BackStab technique helps criminals get their hands on your private data, via unprotected phone backups
A recent report from Palo Alto Networks describes an attack technique called BackStab where malware steals local mobile data backups and uploads them to a server under the attacker’s control.
This data is not taken from mobile devices per-se, but from computers where users create backups for their phones, or where software solutions create automatic backups of their phones whenever they connect it to their computer.
Because most mobile backup tools don’t employ encryption, this data can be cracked open and allow attackers access to sensitive information within minutes.
Things are worse than you’d think because the technique does not require the malware to have higher-level privileges or root access to the device or the infected computer.
At this moment, Palo Alto Networks is reporting on six trojan families that used this technique, the company previously detecting 704 samples where BackStab was employed.
BackStab has been used in real-life attacks for the last 5 years
BackStab is not a newly discovered technique, Palo Alto reporting on five-year-old samples that have been found in computers spread across 30 countries.
According to Palo Alto researchers, the trojans that employ BackStab can steal backup data from both Mac and Windows infected computers, and can only discover and exfiltrate iOS and BlackBerry backup files. Apparently, there’s no support for Android backups.
Security researchers urge users to use a backup solution that supports encryption, always update to the latest version of their mobile OS, use an antivirus product, and do not click “Trust” on the popup that appears every time they connect their phone to a new computer.
You can learn more details about the BackStab technique in Palo Alto Networks’ BackStab: Mobile Backup Data Under Attack from Malware whitepaper.
Below is a table from the Palo Alto report showing details about the six trojans that employed the BackStab attack in previous years.