Mobile Office——SMS phishing

Mobile Office——SMS phishing

January 18, 2019 | Mina Hao

Case Analysis

This story starts from an SMS message and ends with financial loss, sounding just like an ordinary telecom fraud. But it is distinctive in that a malicious link and a web page that contains a trojan are leveraged, indicating that the attacker is quite tech-savvy. After the mobile phone is infected with the trojan, the hacker can listen for and intercept SMS verification codes in the background. By using such information and the user’s ID card number and bank account information previously collected, the perpetrator can sign up for the quick pay service.

Security Tips/Takeaways

  • Keep the mobile OS and apps latest to reduce vulnerabilities exploitable for trojan-containing pages.
  • Install security software on mobile phones.
  • Do not click any links in SMS messages.

Mobile Office——Jailbreak and Root

Case AnalysisCase Analysis

Rooting Android-powered devices and jailbreaking devices running the Apple iOS operating system are both for attaining the highest level of privileges. After a root or jailbreak, a malicious app can read, write, and delete whatever files on smartphones, listen for and intercept SMS messages and data traffic, and install other apps without the victim’s knowledge. Besides, such a phone is more vulnerable to trojans contained in web pages that it opens. Even worse, some trojans are capable of rooting devices by themselves.

Security Tips/Takeaways

  • ROOTNever jailbreak or root your devices if you are not a professional or just a hobbyist.
  • Install security software and install apps only from official app marketplaces.