Monday, October 9, 2023

Malware Scams: askST: How can I protect my phone from malware? Can I still shop online safely? 2023-10-09

×
askST: How can I protect my phone from malware? Can I still shop online safely? 
https://www.straitstimes.com/singapore/askst-how-can-i-protect-my-phone-from-malware-can-i-still-shop-online-safely

======
The Straits TimesSPH Media Limited
INSTALL

askST: How can I protect my phone from malware? Can I still shop online safely?

Experts said that Android users are commonly targeted by malware due to the open nature of the Android operating system. PHOTO: ST FILE

SINGAPORE – From mooncakes to fish and Peking duck, unsuspecting victims had contacted “sellers” of various goods and services on social media platforms and were instructed to download a third-party app.

The downloaded malware allowed scammers to access their victims’ banking apps, increase their credit limits and siphon their money, all within just hours.

The Straits Times spoke to cyber-security experts to understand how one can protect their phone from malware, and whether it is still possible to shop online safely.

Q: Why are Android phone users mostly targeted by malware?

A: These users are commonly targeted due to the open nature of the Android operating system (OS) and its large market share, said cyber-security experts.

Cyber-security firm Kaspersky’s south-east Asia general manager Yeo Siang Tiong said the openness of the Android OS allows apps to be created and uploaded freely. Anyone can download these apps onto their devices.

This open system allows cyber criminals to abuse the app marketplace to spread malicious apps.

Android phones also have a larger market share compared to Apple, making it a more attractive target for hackers to create and release malware, said Mr Yeo.

Get a round-up of the top stories to start your day

By signing up, you agree to our Privacy Policy and T&Cs.

According to analytics site StatCounter, the Android mobile operating system held the largest market share of 65.9 per cent in Singapore as of Sept 2023.

Q: Are Apple users safe from malware?

A: Apple controls what apps are available on its App Store, reducing the need for an antivirus, said Mr Yeo.

That said Apple’s iOS is also susceptible to malware.

Cyber-security expert Chester Wisniewski from security firm Sophos said cyber criminals can trick iOS device users into installing a certificate that grants the attacker permission to download third-party apps.

Q: What information can such malware capture?

Mr Yeo said cyber criminals can access personal information and keystrokes stored on the device once a system is infected with malware. This includes access to mobile banking apps, mobile wallets, emails and corresponding two-factor authentication (2FA) verification tools such as built-in camera for biometric verification.

He warned that cyber criminals can enable unauthorised transactions via the infected devices, or steal the data to complete fraudulent transactions at a later date. 

Q: How can you tell apart virus-laden apps from other legitimate virus-free apps?

A: Earlier ST reports had highlighted that victims were instructed to download third-party apps, which allowed crooks to take control of their victims’ phones.

Mr Yeo listed five ways to tell apart virus-laden apps from other legitimate virus-free ones:

  1. Check the app’s reviews and be wary of apps with low ratings or numerous user complaints.
  2. Check the app’s release date and number of downloads.
  3. Check the app’s update frequency. If an app is updated too frequently, that may potentially point to a significant number of security vulnerabilities. 
  4. Check the app’s icon. Do not be deceived by distorted and lower quality versions of icons mimicking popular app icons.
  5. Read the permissions agreement before downloading the app. Virus-laden apps could request access to much more information than necessary.

Q: What can I do to protect my phone from malware?

A: The best way to safeguard yourself from a malware attack is by using a comprehensive antivirus, said Mr Yeo. Users should also keep their device’s OS and other third-party software updated. They can also follow these steps to protect their phone from malware:

  1. Install antivirus on their mobile devices.
  2. Only download apps from trusted sites. 
  3. Check developer descriptions, ensure that apps are highly ranked, rated and patched regularly. 
  4. Avoid clicking on unverified links. 
  5. Keep operating system and apps updated. 
  6. Be mindful when using free Wi-Fi.

Mr Wisniewski also warned that users should not load apps that come from outside the official Google Play store or Apple’s App Store, and be cautious if they require several permissions.

“Be suspicious of any apps requesting accessibility permissions or the ability to draw over your screen. These are all warning signs of remote control capabilities,” he said.

Q: What should I do after I download a virus-laden app?

A: Mr Yeo listed five steps users should take if they have downloaded a virus-laden app. They should:

  1. Put their phone into flight mode. This will stop all Internet-connected apps from running on their device.
  2. Look for the malicious app on the device and uninstall it.  
  3. Restart your phone and run an antivirus software to check for vulnerabilities. 
  4. Change your passwords and banking information where possible. 
  5. Report the third-party app to the relevant app stores.

Q: Can I still shop online safely?

A: Yes, you can still shop online safely, but be diligent and cautious of deals that sound too good to be true, cyber-security experts said.

Online shoppers should also be wary of anyone contacting them through secondary communication channels like WhatsApp, said Mr Wisniewski.

“These encrypted chat apps are intentionally used to spread scams and malware as they cannot be filtered by the service provider. The lures start on Facebook but move to an encrypted connection so that their dangerous links and downloads cannot be filtered out to protect you,” he added.

Mr Yeo added that online shoppers should not click unverified links or download apps from suspicious sites or sources. They should also have a bank card and email address used solely for online shopping to minimize the impact in the event they are exposed to malicious emails disguised as sales promotions or are scammed.

Read the full story for $0.99/month

Save more than 90% on your subscription and get over 500 subscriber-only articles every month.

Unlock these benefits

  • Get subscriber-only articles on ST Web and app

  • Easy access on up to 4 devices

  • 2-week e-paper archive to ensure you never miss out on news that matters to you

Join ST's WhatsApp Channel and get the latest news and must-reads.

No comments:

Post a Comment