsu

Fujitsu’s Uvance Wayfinders consulting empowers customers to evolve business foundations leveraging data and AI

by News Desk
2 days ago

HCLTech AMD

HCLTech and AMD Unite for Next-Generation Technology Solutions across AI, digital and cloud

by Deepa Sharma
3 days ago

Infosys

Infosys Announces Strategic Collaboration with Zoetis to Enhance IT Operations

by News Desk
3 days ago

Expert Views

Opinion

When AI Empowers Both Networks and Hackers: The New Battlefield for India’s Telecoms

May 20, 2025
Molly Sands AI
AI

AI RIP: 5 Things Knowledge Workers Will Say ‘Sayonara’ to in the Next Decade

March 8, 2025
multi cloud
Cloud

Multi-Cloud Made Simple: Strategies for Smart Business Management

March 5, 2025
Soft Skills
Opinion

Soft Skills and Technical Know-How: A Winning Combination in the Tech Industry

March 4, 2025
Digital Freedom
Cyber Security

Your Data, Their Gold: The Silent Battle for Digital Freedom

February 25, 2025

Get Latest Update

Subscribe to our mailing list to receives newsletter direct to your inbox!

ADVERTISEMENT

Leaders Interviews

Steve Wilson, GenAI Cybersecurity LLMs
Cyber Security

How effective is GenAI in cybersecurity? The role of LLMs and AI in security solutions. [Interview with Steve Wilson]

-
Interview on Counterfeit products with Nikhil Narayan
Leaders Talk

Advancements in ML & AI made it possible to detect counterfeit products in real-time, says Nikhil Narayan

-
Newgenone bridges the gap between business users and IT teams with its low code capability: Varun Goswami
Leaders Talk

Newgenone bridges the gap between business users and IT teams with its low code capability: Varun Goswami

-
AI chatbots, Prasanna-Kumar
Leaders Talk

Can AI chatbots enhance customer experience and reduce the cost of serving customers?

-

Entrepreneur

Samsung Electronics appoints its first female president

Inspiring Women Entrepreneurs in India (2022)

Technology Adoption For Entrepreneurs

Volunteering management is the need of the Hour

CXOVoice.com is a leading online publication for CXOs, entrepreneurs, senior leaders, developers, and industry professionals. Our coverage spans key sectors, including IT, technology, banking, finance, cybersecurity, engineering, and automobiles.

Connect with us

Easy Links

  • Cryptocurrency
  • Event
  • Blockchain
  • Press Release
  • Resources & Downloads

Write Us

[email protected]
  • Home
  • About Us
  • Contact Us
  • Advertise
  • Privacy & Policy
  • Feedback

Copyright © 2025 CXOVoice - All Right Reserved

Welcome Back!

Login to your account below

Forgotten Password?

Retrieve your password

Please enter your username or email address to reset your password.

Log In

Add New Playlist

Our Spring Sale Has Started

You can see how this popup was set up in our step-by-step guide: https://wppopupmaker.com/guides/auto-opening-announcement-popups/

No Result
View All Result
  • Home
  • Technology
    • AI
    • Cloud
    • Telecom
    • Data Center
    • BPM
    • Blockchain
  • Finance
    • Banking
  • Cyber Security
  • View Points
  • Leaders Talk
  • News
  • Press Release
    • Submit Press Release

Copyright © 2025 CXOVoice - All Right Reserved