When the mobile phones “wiser”, they immediately began to create viruses. After all, these devices store a lot of personal information – contacts, messages, passwords, coordinates of the move, photos.
It is said that SMS viruses even provoked a wave of Arab revolutions in 2011. Kaspersky Lab told about the most famous Trojans for mobile devices. These malicious programs literally spiked our phones.
Trojan stealing conversations.
A program called Nickspy (Trojan-Spy.AndroidOS.Nickspy) stands out prominently from a number of similar Chinese handicrafts. The malicious program records all conversations of the host of the infected device in sound files. Then they begin to be transferred to a remote hacker server. One of the modifications of the virus is disguised as an application of the social network Google+. She learned to stealthily receive phone calls from the burglary number recorded in her configuration file. As a result, without the knowledge of a person, his phone accepts calls. And intruders can hear everything that happens near the infected device, conversations of the host become known to strangers. The Trojan is not indifferent to the texts of SMS-messages, reads information about dialed numbers and the GPS-coordinates of the device. All these data are immediately transferred to the attackers on their server. And how they will follow this information – nobody knows.
The thief of archives.
The Trojan called Antammi (Trojan-Spy.AndroidOS.Antammi) was written by Russian programmers. To cover up his malicious activity was a very innocuous application that allows you to download ringtones. Trojan can steal a lot of personal information – contacts, GPS-coordinates, photos and archive of SMS-messages. Then the work log of the program was forwarded to the cyber-fraudsters, the stolen data was sent to them on the server.
Programs that control smartphones.
Recently, programs that seek to control our smart mobile devices are spreading more and more often. Among the mass of viruses for the operating system Android Backdoors by their popularity is inferior only to Trojan spyware. In China, in general, the creation of backdoors on the flow. Most of these programs contain code that allows you to exploit vulnerabilities in the operating system and get superuser privileges (root). If this is not possible, then the task is to obtain maximum rights. As a result, an attacker gets remotely full access to all the contents of the smartphone. In other words, after infection, a hacker can manage a smart phone at his discretion, launching any applications. The most revealing example was the backdoor Backdoor.Linux.Foncy, disguised as an IRC robot. It was revealed in early 2012. The virus was inside the apk dropper (Trojan-Dropper.AndroidOS.Foncy). It also found a place for the exploit (Exploit.Linux.Lotoor.ac) to get root rights on the smartphone and SMS Trojan (Trojan-SMS.AndroidOS.Foncy). The installation of such a package could not secure the mobile device.
Gift from Katie.
Who does not like to receive gifts? In early 2011, many users of mobile devices began to regularly receive SMS-spam that a certain Katya sent them an MMS-gift. As it usually happens, there was also a link, after which you could download a gift. It is quite obvious that this link contained a JAR file, which in its essence was an SMS-Trojan. Experts say that such mailings have links to malicious programs from the Trojan-SMS.J2ME.Smmer family. Its purpose is unauthorized user distribution of SMS-messages to paid numbers. As a result, a person receives a staggering bill for the phone. The functionality of the Trojans is quite primitive, but given the scale of the users involved, this simplicity still results in the infection of a large number of mobile devices.
Pest that takes charge from the phone.
Until recently, the main emphasis of SMS Trojans was made on users from Ukraine, Kazakhstan and Russia. But now the environment of virus writers has considerably replenished with Chinese masters. They also learned how to create SMS-Trojans and distribute them. Only in its pure form such distribution programs have not been received. The Chinese have introduced the functionality of sending SMS-messages to paid numbers in their other malicious creations. Over time, attacks have been exposed to users from North America and Europe. The pioneer can be considered the Trojan program GGTracker, which was aimed at users from the US. The application announced that it will increase the battery life. In fact, the user, unwilling, subscribed to paid service through a series of SMS messages from his infected phone.
A spy sending to paid sites.
Another example of the work of the Trojans is the whole family of similar Foncy programs. The functional here is also quite primitive, but this virus became the first, seriously disturbing users in Canada and Western Europe. Over time, improved versions of the program attacked phones in the US, Morocco and Sierra Leone. The Trojan Foncy has two distinctive features. First of all, she learned to determine to which country the SIM-card of the infected device belongs. Depending on this, the dial prefix and the number where the SMS message is sent are changed. Also, the Trojan knows how to send reports to the attackers about the work they have done. The principle of the program is simple – without the owner’s knowledge, SMS messages are sent to the paid number to pay for certain services. This can be newsletters, access to content, ringtones. Usually, in return, the phone receives an SMS with payment confirmation, but the Trojan hides it from the person. Foncy is able to forward confirmation texts and short numbers from which they act to their true master. Initially, the information was contained in a simple SMS-message directly to the attacker’s number, but now the new modifications have learned to download data directly to the server of hackers.
Programs that work in pairs are especially dangerous. Trojans ZitMo (ZeuS-in-the-Mobile) and SpitMo (SpyEye-in-the-Mobile) work in conjunction with common viruses ZeuS and SpyEye. This is one of the most complex malicious programs discovered recently. In and of themselves, ZitMo or SpitMo would remain ordinary spies who are sending SMS messages. But the work of the Trojans paired with other “classics”, ZeuS or SpyEye, has already allowed attackers to overcome the barrier to the protection of mTAN banking transactions. Viruses send all incoming messages from the mTAN to the abductors’ numbers or to their server. Then, with the help of these codes, villains are confirmed by financial transactions, which are carried out from hacked bank accounts. Versions of SpitMo exist for Symbian and Android, but ZitMo is much more common. In addition to these two operating systems, he chose Windows Mobile and Blackberry OS.
Malicious QR codes.
In the modern information world, QR codes are gaining popularity. After all, in a small picture you can encrypt a whole message, which the phone can easily recognize. It’s no wonder that QR codes are used in advertising, on business cards, badges, etc. They give you the opportunity to get quick access to the right information. Nobody expected that so soon to appear malicious QR-codes. Previously, mobile devices were infected through sites where all software was malicious. Such resources simply infested with SMS-Trojans and links to them. But now attackers began to use QR-codes. They all encrypted the same links to infected resources. This technology was first tested in Russia. Malicious codes hid the SMS-Trojans for Android platforms and J2ME.
No, here we are talking not about a fundamentally new variety of malicious programs.In 2011, experts noted a big surge in hacker activity. At the same time, this time they were not guided by the desire to enrich themselves illegally, but political goals. Even the programmers rebelled against the authorities, corporations, state bodies. The emerging threat of Trojan-SMS.AndroidOS.Arspam was primarily aimed at mobile users in the Arab countries. The usual compass program, distributed on Arabic-language forums and resources, contained a Trojan. He on randomly selected contacts of the phone sent out links to the forum dedicated to Mohammed Boisizi. This man committed an act of self-immolation in Tunisia, which led to massive unrest in the country followed by a revolution. Arspam also tries to determine the country code where the smartphone is located. For example, if this value equals BH (Bahrain), then the program tries to download a PDF file to the device. It contains the report of an independent commission on human rights violations in that country. The spread of such malicious programs has done a lot for the Arab Spring in 2011.