Mobile Malware: Beware Drive-by Downloads on Your Smartphone
While Jeff Schmidt, the CEO of JAS Global Advisors, was surfing the Web on his new Android smartphone (his first Android phone) earlier this year, what appeared to be an ad popped up on his screen. The "ad" looked like the prompt that appears when his phone rings. He clicked the button on the ad to pick up the putative call, and the ad began downloading a binary file--malware--onto his Android phone. Schmidt had been hit by a drive-by download, a program that automatically installs malicious software on end-users' computers--and increasingly, smartphones--without them knowing.
"I'm a pretty paranoid and sophisticated user," says Schmidt, whose firm provides information security and risk management services. "I didn't think I'd be vulnerable to this sort of thing, but because I wasn't familiar with the user interface, I clicked on the ad. It really surprised me."
Fortunately, Schmidt halted the download when he realized what was going on and caught it before anything bad happened to his phone. He's not sure what the malware would have installed on his phone, but he suspects it could have been some kind of spyware, such as a keystroke logger, or some other application that would turn his computer into a spam-mailing bot or otherwise compromise his security and privacy.