How can users identify state-sponsored malware remotely installed on mobile devices? Is there any way to trace...
where the malware originated from and attribute the source of the state-sponsored attack?
Enterprises have many different options for managing endpoints remotely -- including using tools -- and performing forensics to identify the origins of malware on an infected system. Some of these same enterprise tools can be used by regular users to inspect their devices for malware. Many times, though, enterprise tools have steep prices and require significant expertise to be operated correctly. These requirements make some tools unavailable to individual users, but most end users could use mobile antimalware tools for Android or iOS from standard antimalware vendors.
But there have been concerns that commercial vendors are unable to detect sophisticated state-sponsored attacks. Users could identify state-sponsored malware installed on mobile devices using the DETEKT tool. If any malware is detected, the safest option is to reinstall the operating system from "known good" backups or installation media. Users could trace where the malware originated from by looking through browser history, but would require significant technical expertise to get a more in-depth sense of where the malware originated. Generally, it is difficult for even well-equipped enterprises to definitively attribute a suspected state-sponsored attack or type of malware.
If you or someone you know thinks they are being targeted by a state-sponsored attack, they should proactively protect themselves by following the instructions from the EFF Surveillance Self-Defense project. The same steps should be taken for any computer or device used to connect to the Internet or store your data.
Learn more about why it took so long to discover the Regin malware
Dig Deeper on Mobile security threats and prevention
Related Q&A from Nick Lewis
A new remote access Trojan called UBoatRAT was found spreading via Google services and GitHub. Learn how spotting command-and-control systems can ... Continue Reading
CyberArk researchers created an attack called Golden SAML that uses Mimikatz techniques and applied it to a federated environment. Learn more about ... Continue Reading
The use of botnets to spread Scarab ransomware intensifies the threat for enterprises. Discover the best way to respond to such a threat and protect ... Continue Reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.