{"id":20472,"date":"2018-06-15T12:37:14","date_gmt":"2018-06-15T16:37:14","guid":{"rendered":"https:\/\/www.kaspersky.com.au\/blog\/mobile-malware-part-1\/20472\/"},"modified":"2019-11-15T22:34:12","modified_gmt":"2019-11-15T11:34:12","slug":"mobile-malware-part-1","status":"publish","type":"post","link":"https:\/\/www.kaspersky.com.au\/blog\/mobile-malware-part-1\/20472\/","title":{"rendered":"Mobile beasts and where to find them \u2014 part one"},"content":{"rendered":"

In recent years, cybercriminals have been increasingly fixated on our phones. After all, we never part company with our smartphones; they are our primary means for storing personal docs and photos, communicating, and taking pictures. We even use them as tickets and wallets, and much more besides.<\/p>\n

They also store oodles of valuable data that can fetch a handsome reward in certain quarters. And mobile devices are excellent for other malicious purposes as well. So there\u2019s no shortage of smartphone malware out there.<\/p>\n

Last year we caught<\/a> 42.7 million pieces of malware on smartphones and tablets. For this series on mobile malware, we divided them into several types according to purpose and behavior. In part one, we look at three fairly common types.<\/p>\n

Adware: Ad clickers and intrusive banners<\/h2>\n

One of the most common types of mobile infection comes in the shape of adware. Its task is to increase the number of clicks on online banners either automatically or manually (by exploiting users). Some just show you unwanted advertising.<\/p>\n

In the first case, you don\u2019t even see the ad, but the clicker uses up your smartphone\u2019s resources, including battery charge and data. The infected smartphone dies in just a few hours, and the next bill may hold an unpleasant surprise.<\/p>\n

The second type of adware replaces online banners with the ones of its own, and drowns the user in so many ads that, like it or not, they end up following some links. In many cases, the flow of spam is so overwhelming that the device becomes impossible to use \u2014 everything is smothered with ad banners.<\/p>\n

Some malware also collects information about your online habits without asking. This data then ends up in the hands of advertisers, who use it to fine-tune their advertising campaigns. What\u2019s more, banners can link to malicious sites where your device might pick up something even worse.<\/p>\n

SMS and Web subscribers<\/h3>\n

The second type of malware we discuss today is subscribers<\/em><\/em>, also known as Trojan clickers. Their job is to steal data from your mobile account, where thievery is much simpler because it bypasses card numbers, which tend to be under tighter guard. The funds flow out through WAP or SMS billing, and in some cases through calls to premium numbers at the victim\u2019s expense.<\/p>\n

See here<\/a> for details of what WAP is and how cybercriminals exploit it. To take out a paid subscription in your name, all the WAP clicker needs do is click on the relevant button on the site. SMS malware requires permission to send messages, but many users give it to any app without a second thought. Programs that waste your money on IP telephony<\/a> have a slightly harder task: They have to register an account with the service.<\/p>\n

A striking example of a subscriber is the Trojan<\/a> Ubsod. This pest is a WAP specialist<\/a>. To conceal its activity for as long as possible, it deletes all SMS messages containing the text string \u201cubscri\u201d (a fragment of the word \u201csubscribe\u201d or \u201csubscription\u201d). Moreover, it can switch from Wi-Fi to mobile Internet, which is required for WAP operations.<\/p>\n

Fortunately, getting rid of unwanted subscriptions isn\u2019t complicated; all subscriptions are displayed in the user\u2019s personal account on the operator\u2019s website. There, you can delete them and even forbid new ones from being linked to the phone number (though in some cases such a block can be imposed only temporarily). The main thing is to notice money leaking from your account as early as possible to prevent a deluge.<\/p>\n

SMS flooders and DDoSers<\/h3>\n

These two categories combine malware that instead of downloading, sends data \u2014 lots of data! And they do it on the sly without requesting permission. Scammers are able to make a pretty penny from ruining other people\u2019s lives at your expense.<\/p>\n

As such, SMS flooding is often used by hooligans to tease their victims or disable their devices. A user can willingly install a flooding app on his or her device to swamp their enemies with thousands of SMS messages. But many go further and try to send messages at others\u2019 expense, surreptitiously planting the malicious app on the devices of unsuspecting owners.<\/p>\n

DDoSers<\/a> are able to overwhelm not only smartphones, but also far more powerful devices and even major online resources. Cybercriminals do so by combining infected gadgets into a network, known as a botnet<\/a>, and bombarding a victim with requests from it. Incidentally, clickers can also act as DDoSers when trying to open the same Web page countless times.<\/p>\n

Both flooders and DDoSers try to use your smartphone to harm third parties. But you too will suffer from the load on your device\u2019s battery and processor, not to mention your wallet. Typically, such programs are not widely distributed, but in July 2013, the SMS flooder Didat made it into the Top 20<\/a> malicious programs sent by e-mail.<\/p>\n\n

The further you get, the harder the going<\/h3>\n

To be honest, the types of mobile miscreants we\u2019ve covered today are small fries. At worst, they\u2019ll siphon off a bit of cash from your phone account and frazzle your nerves. In any event, many of them are easy to detect and remove with the help of antivirus software.<\/p>\n

In the chapters to come, we\u2019ll discuss some villains higher up in the pecking order. Keep track of updates and remember the rules of mobile security:<\/p>\n