Mobile beasts and where to find them — part one

June 15, 2018

In recent years, cybercriminals have been increasingly fixated on our phones. After all, we never part company with our smartphones; they are our primary means for storing personal docs and photos, communicating, and taking pictures. We even use them as tickets and wallets, and much more besides.

They also store oodles of valuable data that can fetch a handsome reward in certain quarters. And mobile devices are excellent for other malicious purposes as well. So there’s no shortage of smartphone malware out there.

Last year we caught 42.7 million pieces of malware on smartphones and tablets. For this series on mobile malware, we divided them into several types according to purpose and behavior. In part one, we look at three fairly common types.

Adware: Ad clickers and intrusive banners

One of the most common types of mobile infection comes in the shape of adware. Its task is to increase the number of clicks on online banners either automatically or manually (by exploiting users). Some just show you unwanted advertising.

In the first case, you don’t even see the ad, but the clicker uses up your smartphone’s resources, including battery charge and data. The infected smartphone dies in just a few hours, and the next bill may hold an unpleasant surprise.

The second type of adware replaces online banners with the ones of its own, and drowns the user in so many ads that, like it or not, they end up following some links. In many cases, the flow of spam is so overwhelming that the device becomes impossible to use — everything is smothered with ad banners.

Some malware also collects information about your online habits without asking. This data then ends up in the hands of advertisers, who use it to fine-tune their advertising campaigns. What’s more, banners can link to malicious sites where your device might pick up something even worse.

SMS and Web subscribers

The second type of malware we discuss today is subscribers, also known as Trojan clickers. Their job is to steal data from your mobile account, where thievery is much simpler because it bypasses card numbers, which tend to be under tighter guard. The funds flow out through WAP or SMS billing, and in some cases through calls to premium numbers at the victim’s expense.

See here for details of what WAP is and how cybercriminals exploit it. To take out a paid subscription in your name, all the WAP clicker needs do is click on the relevant button on the site. SMS malware requires permission to send messages, but many users give it to any app without a second thought. Programs that waste your money on IP telephony have a slightly harder task: They have to register an account with the service.

A striking example of a subscriber is the Trojan Ubsod. This pest is a WAP specialist. To conceal its activity for as long as possible, it deletes all SMS messages containing the text string “ubscri” (a fragment of the word “subscribe” or “subscription”). Moreover, it can switch from Wi-Fi to mobile Internet, which is required for WAP operations.

Fortunately, getting rid of unwanted subscriptions isn’t complicated; all subscriptions are displayed in the user’s personal account on the operator’s website. There, you can delete them and even forbid new ones from being linked to the phone number (though in some cases such a block can be imposed only temporarily). The main thing is to notice money leaking from your account as early as possible to prevent a deluge.

SMS flooders and DDoSers

These two categories combine malware that instead of downloading, sends data — lots of data! And they do it on the sly without requesting permission. Scammers are able to make a pretty penny from ruining other people’s lives at your expense.

As such, SMS flooding is often used by hooligans to tease their victims or disable their devices. A user can willingly install a flooding app on his or her device to swamp their enemies with thousands of SMS messages. But many go further and try to send messages at others’ expense, surreptitiously planting the malicious app on the devices of unsuspecting owners.

DDoSers are able to overwhelm not only smartphones, but also far more powerful devices and even major online resources. Cybercriminals do so by combining infected gadgets into a network, known as a botnet, and bombarding a victim with requests from it. Incidentally, clickers can also act as DDoSers when trying to open the same Web page countless times.

Both flooders and DDoSers try to use your smartphone to harm third parties. But you too will suffer from the load on your device’s battery and processor, not to mention your wallet. Typically, such programs are not widely distributed, but in July 2013, the SMS flooder Didat made it into the Top 20 malicious programs sent by e-mail.

The further you get, the harder the going

To be honest, the types of mobile miscreants we’ve covered today are small fries. At worst, they’ll siphon off a bit of cash from your phone account and frazzle your nerves. In any event, many of them are easy to detect and remove with the help of antivirus software.

In the chapters to come, we’ll discuss some villains higher up in the pecking order. Keep track of updates and remember the rules of mobile security:

  • Don’t install apps from third-party sources, or better still, block them in the operating system settings!
  • Keep your mobile OS and all installed apps updated to the latest versions.
  • Protect all of your Android devices with a mobile antivirus solution
  • Regularly check the list of paid services in your personal account with your mobile operator and disable anything that you didn’t subscribe to yourself. If you see a subscription you don’t recognize, immediately scan the entire device for viruses.
  • Always read the list of permissions requested by an app, and grant only what’s absolutely essential.