Mobile malware awareness still lacking in Latin America, says McAfee

Thursday, August 11, 2011

Latin American smartphone users are still lagging those in developed nations as regards their awareness and measures taken to prevent attacks from malware, Carlos Castillo, malware researcher for McAfee Labs Latin America, told BNamericas.

Speaking on the sidelines of the Segurinfo technology security conference held in Santiago, Chile, Castillo said the perception that cyber attacks do not affect mobile phone users as much as traditional internet users is nonetheless a global trend.

Castillo said that hackers and cyber attackers are taking advantage of the fact that smartphone use is a fast growing and relatively new phenomenon and users have their guard down.

Start your 15 day free trial now!


Already a subscriber? Please, login

"People think that cell phones cannot be infected by viruses. They are accustomed to Windows, Linux and Mac. But mobile phones are being infected and attacked and you have to protect them," he said.

The executive presented a slide showing the results of a survey of executives that illustrated that 56% of those surveyed believed BlackBerry was a secure operating system, while 31% said the same for Apple's iOS and only 27% for Google Android.

The fast growing and popular Android OS is widely recognized to be lacking in security features, Castillo said.

"Amongst the different platforms Android has open source characteristics and does not have security polices as strict as the iPhone or BlackBerry and so is more exposed to malware. Due to the way its applications are developed, there are tools that can modify these applications and add malware," Castillo said.

"That said, other platforms are also vulnerable and malware can still be installed on them," he added.


One of the first emblematic mobile malware attacks was Skulls, dating back to 2004 - a malicious file that replaces all the system applications installed with non-functional versions.

More recent malware worth mentioning include: the Android Drad bot, a malicious application that comes bundled in legitimate applications distributed by third-party app stores; the Android Zeus banking trojan which is designed to steal people's financial data; the Android Nickispy, a trojan that records the user's telephone call conversations and also monitors the user's location and sends SMS to premium numbers; and the Droid Dream, a malicious code that is launched with applications that can steal and send sensitive information.


Anti-virus technology tools for mobile devices are available and can also make backup copies of data and remotely wipe information from a stolen device.

But technology is not the only solution to security threats as the mobile revolution takes off.

As progressively more employees wish to bring their personal devices to work and use them to access sensitive company information, CIOs have an increasingly complex task managing those devices.

Again, technology tools exist to aid that task but much can be done to reduce attacks by implementing clearer policies and educating users in how to reduce the risk of attacks.

"Technology in itself does not provide protection. It's more to do with creating awareness among users, which are the weakest link in the security equation," Castillo said. "It means not being tricked, not clicking on certain links, not downloading apps directly from a browser, as well as implementing policies and making users aware of them."

A recent study showed that 43% of companies had a moderate awareness of the notion of implementing such policies and 27% had no knowledge whatsoever, he said during the conference.