Europol, the law enforcement agency dedicated to protecting the interests of the European Union, has warned that "complex" mobile malware is on the rise and can easily be exploited by hackers to steal money, snoop on browsing activities or turn devices into 'bots'.
To raise awareness among smartphone users about these dangers, Europol's European Cybercrime Centre (EC3) launched a campaign called Mobile Malware Awareness and – alongside a number of cybersecurity firms – has been posting advice to social media under the hashtag #MobileMalware.
Europol said it had enlisted the help of 22 EU member states, three non-EU countries, two EU agencies and "numerous public and private partners" to speak out about the dangers of sophisticated malware that can attack smartphones and tablets.
"Law enforcement and our industry partners continue to report the proliferation of mobile malware, which is now as complex as PC malware," said Rob Wainwright, director of Europol, in a statement, adding that if users start to report mobile cyberattacks it will help to combat the threat.
He continued: "We need to send an awareness message to citizens and business, and this global campaign is the first step to create a common alliance between public and private sectors within the EU and beyond".
In the agency's latest 'Internet Organised Crime Threat Assessment', released this year, mobile malware featured in law enforcement investigations across 14 European countries. Europol said this is a "clear indication" that this form of attack is finally being taken seriously in criminal probes.
"As mobile devices increasingly operate less as simple phones and more as mobile computers, the nature and complexity of malware attacking mobile devices and the methods of infecting those devices are beginning to more closely mirror those of 'conventional' desktop malware," the report found.
While most of the headline-grabbing hacks largely revolve around alleged nation state cybercrime activity – from the WikiLeaks disclosures to the infiltration of the World Anti-Doping Agency (Wada) – the general public is more likely to be hit with financial fraud attacks, malvertising or phishing.
There have been a number of notable pieces of mobile malware exposed by security researchers in recent years. One major strain, dubbed Pegasus, was a form of spyware that could turn on the devices' camera, intercept text messages and alter existing applications.
Meanwhile, a different strain called YiSpecter was uncovered by Palo Alto Networks in 2015 that specifically targeted non-jailbroken iOS devices. It could launch apps, replace existing apps, display adware and upload device information straight to the hacker's command and control server.
According to mobile cybersecurity firm Lookout, the developers of malicious software will "always find creative ways" to infect devices to steal sensitive data. In a blog post, it advised users to only download applications from official app stores, be aware of the signs of phishing scams and keep all mobile devices up-to-date with the latest security upgrades.