Cybereason Mobile Threat Alerts
As part of your Cybereason Mobile protection, you enable different threats detected by the Cybereason Mobile sensor. You also have the ability to alert users and perform automatic response for some threats.
In this topic:
Web content threats
Threat |
Description |
---|---|
Phishing |
Sites aimed to deceive a device user into submitting sensitive information through what appears to be a legitimate web form. |
App Data Leak: Credit Card |
App communication that contains a credit card number without encryption or with easily breakable encryption. |
Web Data Leak: Credit Card |
Browser-based communication that contains a credit card number without encryption or with easily breakable encryption. |
App Data Leak: Password |
App-based communication that contains a password without encryption or with easily breakable encryption. |
Web Data Leak: Password |
Browser-based communication over a network that contains a password without encryption or with easily breakable encryption. |
App Data Leak: Email |
App-based communication that contains an email address without encryption or with easily breakable encryption. |
App Data Leak: Location |
App-based communication that contains the device geo-location without encryption or with easily breakable encryption. |
App Data Leak: User Identity |
App-based communication that contains a service name without encryption or with easily breakable encryption. |
Web Data Leak: Email |
Browser-based communication over a network that contains an email address without encryption or with easily breakable encryption. |
Web Data Leak: Location |
Browser-based communication over a network that contains a device geo-location without encryption or with easily breakable encryption. |
Web Data Leak: User Identity |
Browser-based communication over a network that contains a service name without encryption or with easily breakable encryption. |
Malware Network Traffic |
Network access from apps to web services that are known to engage in malicious behavior. This includes behaviors such as downloading unauthorized software, disrupting device operations, or gathering sensitive information from a device. |
Cryptojacking |
Sites designed to take over a device and then mine cryptocurrency with the device. |
Spam |
Meaningless or unsolicited content sent for advertising, phishing, or spreading malware. |
Download from 3rd Party App Store |
Applications downloaded from third-party, unrecognized app stores instead of downloaded from the official app store for the device (such as the Apple App Store or the Google Play Store). |
App activity threats
Threat |
Description |
---|---|
Adware |
Malware that is aggressive in displaying ads, which has a negative effect on user productivity and device performance. |
Banker |
Malware that steals bank credentials from the device. |
Generic Malware |
Malicious applications that exhibit harmful behavior and disruption of normal device activity. |
Ransomware |
Malware that prohibits access to a device until the device user pays a ransom fee. |
Rooting |
Malware program that attempts to obtain escalated system privilege levels. |
SMS |
Malware program that accrues SMS-related charges. |
Spyware |
Malware program that monitors and collects information about the device and the device user. |
Trojan |
Malware program that gains unauthorized access to a device. |
Potentially Unwanted Application |
An application that you may not want that can cause damage to a device. |
Device Admin App Installed |
An unauthorized application with device admin privileges was installed on a device and poses a security threat to an organization. |
Sideloaded App Installed |
An app is installed outside the official app store channels, which means it has not undergone the normal quality checks and may be poorly written or malicious. |
Third Party App Stores Installed |
An application is installed on a device that can download and install other applications. This means this app store might distribute malicious applications. |
Network activity threats
Threat |
Description |
---|---|
Dangerous Certificate |
A third-party root certificate is installed which can compromise trusted SSL connections through enabling interception of encrypted communications. |
Man-in-the-Middle: Compromised Trust Store |
A device has been modified to trust unauthorized third-party certificates. |
Man-in-the-Middle: SSL Strip |
An intermediate server uses advanced techniques to appear to the device as a genuine service. |
Man-in-the-Middle: Targeted Certificate Spoof |
An intermediate server is trying to appear to the device as a genuine service. |
Risky Hotspots |
The device SSL traffic is intercepted but is using an untrusted certificate (which is common for paid hotspots). |
Device activity threats
Threat |
Description |
---|---|
Jailbreak |
A modification of the build of the operating system which removes original manufacturer limitations to open the device and leaves its data more vulnerable to attack. |
Vulnerable OS (Major) |
The use of an older version of the operating system on a device. This older version of the operating system is more vulnerable to known security exploits. |
Device encryption disabled |
For Android devices, the disabling of the setting for data encryption. This makes the device more susceptible to data exfiltration attacks. |
Lock screen disabled |
The disabling of the lock screen, which makes data encryption useless against physical attacks. |
Risky iOS Profile |
A device configuration that puts device and organization data at risk. |
Vulnerable OS (Minor) |
The use of an older version of the operating system on a device. This older version of the operating system is more vulnerable to known security exploits. |
Android Security Patches Missing |
The device is missing security patches for more than three months which makes the device much more vulnerable. |
Out-of-Date OS |
A version of the device operating system that does not contain the most recent fixes and security patches. |
Unknown Sources Enabled |
Applications can be installed from unknown sources. |
USB App Verification Disabled |
The setting to check apps installed through a USB device is disabled, which means the application is not checked for harmful behavior. |
Developer Mode Enabled |
The setting enabling Developer Mode on a device is enabled, which allows someone to install sideloaded apps or apps via a USB device. |
USB Debugging Enabled |
On Android devices, the setting to enable lower-level access to the device with a USB channel is enabled. |