What is Mobile Malware?

Kurt Baker - November 3, 2023

Mobile Malware Definition

Mobile malware is malicious software specifically designed to target mobile devices, such as smartphones and tablets, with the goal of gaining access to private data.

Although mobile malware is not currently as pervasive as malware that attacks traditional workstations, it’s a growing threat because many companies now allow employees to access corporate networks using their personal devices, potentially bringing unknown threats into the environment.

Recent years have seen many Android mobile security issues, but Apple isn’t immune to mobile data security malware either.

Types of Mobile Malware

Cybercriminals use various tactics to infect mobile devices. If you’re focused on improving your mobile malware protection, it’s important to understand the different types of mobile malware threats. Here are some of the most common types:

  • Remote Access Tools (RATs) offer extensive access to data from infected victim devices and are often used for intelligence collection. RATs can typically access information such as installed applications, call history, address books, web browsing history, and sms data. RATs may also be used to send SMS messages, enable device cameras, and log GPS data.
  • Bank trojans are often disguised as legitimate applications and seek to compromise users who conduct their banking business — including money transfers and bill payments — from their mobile devices. This type of trojan aims to steal financial login and password details.
  • Ransomware is a type of malware used to lock out a user from their device and demand a “ransom” payment — usually in untraceable Bitcoin. Once the victim pays the ransom, access codes are provided to allow them to unlock their mobile device.
  • Cryptomining Malware enables attackers to covertly execute calculations on a victim’s device – allowing them to generate cryptocurrency. Cryptomining is often conducted through Trojan code that is hidden in legitimate-looking apps.
  • Advertising Click Fraud is a type of malware that allows an attacker to hijack a device to generate income through fake ad clicks.

Mobile Malware Threat Landscape

Tune in with CrowdStrike experts as they explore the mobile threat landscape and expose malicious adversaries and their tradecraft.

Download Report

Mobile Malware Distribution Methods

red keyboard with malware icon

The personal devices that employees use for work create unguarded endpoints in the corporate environment. While employees using their own devices can lower costs and improve efficiency and effectiveness, it also creates security concerns for the company network and the data stored on it. One breach through a personal device can potentially lead to widespread infection and a catastrophic large-scale data loss. 

There are a few common ways that attackers rely on to distribute to distribute their malicious code:

1. Mobile Phishing and Spoofing

Phishing is the practice of tricking someone into providing their valuable account or personal information – often through spoofing. Spoofing is the practice of disguising electronic communication or websites as a trusted entity of the victim. While spoofing and phishing often go hand in hand, spoofing can be used for other nefarious goals beyond phishing for account information. For example, a spoofed email may try to convince the recipient to click a malicious.

2024 CrowdStrike Global Threat Report

The 2024 Global Threat Report unveils an alarming rise in covert activity and a cyber threat landscape dominated by stealth. Data theft, cloud breaches, and malware-free attacks are on the rise. Read about how adversaries continue to adapt despite advancements in detection technology.

Download Now

While phishing has traditionally focused on acquiring credentials through email, phishing via sms messages (smshishing) and messaging apps have become much more prevalent. In fact, 57% of organizations have specifically experienced a mobile phishing attack. This shouldn’t be too surprising when you consider the fact that people are 18 times more likely to click a suspicious link on a mobile device then they are on desktop.

One popular method for tricking victims into installing malware is to send them links via an SMS spoof to Android Package (APK) files hosted on attacker-controlled websites. For example, victims might be prompted to click an sms link to a spoofed banking site designed to look trustworthy and convince the victim to “update your banking app”. The update would then install the malicious code, thereby allowing the attacker to gain access and collect credentials.

2. Jailbroken/Rooted Devices

Rooting or jailbreaking a device simply means that you have bypassed the internal protections and have unrestricted control of the operating system. Those who jailbreak their phones often do so to download third-party apps that are not approved by their operating system, or make customizations to their phones that are not possible with the default protections.

While jailbreaking and rooting may open up a world of freedoms and customizations, it also puts devices at a greater risk of a malicious attack. For organizations that operate in a Bring-Your-Own-Device (BYOD) environment, an employee’s jailbroken or rooted device could leave its network unknowingly exposed to a breach. 

All it takes is just one jailbroken/rooted device, lacking the basic default protections, to give attackers the opening they need to obtain account credentials, intercept sensitive company data, or open your network to a malware intrusion.

Visibility into Distribution Methods is Key

Your ability to protect your network from mobile malware relies heavily on your visibility into the distribution methods above. If you can detect jailbroken or rooted devices, and identify devices encountering mobile phishing attempts, you’ll be much more effective at cutting off opportunities for attackers distribute mobile malware.

CrowdStrike’s new Falcon for Mobile™ takes a visibility-first approach to mobile endpoint security, giving organizations deeper insight into potential mobile threats. With real-time visibility into IP addresses, device settings, WIFI and bluetooth connections, and operating system information, Falcon for Mobile offers enhanced monitoring of mobile device activity.

Watch the video below for a quick overview on the capabilities of Falcon For Mobile:

To learn more about the new Falcon for Mobile Endpoint Detection and Response solution, visit the resources below:

Falcon for Mobile Page Falcon for Mobile Data Sheet


Kurt Baker is the senior director of product marketing for Falcon Intelligence at CrowdStrike. He has over 25 years of experience in senior leadership positions, specializing in emerging software companies. He has expertise in cyber threat intelligence, security analytics, security management and advanced threat protection. Prior to joining CrowdStrike, Baker worked in technical roles at Tripwire and had co-founded startups in markets ranging from enterprise security solutions to mobile devices. He holds a bachelor of arts degree from the University of Washington and is now based in Boston, Massachusetts.