Problem solve Get help with specific problems with your technologies, process and projects.

Can a state-sponsored attack on mobile devices be traced?

When it comes to state-sponsored attacks infecting mobile devices, do users have any chance of tracing the attack? Expert Nick Lewis offers some answers.

How can users identify state-sponsored malware remotely installed on mobile devices? Is there any way to trace where the malware originated from and attribute the source of the state-sponsored attack?

Enterprises have many different options for managing endpoints remotely -- including using tools -- and performing forensics to identify the origins of malware on an infected system. Some of these same enterprise tools can be used by regular users to inspect their devices for malware. Many times, though, enterprise tools have steep prices and require significant expertise to be operated correctly. These requirements make some tools unavailable to individual users, but most end users could use mobile antimalware tools for Android or iOS from standard antimalware vendors.

But there have been concerns that commercial vendors are unable to detect sophisticated state-sponsored attacks. Users could identify state-sponsored malware installed on mobile devices using the DETEKT tool. If any malware is detected, the safest option is to reinstall the operating system from "known good" backups or installation media. Users could trace where the malware originated from by looking through browser history, but would require significant technical expertise to get a more in-depth sense of where the malware originated. Generally, it is difficult for even well-equipped enterprises to definitively attribute a suspected state-sponsored attack or type of malware.

If you or someone you know thinks they are being targeted by a state-sponsored attack, they should proactively protect themselves by following the instructions from the EFF Surveillance Self-Defense project. The same steps should be taken for any computer or device used to connect to the Internet or store your data.

Next Steps

Read about the latest features of the Regin malware toolkit

Find out how .NET malware njRAT be detected and mitigated

Learn more about why it took so long to discover the Regin malware

This was last published in February 2016

Dig Deeper on Mobile security threats and prevention