“It is as easy to send malware on WhatsApp as it is via other mediums,” Venugopal N, Director of Security Engineering at Check Point Software Technologies told indianexpress.com in an interaction, adding that in the case of Jeff Bezos, it was a zero vulnerability. He also revealed that there has been an increase of 50 per cent in banking mobile malware attacks overall, including in India, that can potentially steal a user’s financial data and even funds from their bank accounts.
Venugopal shared more insights on what exactly happened in the Bezos case, the rise of banking malware and potential threats as well as what users can do to stay safe. Excerpts from the interaction:
Has there been an increase in mobile malware? In India, which ones are the most common?
Malware attacks on mobile phones have definitely increased. Last year, we saw an increase of 50 per cent in mobile banking malware, like, Banker. According to our threat intelligence sources, more than 35 per cent of organisations in India have been impacted by a mobile attack in 2019.
In India, a lot of malware that we see tend to steal photographs, contact info on the mobile phone. And there’s adware that’s the most common type sitting on your phone and generating ads to make money for someone else. There is also malware that are able to launch surveillance on your phone, look at your GPS location and steal your personal data as well but that’s not as prevalent in India.
What can banking mobile malware potentially do?
Banking malware is widespread and what we have also seen is that its sophistication is increasing. It can potentially steal your financial data if you are using your mobile phone to make payments, steal your credentials and even funds from bank accounts.
We are also talking credential theft and surveillance operations which means that somebody can really monitor your GPS location or take control of your microphone on your phone without the user actually knowing something like this is actually happening. Then, of course, we have contact information on our phones that can also be rummaged through this attack.
How vulnerable is WhatsApp? What happened in the Jeff Bezos case?
It is as easy to send malware on WhatsApp as it is via other mediums as well. But WhatsApp has actively patched a lot of vulnerabilities in the recent past and they are doing it on a regular basis.
If you look at WhatsApp, there are about 65 billion messages that are sent on the app every day. Encryption to a large extent helps as it is designed in such a way that only the person to whom you are communicating can read the message and nobody in between.
But what we’ve seen in the recent past is the fact that there are often new vulnerabilities that are exploited. That’s what happened in the Jeff Bezos case as well. It was a zero vulnerability. In this particular case, while the message was sent on WhatsApp, it was a video file that was sent and while opening the video file, the malware that was on the file was transmitted on the phone.
What can users do to ensure they do not install malware on phones via WhatsApp?
There are preventive measures that users need to keep in mind. When it comes to WhatsApp, first and foremost is clean up all the logged-in computers from WhatsApp. The second thing is, do not open suspicious files and links from unknown users blindly. If you are not confident about a link, simply do not open it.
What are the best security practices that mobile users can adopt?
The most important thing is, give the same amount of importance to your mobile phone that you give to your laptop. Have a security solution in place.
Do not download apps from third-party app stores. While even the App Store and Play Store also tend to have malware, we know we are cutting down on 50 per cent of the problems if you do not connect to the Internet and download apps.
Do not open each and every file, links if you do not know who the sender is. It could be a file on your messaging apps or emails. Finally, you also need to keep in mind what kind of Wi-Fi networks you connect to as man-in-the-middle attacks can be launched via Wi-Fi networks. Avoid connecting to public, free Wi-Fi networks.
How common is phishing through emails?
People also tend to use their emails on mobiles. So it’s not just browsing websites or downloading apps or getting malware over messaging apps. Phishing attacks through emails would be that somebody could launch a malware to the mailbox and that malware is active via the mailbox to the mobile as well.
One aspect is that you tend to open a link that comes in a mail and then you are taken to a particular website and asked to update your information. People are using that data to steal information about you. The most important thing is, try not to open all the mails if you know that some are spam mails. It is more about being educated to do something like this.
📣 The Indian Express is now on Telegram. Click here to join our channel (@indianexpress) and stay updated with the latest headlines