How can users identify state-sponsored malware remotely installed on mobile devices? Is there any way to trace...
where the malware originated from and attribute the source of the state-sponsored attack?
Enterprises have many different options for managing endpoints remotely -- including using tools -- and performing forensics to identify the origins of malware on an infected system. Some of these same enterprise tools can be used by regular users to inspect their devices for malware. Many times, though, enterprise tools have steep prices and require significant expertise to be operated correctly. These requirements make some tools unavailable to individual users, but most end users could use mobile antimalware tools for Android or iOS from standard antimalware vendors.
But there have been concerns that commercial vendors are unable to detect sophisticated state-sponsored attacks. Users could identify state-sponsored malware installed on mobile devices using the DETEKT tool. If any malware is detected, the safest option is to reinstall the operating system from "known good" backups or installation media. Users could trace where the malware originated from by looking through browser history, but would require significant technical expertise to get a more in-depth sense of where the malware originated. Generally, it is difficult for even well-equipped enterprises to definitively attribute a suspected state-sponsored attack or type of malware.
If you or someone you know thinks they are being targeted by a state-sponsored attack, they should proactively protect themselves by following the instructions from the EFF Surveillance Self-Defense project. The same steps should be taken for any computer or device used to connect to the Internet or store your data.
Learn more about why it took so long to discover the Regin malware
Dig Deeper on Mobile security threats and prevention
Related Q&A from Nick Lewis
Researchers developed aIR-Jumper, an exploit that leverages lights within security cameras to extract data. Learn how this attack works and how to ...continue reading
The com.google.provision virus reportedly targets Android users, but little is known about it. Nick Lewis discusses the mystery threat and how Common...continue reading
A bug in Microsoft's Internet Explorer update exposes information that users enter into the browser's address bar. Learn more about the bug and URL ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.