How can users identify state-sponsored malware remotely installed on mobile devices? Is there any way to trace where the malware originated from and attribute the source of the state-sponsored attack?
Enterprises have many different options for managing endpoints remotely -- including using tools -- and performing forensics to identify the origins of malware on an infected system. Some of these same enterprise tools can be used by regular users to inspect their devices for malware. Many times, though, enterprise tools have steep prices and require significant expertise to be operated correctly. These requirements make some tools unavailable to individual users, but most end users could use mobile antimalware tools for Android or iOS from standard antimalware vendors.
But there have been concerns that commercial vendors are unable to detect sophisticated state-sponsored attacks. Users could identify state-sponsored malware installed on mobile devices using the DETEKT tool. If any malware is detected, the safest option is to reinstall the operating system from "known good" backups or installation media. Users could trace where the malware originated from by looking through browser history, but would require significant technical expertise to get a more in-depth sense of where the malware originated. Generally, it is difficult for even well-equipped enterprises to definitively attribute a suspected state-sponsored attack or type of malware.
If you or someone you know thinks they are being targeted by a state-sponsored attack, they should proactively protect themselves by following the instructions from the EFF Surveillance Self-Defense project. The same steps should be taken for any computer or device used to connect to the Internet or store your data.
Learn more about why it took so long to discover the Regin malware
Dig Deeper on Mobile security threats and prevention
Related Q&A from Nick Lewis
Cloud penetration testing presents new challenges for information security teams. Here's how a playbook from the Cloud Security Alliance can help ... Continue Reading
Many cloud providers are tight-lipped about internal security control details. Learn how to evaluate cloud security providers with certifications and... Continue Reading
Enterprises new to the cloud can write new security policies from scratch, but others with broad cloud usage may need an update. Consider these ... Continue Reading