Australian telcos and policymakers alike are increasingly displaying a keen interest in the number of outdated mobile handsets in use in the population.
The reason for this is that a sizeable number of mobile users are about to be left behind by the steady march of technology advancement. More specifically, when 3G networks are switched off this year, more than one million phones will be unable to place emergency calls.
The example is symptomatic of the broader challenge faced by governments and industry in supporting mobile customers – that is, the critical unforeseen risks posed by older devices remaining in circulation.
When consumers make decisions about whether to keep using an older handset, the determining factor cannot simply be, ‘Is it still functional?’ Other factors need to also be taken into account, and arguably afforded greater weighting in the decision. A key one is whether the device is still supported for operating system updates and security patches. However, it’s clear this is not always a consideration. Threat actors know this and have an ever-increasing number of outdated devices they can target.
This situation is very much mimicking what’s happening with personal computing. One thing we constantly observe with end-user client computing is the consistently high number of Windows XP infections, despite the fact that this version of the operating system reached its end-of-life in 2014. Older computers continue to be used, even though the software on them cannot be patched or updated, particularly in the critical infrastructure, medical and manufacturing industries.
The same scenario is now being observed with Android devices. At one point, due to the fragmentation and rapid pace of development of Android operating systems, it was estimated that over a billion Android-based devices ran outdated software. And while that figure is itself now a bit dated, more recent experiences – ours and others – show that outdated, insecure devices remain as problematic as ever.
Three-quarters of all mobile devices run on Android, and the growing proportion of devices that are out of support and considered insecure presents a considerable attack surface for threat actors.
These threat groups are creating malicious software – such as viruses, Trojans, ransomware, spyware, and adware – designed to target outdated Android devices through multiple vectors, such as app downloads, malicious websites, phishing attacks, and even system vulnerabilities.
This poses a significant threat to users’ privacy, security, and data integrity, and needs to be countered with specific action on the consumer side.
Malware Currently Being Used to Hit Dated Devices
The Rafel remote administration tool (RAT) is an example of the kind of threats being used to target older OS Android devices.
After collecting multiple malware samples from this Android RAT, an analysis of victims shows that Australia and New Zealand are among the countries being targeted, although the number of victims was higher in the United States of America, China, and Indonesia.
The majority of victims had Samsung phones, with Xiaomi, Vivo, and Huawei users comprising the second-largest group among the targeted victims. This corresponds to the popularity of the devices in various markets.
An important data point is the distribution of Android versions among the most affected victims. More than 87% of victims of campaigns using the Rafel RAT so far are running Android versions that are no longer supported and, consequently, not receiving security fixes. Android 11 is the most prevalent, followed by versions 8 and 5. Android 11 became unsupported in early February of this year; Android 8 in October 2021 and Android 5 in 2016.
Despite the variety of Android versions, malware can generally operate across all. However, newer versions of the operating system typically present more challenges for malware to execute its functions or require more actions from the victim to be effective.
Prioritising Multi-layered Mobile Security
The prevalence of Rafel RAT highlights the need for continual vigilance and proactive security measures to safeguard Android devices against malicious exploitation. As attackers continue to use techniques and tools such as Rafel RAT to compromise user privacy, steal sensitive data, and perpetrate financial fraud, a multi-layered approach to mobile security is essential.
A key way that all device users, but particularly those with older handsets, can protect themselves against mobile malware is by installing a reputable mobile security app that offers real-time protection.
These apps can scan for malicious software, detect suspicious activity, and provide additional security features like anti-theft measures and safe browsing. They are designed to prevent malware from infiltrating mobile devices by detecting and blocking the download of malicious apps in real-time.
Users of Android devices can also reduce the security risks they face by practising good cyber security hygiene when it comes to software currency and app downloads. If possible, the Android operating system and apps should be regularly updated. Updates often include security patches that protect against newly discovered vulnerabilities. Users should enable automatic updates to ensure they receive the latest protections without delay.
Additionally, users should also only download and install apps from reputable sources like the Google Play Store. To avoid malware-infected apps, it is best to avoid third-party app stores, be cautious with apps that have few downloads or poor reviews, and to always check app permissions and reviews before installing anything new.
