14 DAY TRIAL // Legitimate mobile surveillance kits, generally promoted as solutions for monitoring children, have been discovered on mobile phones of corporate employees, posing a risk to enterprise information of being exposed to unauthorized individuals.
The spying tools are known under the name of mobile remote access Trojans (mRATs) and although their use is legal, their capabilities can also cater nefarious activities if wielded by an attacker, especially when they are available on devices used for business purposes.
mRATs require administrative privileges and they can track the location of the user, log activity on the device by intercepting keystrokes or taking snapshots, as well as access data such as emails, texts or contacts. Furthermore, some brands can activate the built-in microphone.
900,000 mobile devices were monitored
In a recent study carried out by Lacoon Mobile Security in cooperation with Check Point, 18 different mRATs were discovered to connect to the corporate WiFi and communicate with the command and control (C&C) server.
Since most mRATs are available for both Android and iOS, the researchers sampled devices running on both platforms, 500,000 on Android and 400,000 on iOS.
Out of 900,000 phones monitored by the two companies based on mRAT detection signatures provided by Lacoon to Check Point firewall installed at participating companies, about 1,000 of them had this type of spyware installed.
Broken per platform, the results showed that in 60% of the cases the spyware was present on Android and 40% in the case of iOS.
Bosses could use spyware to track employee activity
Installing an mRAT usually requires physical access to the device for a short period of time, but they can also be added without the victim being aware, by posing as an app the user wants.
The findings of the study do not necessarily mean that all these devices were infected, since upper management could have them added to company devices in order to track activity of key employees.
On the other hand, it does show that they are present in enterprise environments and an attacker could leverage them against companies.
Among the spying software detected during the survey there is Mspy, Sp2Mobile, Bosspy, Mobile Spy, Shadow Copy, My Mobile Watchdog, MobiSteath and TalkLog; the first two had the largest prevalence at the companies observed for the study.
According to the report from Lacoon, the top ten countries with mRAT infections in large enterprises (over 2,000 phones) is led by Austria, followed by the United States and Mexico.